An investigation on information leakage of DNS over TLS

Houser, Rebekah; Li, Zhou; Cotton, Chase; Wang, Haining

doi:10.1145/3359989.3365429

Cited by 51 publications

(43 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Significantly, encryption requires additional computing resources and slows down the processing of DNS queries [20]. Work [21] analyzes the vulnerabilities of the DoT protocol. Article [22] explores the performance of the DoH protocol and the impact of DNS traffic encryption protocols on Internet space participants.…”

Section: Literature Review and Problem Statementmentioning

confidence: 99%

Development of an algorithm to protect user communication devices against data leaks

Zadereyko

Prokop

Trofymenko

et al. 2021

EEJET

View full text Add to dashboard Cite

In order to identify ways used to collect data from user communication devices, an analysis of the interaction between DNS customers and the Internet name domain space has been carried out. It has been established that the communication device's DNS traffic is logged by the DNS servers of the provider, which poses a threat to the privacy of users. A comprehensive algorithm of protection against the collection of user data, consisting of two modules, has been developed and tested. The first module makes it possible to redirect the communication device's DNS traffic through DNS proxy servers with a predefined anonymity class based on the proposed multitest. To ensure a smooth and sustainable connection, the module automatically connects to a DNS proxy server that has minimal response time from those available in the compiled list. The second module blocks the acquisition of data collected by the developers of the software installed on the user's communication device, as well as by specialized Internet services owned by IT companies. The proposed algorithm makes it possible for users to choose their preferred level of privacy when communicating with the Internet space, thereby providing them with a choice of privacy level and, as a result, limiting the possibility of information manipulation over their owners. The DNS traffic of various fixed and mobile communication devices has been audited. The analysis of DNS traffic has enabled to identify and structure the DNS requests responsible for collecting data from users by the Internet services owned by IT companies. The identified DNS queries have been blocked; it has been experimentally confirmed that the performance of the basic and application software on communication devices was not compromised.

show abstract

Section: Literature Review and Problem Statementmentioning

confidence: 99%

Development of an algorithm to protect user communication devices against data leaks

Zadereyko

Prokop

Trofymenko

et al. 2021

EEJET

View full text Add to dashboard Cite

show abstract

“…However, the ability of continuously conducting our WF attack on more than 220K domains highlights the scalability of our method. In fact, we cover an order of magnitude more domains compared to previous WF attacks against DoT/DoH traffic [19,50,96], in which the largest openworld setting comprised fewer than 10K domains [19].…”

Section: Selection Of Test Domainsmentioning

confidence: 99%

“…Using the sequence of bytes as a key feature to build a model for classifying encrypted DoH traffic, Siby et al [96] could obtain a precision of 94% on a dataset of 5K domains. In another related work, Houser et al [50] analyze DoT traffic using a classifier based on numerous statistical features extracted from the time of DNS packets, obtaining an accuracy of 83% for a dataset of 98 websites. Compared to the scale of our measurement, these prior studies employ several machine learning techniques on much smaller datasets, with the largest open-world dataset comprising only 10K domain names [19].…”

Section: Related Workmentioning

confidence: 99%

Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting

Hoang

Niaki

Gill

et al. 2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by—the still exposed—IP address information. However, content delivery networks, DNS-based load balancing, co-hosting of different websites on the same server, and IP address churn, all contribute towards making domain–IP mappings unstable, and prevent straightforward IP-based browsing tracking. In this paper, we show that this instability is not a roadblock (assuming a universal DoT/DoH and ECH deployment), by introducing an IP-based website finger-printing technique that allows a network-level observer to identify at scale the website a user visits. Our technique exploits the complex structure of most websites, which load resources from several domains besides their primary one. Using the generated fingerprints of more than 200K websites studied, we could successfully identify 84% of them when observing solely destination IP addresses. The accuracy rate increases to 92% for popular websites, and 95% for popular and sensitive web-sites. We also evaluated the robustness of the generated fingerprints over time, and demonstrate that they are still effective at successfully identifying about 70% of the tested websites after two months. We conclude by discussing strategies for website owners and hosting providers towards hindering IP-based website fingerprinting and maximizing the privacy benefits offered by DoT/DoH and ECH.

show abstract

“…In 2019, Lu et al [27] discovered 1.5K open DoT resolvers over the Internet, and 25% of the used certificates by these resolvers were invalid. Others studied security and overhead of DoT [41], and DoT's resistance to traffic analysis attacks [35], [24].…”

Section: Introductionmentioning

confidence: 99%

Comparative Analysis of DoT and HTTPS Certificate Ecosystems

Jahromi¹,

Abdou²

2021

Proceedings 2021 Workshop on Measurements, Attacks, and Defenses for the Web

View full text Add to dashboard Cite

Systemd-resolved", among others, have implemented DoT stub-resolvers [16]. As a result, DoT queries have increased over the Internet since 2018 [27]. Similar to securing web (HTTPS) and email (S/MIME), DoT in the Internet relies on the Internet's Public Key Infrastructure (PKI) and associated Certification Authorities (CAs) for signing and delivering resolvers' standard X.509 certificates.On security, we investigate whether DoT would be susceptible to classic (or historic) PKI shortcomings, such as invalid/self-signed certificates, weak cryptographic parameters, or fraudulent certificates issued by compromised CAs. Over time, browsers enhanced HTTPS security by stringent certificate validation and indispensable demand of security features, like the placement of certificates in Certificate Transparency (CT) logs [38], [6]; CAs have accordingly been steppingup their issuance standards. It is unclear how many of the browser-implemented reinforcements for HTTPS are adopted in DoT, and how the relatively lax security in DoT affects issued certificates. For example, successful authentication [4] and encryption are unnecessary in DoT depending on the client's configured usage profile (see opportunistic mode in RFC 7858 [42]).We present results upon comparing a random sample of DoT and HTTPS certificates collected from Rapid7 [32]. Particularly, this paper contributes results upon comparing DoT and HTTPS certificates for the following aspects: Distribution and characteristics of certificate issuers (Sec. IV). Certificate parameters, including validity windows and cipher-suites (Sec. V). Proportion and distribution of certificates in CT-logs (Sec. VI).Our results highlight non-major differences between both ecosystems, including differences in: the dominant CA, certificate validity, and cryptographic properties. The proportion of invalid certificates appears almost similar in both ecosystems, likewise the expiry windows and cryptographic functions. We also found almost equivalent rates of CT-log inclusion in both ecosystems. These results suggest that so far, the deployment and usage of DoT certificates in practice appears promising, and not significantly affected by the lack of strict security checks in sub-resolvers.

show abstract

An investigation on information leakage of DNS over TLS

Cited by 51 publications

References 35 publications

Development of an algorithm to protect user communication devices against data leaks

Development of an algorithm to protect user communication devices against data leaks

Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting

Comparative Analysis of DoT and HTTPS Certificate Ecosystems

Contact Info

Product

Resources

About