The Internet is a global open network of computer systems based on the TCP/IP protocol. It is subdivided into Autonomous Systems (AS) operated by different network operators called Internet Service Providers (ISP). An AS itself is a collection of IP networks. When data is sent from one computer system to another over the Internet, the data is routed through these different networks over a multitude of infrastructure devices such as routers. In general the route from the sender to the receiver is dynamically chosen depending on the configuration of the involved routers. In particular, the route is not chosen by the communication partners.
Web servers, to which we also refer as hosts, provide services to client systems. A typical example is accessing a web page on a web server through a web browser. The server is identified by its domain name given as a URL, such as example.com. The Domain Name System (DNS) [102] is responsible for resolving domain names to IP addresses, the actual network addresses where the server can be reached. To do so, DNS name servers are operated, for example by ISPs. From these name servers, clients can request the IP address for arbitrary domain names.
Basically, anyone can register for a domain name under which he can operate a web server. The entity who legitimately registered a domain is referred to as the domain owner.
This high level overview reveals that communication over the Internet in general is neither authentic nor confidential. Any device on the network path between communication partners can in principle act as a man-in-the-middle and alter and/or intercept the communication.
We first provide more information about DNS and DNSSEC. Afterwards, the Transport Layer Security (TLS) protocol is described, which provides secure com- munication.
2.3.1 DNS and DNSSEC
DNS is a hierarchical directory service for domain names. It divides the domain name space into so called zones according to the hierarchical structure of the do- main name space. The zones are represented by data structures containing resource records. These resource records either point directly to IP addresses of hosts for specified domain names, or if not directly responsible for a domain name, to a sub- ordinate DNS server, which maintains the respective child zone. The child zone in turn contains resource records, thus building a hierarchical structure.
DNS itself does not provide any protection mechanisms against the malicious al- teration of DNS records. Therefore, DNS is susceptible to attacks like DNS spoofing or DNS cache poisoning, which aim at manipulating the IP address assigned to do- main names, finally leading clients to a server which is actually not operated by the domain owner but by an attacker.
To counteract such attacks, the Domain Name System Security Extensions (DNS- SEC) [79] have been specified and are currently in the process of being deployed. With DNSSEC, the zones and the contained records are digitally signed. The owners of the keys used for zone signing are the zone administrators. DNSSEC has a single trust anchor and each zone can only delegate trust to its direct child zones. Basically this is done by signing the hash of the key of the child zone.
2.3.2 Transport Layer Security
The TLS protocol [84] is the de facto standard for secure Internet communication. It is the successor of SSL [88] which is considered insecure because of several vulnerabilities that have been detected in the past. TLS has been updated several times to its current version TLS 1.2. Many higher level communication protocols
such as HTTPS, FTPS or SMTPS build on TLS, which shows its outstanding im- portance for secure Internet communication. Through HTTPS, TLS secures the communication between web browsers and web servers.
TLS enables authentication and the establishment of confidential channels be- tween clients and servers. Even though TLS supports client authentication, in most applications, e.g. in HTTPS, only web server authentication is used. Authenti- cation is achieved using X.509 certificates. Domain owners subscribe at a CA for a certificate. The private key of their key pair is installed on the web server for authentication purposes. Thus, the security relies on the security of the underlying public key infrastructure, which is the Web PKI and will be described in Chapter 3. During the TLS handshake, the server sends its certificate along with the certifi- cation path to the client (the relying entity). The client validates the certification path and if the validation is successful, client and server establish session keys. The key exchange protocol uses the server key pair. The server proves the possession of the private key and thus is authenticated as being the entity specified in the subject field of the certificate. The session keys are then used to encrypt the communica- tion between client and server. This procedure ensures that the client communicates with the intended web server and that no unauthorized third party may access or manipulate the communication.
Browsers show the establishment of a secure channel to a web server by displaying locks and other visual items. If the validation of the server’s certificate fails, warning messages are displayed to the user giving him a choice to abort the connection or to continue the potentially insecure communication.