Oblivious DNS: Practical Privacy for DNS Queries

Schmitt, Paul; Edmundson, Anne; Mankin, Allison; Feamster, Nick

doi:10.2478/popets-2019-0028

Cited by 27 publications

(25 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If DNS requests or destination IP addresses are obfuscated, such as for an external adversary outside a VPN, for a local adversary without Wi-Fi network access, or through DNS over TLS (DoT) [23], DNS over HTTPS (DoH) [22], or Oblivious DNS (ODNS) [35], then device fingerprinting would have to be performed using traffic rate characteristics [2,36]. Our STP algorithm (Section 6) protects against user activity inference from traffic rates independent of the device identification technique employed by the adversary.…”

Section: Device Fingerprinting and Traffic Demultiplexingmentioning

confidence: 99%

“…While requiring a VPN raises threshold for adoption, personal VPN usage is becoming more common due to increased privacy awareness [19] and availability of non-enterprise VPN services, such as home routers with built-in VPN [34] and Google's Project Fi VPN [26]. Alternatively, specific categorical metadata could also be protected by existing protocols, such as obfuscating DNS via DNS over TLS (DoT) [23], DNS over HTTPS (DoH) [22], or Oblivious DNS (ODNS) [35]. DoT, DoH, and ODNS traffic may still need to be shaped separately from non-DNS traffic to prevent web domain inference from packet lengths and other rate characteristics [23].…”

Section: Obfuscating Categorical Metadatamentioning

confidence: 99%

See 1 more Smart Citation

Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping

Apthorpe

Huang

Reisman

et al. 2019

Proceedings on Privacy Enhancing Technologies

Self Cite

161

120

View full text Add to dashboard Cite

The proliferation of smart home Internet of things (IoT) devices presents unprecedented challenges for preserving privacy within the home. In this paper, we demonstrate that a passive network observer (e.g., an Internet service provider) can infer private in-home activities by analyzing Internet traffic from commercially available smart home devices even when the devices use end-to-end transport-layer encryption. We evaluate common approaches for defending against these types of traffic analysis attacks, including firewalls, virtual private networks, and independent link padding, and find that none sufficiently conceal user activities with reasonable data overhead. We develop a new defense, "stochastic traffic padding" (STP), that makes it difficult for a passive network adversary to reliably distinguish genuine user activities from generated traffic patterns designed to look like user interactions. Our analysis provides a theoretical bound on an adversary's ability to accurately detect genuine user activities as a function of the amount of additional cover traffic generated by the defense technique.

show abstract

Section: Device Fingerprinting and Traffic Demultiplexingmentioning

confidence: 99%

Section: Obfuscating Categorical Metadatamentioning

confidence: 99%

Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping

Apthorpe

Huang

Reisman

et al. 2019

Proceedings on Privacy Enhancing Technologies

Self Cite

161

120

View full text Add to dashboard Cite

show abstract

“…Schmitt et al [41] propose a resolution mechanism to anonymize users' DNS queries by decoupling the link between users and their DNS queries. More specifically, the mechanism introduces an entity, called an Oblivious DNS (ODNS) resolver, residing between the user and the traditional recursor.…”

Section: Related Workmentioning

confidence: 99%

K-resolver: Towards Decentralizing Encrypted DNS Resolution

Hoang¹,

Lin²,

Ghavamnia³

et al. 2020

Proceedings 2020 Workshop on Measurements, Attacks, and Defenses for the Web

View full text Add to dashboard Cite

Centralized DNS over HTTPS/TLS (DoH/DoT) resolution, which has started being deployed by major hosting providers and web browsers, has sparked controversy among Internet activists and privacy advocates due to several privacy concerns. This design decision causes the trace of all DNS resolutions to be exposed to a third-party resolver, different than the one specified by the user's access network. In this work we propose K-resolver, a DNS resolution mechanism that disperses DNS queries across multiple DoH resolvers, reducing the amount of information about a user's browsing activity exposed to each individual resolver. As a result, none of the resolvers can learn a user's entire web browsing history. We have implemented a prototype of our approach for Mozilla Firefox, and used it to evaluate the performance of web page load time compared to the default centralized DoH approach. While our K-resolver mechanism has some effect on DNS resolution time and web page load time, we show that this is mainly due to the geographical location of the selected DoH servers. When more well-provisioned anycast servers are available, our approach incurs negligible overhead while improving user privacy.

show abstract

“…However, for DNSCrypt and DNSCurve, the recursive resolver remains aware of what names a client queries for, which has privacy implications as it allows the recursor to learn about the websites that the client visits and when it visits them. Schmitt et al [33] proposed oblivious DNS, which prevents a resolver from associating queries to the clients that sent them, and, thus, prevents a recursor from learning a client's browsing behavior.…”

Section: Related Workmentioning

confidence: 99%

Analyzing the costs (and benefits) of DNS, DoT, and DoH for the modern web

Hounsel

Borgolte

Schmitt

et al. 2019

Proceedings of the Applied Networking Research Workshop

Self Cite

View full text Add to dashboard Cite

Essentially all Internet communication relies on the Domain Name System (DNS), which rst maps a human-readable Internet destination or service to an IP address before two endpoints establish a connection to exchange data. Today, most DNS queries and responses are transmitted in cleartext, making them vulnerable to eavesdroppers and tra c analysis. Past work has demonstrated that DNS queries can reveal everything from browsing activity to user activity in a smart home. To mitigate some of these privacy risks, two new protocols have been proposed: DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT). Rather than sending queries and responses as cleartext, these protocols establish encrypted tunnels between clients and resolvers. This fundamental architectural change has implications for the performance of DNS, as well as for content delivery.In this paper, we measure the e ect of DoH and DoT on name resolution performance and content delivery. We nd that although DoH and DoT response times can be higher than for conventional DNS (Do53), DoT can perform better than both protocols in terms of page load times, and DoH can at best perform indistinguishably from Do53. However, when network conditions degrade, webpages load quickest with Do53, with a median of almost 0.5 seconds faster compared to DoH. Furthermore, in a substantial amount of cases, a webpage may not load at all with DoH, while it loads successfully with DoT and Do53. Our in-depth analysis reveals various opportunities to readily improve DNS performance, for example through opportunistic partial responses and wire format caching.

show abstract

Oblivious DNS: Practical Privacy for DNS Queries

Cited by 27 publications

References 36 publications

Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping

Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping

K-resolver: Towards Decentralizing Encrypted DNS Resolution

Analyzing the costs (and benefits) of DNS, DoT, and DoH for the modern web

Contact Info

Product

Resources

About