Paul Schmitt,Anne Edmundson,Nick Feamster

DOI: https://doi.org/10.1145/3340301.3341128

2018-12-12

Abstract:Virtually every Internet communication typically involves a Domain Name System (DNS) lookup for the destination server that the client wants to communicate with. Operators of DNS recursive resolvers---the machines that receive a client's query for a domain name and resolve it to a corresponding IP address---can learn significant information about client activity. Past work, for example, indicates that DNS queries reveal information ranging from web browsing activity to the types of devices that a user has in their home. Recognizing the privacy vulnerabilities associated with DNS queries, various third parties have created alternate DNS services that obscure a user's DNS queries from his or her Internet service provider. Yet, these systems merely transfer trust to a different third party. We argue that no single party ought to be able to associate DNS queries with a client IP address that issues those queries. To this end, we present Oblivious DNS (ODNS), which introduces an additional layer of obfuscation between clients and their queries. To do so, ODNS uses its own authoritative namespace; the authoritative servers for the ODNS namespace act as recursive resolvers for the DNS queries that they receive, but they never see the IP addresses for the clients that initiated these queries. We present an initial deployment of ODNS; our experiments show that ODNS introduces minimal performance overhead, both for individual queries and for web page loads. We design ODNS to be compatible with existing DNS protocols and infrastructure, and we are actively working on an open standard with the IETF.

Networking and Internet Architecture

Baojun Liu,Chaoyi Lu,Haixin Duan,Ying Liu,Zhou Li,Shuang Hao,Min Yang

DOI: https://doi.org/10.1145/3340301.3341122

2018-01-01

Abstract:DNS is a critical service for almost all Internet applications. DNS queries from end users are handled by recursive DNS servers for scalability. For convenience, Internet Service Providers (ISPs) assign recursive servers for their clients automatically when the clients choose the default network settings. On the other hand, users should also have the flexibility to use their preferred recursive servers, like public DNS servers. Since almost all DNS queries are sent in plain-text, it's possible for on-path devices to intercept DNS queries sent to public resolvers, by spoofing the IP addresses of user-specified DNS servers and surreptitiously responding using alternative resolvers instead. The trust relationship between users and public DNS are thus broken by the hidden interception of the DNS resolution path (which we term as DNS interception). The hidden DNS interception can pose users to privacy and security threats, and we aim to shed light on this behavior in this study. It's challenging to observe DNS interception because we need vantages points distributed across the globe. We solved this problem by recruiting clients from a proxy network and popular security software with a large number of real-world users. In this paper, we performed a large-scale analysis on on-path DNS interception and investigate its scope and characteristics. In practice, we designed a novel approach to detecting DNS interception and deployed a global measurement platform. Considering different transport protocols and various recursive servers, we have gained multi-faceted insights. In particular, using traffic from 148,478 residential and cellular IP addresses, we find that 259 of the 3,047 ASes (8.5%) that we inspect exhibit DNS interception behavior, including large providers, such as China Mobile. Particularly, 27.9% DNS/UDP queries from China to Google Public DNS are intercepted. Moreover, we find that alternative resolvers used by interceptors may use outdated software (which should be deprecated before 2009) and lack security-related functionality, such as handling DNSSEC requests. Our work highlights the issues around on-path DNS interception and provides new insights into its countermeasures. Our research provides a first large-scale study on DNS end-to-end violation. Our work delivers evidence of DNS interception and serves as strong motivation of deploying encrypted DNS (e.g., DNS-over-TLS and DNS-over-HTTPS). After being published, our findings are reported by several well-known media, such as ACM Technews, The Register, and Hackread. This paper is based on: Baojun Liu, Chaoyi Lu, Haixin Duan, Ying Liu, Zhou Li, Shuang Hao, and Min Yang. 2018. Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path. In Proceedings of USENIX Security 2018. USENIX Security Symposium, Baltimore, USA, 16 pages. This work was supported in part by the National Natural Science Foundation of China (U1836213, U1636204) and the BNRist Network and Software Security Research Program (Grant No. BNR2019TD01004).

Denghui Zhang,Lijing Ren,Zhaoquan Gu

DOI: https://doi.org/10.3390/app12189191

2022-01-01

Applied Sciences

Abstract:The addressing and discovering service is a vital infrastructure of the Internet. New applications and scenarios in next-generation networks rely on the secure and stable operation of domain name services, which puts forward new security challenges for the original domain name mechanism. While previous security enhancements of network services struggled to strike a balance between security, performance, and compatibility, hindering further use of core network services, the TEE (Trusted Computing Environment) technology can provide trusted and confidential services in untrusted network environments by verifiable hardware signatures. In this paper, we present a novel trustworthy service architecture with the preservation of security and privacy for addressing messages. The scheme provides a secure enclave to generate authenticatable responses between clients and targets, thus ensuring the privacy of services. We further build a new TEE compilation model to ensure that the built resolver application can provide trusted and secure services within TEE while keeping the availability without the TEE hardware. Experimental results show that our approach can enhance the privacy and security of addressing services such as DNS (Domain Name System) without sacrificing the quality of service and breaking the infrastructures of existing services.

Yufan Fu,Jiuqi Wei,Ying Li,Botao Peng,Xiaodong Li

2023-12-07

Abstract:Domain Name System (DNS) is a critical component of the Internet infrastructure, responsible for translating domain names into IP addresses. However, DNS is vulnerable to some malicious attacks, including DNS cache poisoning, which redirects users to malicious websites displaying offensive or illegal content. Existing countermeasures often suffer from at least one of the following weakness: weak attack resistance, high overhead, or complex implementation. To address these challenges, this paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records caused by the cache poisoning attacks in the DNS resolution process. TI-DNS leverages a multi-resolver Query Vote mechanism to ensure the credibility of verified records on the blockchain ledger and a stake-based incentive mechanism to promote well-behaved participation. Importantly, TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure. Finally, we develop a prototype and evaluate it against alternative solutions. The result demonstrates that TI-DNS effectively and efficiently solves DNS cache poisoning.

Cryptography and Security

Tianfu Gao,Qingkuan Dong

DOI: https://doi.org/10.3390/s23146366

2023-07-13

Abstract:The Domain Name System (DNS) is a fundamental component of the internet, responsible for resolving domain names into IP addresses. DNS servers are typically categorized into four types: recursive resolvers, root name servers, Top-Level Domain (TLD) name servers, and authoritative name servers. The latter three types of servers store actual records, while recursive resolvers do not store any real data and are only responsible for querying the other three types of servers and responding to clients. Recursive resolvers typically maintain a caching system to speed up response times, but these caching systems have the drawbacks of a low real-time performance, a poor accuracy, and many security and privacy issues. In this paper, we propose a caching system based on a consortium blockchain, namely DNS-BC, which uses the synchronization mechanism of the consortium blockchain to achieve a high real-time performance, uses the immutable mechanism of the consortium blockchain and our designed credibility management system to achieve up to a 100% accuracy, and has been combined with encrypted transmission protocols to solve common security and privacy issues. At the same time, this caching system can greatly reduce the traffic that name servers need to handle, thereby protecting them from Denial-of-Service (DoS) attacks. To further accelerate the data transmission speed, we have designed a new encrypted DNS protocol called DNS over KCP (DoK). The DoK protocol is based on the KCP protocol, which is a fast and reliable transmission protocol, and its latency can reach one-third of that of TCP when the network environment deteriorates. In our experiments, the transmission time of this protocol is about a quarter of that of the widely used encrypted protocols DNS over TLS (DoT) and DNS over HTTPS (DoH).

Jun Kurihara,Takeshi Kubo

DOI: https://doi.org/10.1016/j.comnet.2023.110078

2021-06-07

Abstract:The traditional Domain Name System (DNS) lacks fundamental features of security and privacy in its design. As concerns of privacy increased on the Internet, security and privacy enhancements of DNS have been actively investigated and deployed. Specially for user's privacy in DNS queries, several relay-based anonymization schemes have been recently introduced, however, they are vulnerable to the collusion of a relay with a full-service resolver, i.e., identities of users cannot be hidden to the resolver. This paper introduces a new concept of a multiple-relay-based DNS for user anonymity in DNS queries, called the mutualized oblivious DNS ($\mu$ODNS), by extending the concept of existing relay-based schemes. The $\mu$ODNS introduces a small and reasonable assumption that each user has at least one trusted/dedicated relay in a network and mutually shares the dedicated one with others. The user just sets the dedicated one as his next-hop, first relay, conveying his queries to the resolver, and randomly chooses its $0$ or more subsequent relays shared by other entities. Under this small assumption, the user's identity is concealed to a target resolver in the $\mu$ODNS even if a certain (unknown) subset of relays collude with the resolver. That is, in $\mu$ODNS, users can preserve their privacy and anonymity just by paying a small cost of sharing its resource. Moreover, we present a PoC implementation of $\mu$ODNS that is publicly available on the Internet. We also show that by measurement of round-trip-time for queries, and our PoC implementation of $\mu$ODNS achieves the performance comparable to existing relay-based schemes.

Cryptography and Security,Networking and Internet Architecture

Yoshimichi Nakatsuka,Andrew Paverd,Gene Tsudik

DOI: https://doi.org/10.1145/3359789.3359793

2019-09-26

Abstract:Security and privacy of the Internet Domain Name System (DNS) have been longstanding concerns. Recently, there is a trend to protect DNS traffic using Transport Layer Security (TLS). However, at least two major issues remain: (1) how do clients authenticate DNS-over-TLS endpoints in a scalable and extensible manner; and (2) how can clients trust endpoints to behave as expected? In this paper, we propose a novel Private DNS-over-TLS (PDoT ) architecture. PDoT includes a DNS Recursive Resolver (RecRes) that operates within a Trusted Execution Environment (TEE). Using Remote Attestation, DNS clients can authenticate, and receive strong assurance of trustworthiness of PDoT RecRes. We provide an open-source proof-of-concept implementation of PDoT and use it to experimentally demonstrate that its latency and throughput match that of the popular Unbound DNS-over-TLS resolver.

Cryptography and Security

Chaoyi Lu,Baojun Liu,Zhou Li,Shuang Hao,Haixin Duan,Mingming Zhang,Chunying Leng,Ying Liu,Zaifeng Zhang,Jianping Wu

DOI: https://doi.org/10.1145/3355369.3355580

2019-01-01

Abstract:DNS packets are designed to travel in unencrypted form through the Internet based on its initial standard. Recent discoveries show that real-world adversaries are actively exploiting this design vulnerability to compromise Internet users' security and privacy. To mitigate such threats, several protocols have been proposed to encrypt DNS queries between DNS clients and servers, which we jointly term as DNS-over-Encryption. While some proposals have been standardized and are gaining strong support from the industry, little has been done to understand their status from the view of global users. This paper performs by far the first end-to-end and large-scale analysis on DNS-over-Encryption. By collecting data from Internet scanning, user-end measurement and passive monitoring logs, we have gained several unique insights. In general, the service quality of DNS-over-Encryption is satisfying, in terms of accessibility and latency. For DNS clients, DNS-over-Encryption queries are less likely to be disrupted by in-path interception compared to traditional DNS, and the extra overhead is tolerable. However, we also discover several issues regarding how the services are operated. As an example, we find 25% DNS-over-TLS service providers use invalid SSL certificates. Compared to traditional DNS, DNS-over-Encryption is used by far fewer users but we have witnessed a growing trend. As such, we believe the community should push broader adoption of DNS-over-Encryption and we also suggest the service providers carefully review their implementations.

Fenglu Zhang,Baojun Liu,Eihal Alowaisheq,Jianjun Chen,Chaoyi Lu,Linjian Song,Yong Ma,Ying Liu,Haixin Duan,Min Yang

DOI: https://doi.org/10.1145/3576915.3616647

2023-01-01

Abstract:Authoritative nameservers are delegated to provide the final resource record. Since the security and robustness of DNS are critical to the general operation of the Internet, domain owners are required to deploy multiple candidate nameservers for load balancing. Once the load balancing mechanism is compromised, an adversary can manipulate a large number of legitimate DNS requests to a specified candidate nameserver. As a result, it may bypass the defense mechanisms used to filter malicious traffic that can overload the victim nameserver, or lower the bar for DNS traffic hijacking and cache poisoning attacks. In this study, we report on a class of DNS vulnerabilities and present a novel attack, named Disablance, that targets the domains with different NS records severing to multiple sites of authoritative servers. The attack is made possible by a misconfiguration of nameservers that ignores domains outside their authority, combined with recursive resolvers that use a globally shared status for nameserver selection. By targeting authoritative nameservers configured by a large number of domains, Disablance allows adversaries to stealthily sabotage the DNS load balancing for authoritative nameservers at a low cost. Through simply configuring the DNS records for a domain under their control to point to the targeted nameservers and performing a handful of requests, adversaries can temporarily manipulate a given DNS resolver to overload a specific authoritative server. Therefore, Disablance can redirect benign DNS requests for all hosted domains to the specific nameserver and disrupts the load balancing mechanism. Our extensive study proves the security threat of Disablance is realistic and prevalent. First, we demonstrated that mainstream DNS implementations, including BIND9, PowerDNS, and Microsoft DNS, are vulnerable to Disablance. Second, we developed a measurement framework to measure vulnerable authoritative servers in the wild. 22.24% of top 1M FQDNs and 3.94% of top 1M SLDs were proven can be the victims of Disablance. Our measurement results also show that 37.88% of stable open resolvers and 10 of 14 popular public DNS services can be exploited to conduct Disablance, including Cloudflare and Quad9. Furthermore, the critical security threats of Disablance were observed and acknowledged through in-depth discussion with a world-leading DNS service provider. We have reported discovered vulnerabilities and provided recommendations to the affected vendors. Until now, Tencent Cloud (DNSPod) and Amazon have taken action to fix this issue according to our suggestions.

Fei Song,Yu-Tong Zhou,Yu Wang,Tian-Ming Zhao,Ilsun You,Hong-Ke Zhang

DOI: https://doi.org/10.1016/j.ins.2018.06.002

IF: 8.1

2019-04-01

Information Sciences

Abstract:The Moving Target Defense (MTD) has been widely discussed in many communities to upgrade the network reliability, survivability, dependability, etc. However, utilizing MTD in privacy protection still needs more investigations. In this paper, we propose a smart collaborative distribution scheme to enhance the privacy based on MTD guidelines. A target application scenario is the Domain Name System (DNS) that is experiencing serious and complex privacy issues. The preliminary and potential risks are firstly analyzed based on DNS attack approaches, DNS server locations and the vulnerability of user privacy. Then, the details of our scheme are illustrated through port number assignment patterns, main procedures of dynamic port hopping and the implementation method. To quantitatively evaluate the performance, an analytical model was established from theoretical perspectives. The relationships between multiple parameters and overall system capacity are explored as well. The validation results demonstrate that the smart collaborative distribution is able to improve the privacy without affecting the basic DNS functionality.

computer science, information systems

Sandra Siby,Marc Juarez,Claudia Diaz,Narseo Vallina-Rodriguez,Carmela Troncoso

DOI: https://doi.org/10.48550/arXiv.1906.09682

2019-10-07

Abstract:Virtually every connection to an Internet service is preceded by a DNS lookup which is performed without any traffic-level protection, thus enabling manipulation, redirection, surveillance, and censorship. To address these issues, large organizations such as Google and Cloudflare are deploying recently standardized protocols that encrypt DNS traffic between end users and recursive resolvers such as DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). In this paper, we examine whether encrypting DNS traffic can protect users from traffic analysis-based monitoring and censoring. We propose a novel feature set to perform the attacks, as those used to attack HTTPS or Tor traffic are not suitable for DNS' characteristics. We show that traffic analysis enables the identification of domains with high accuracy in closed and open world settings, using 124 times less data than attacks on HTTPS flows. We find that factors such as location, resolver, platform, or client do mitigate the attacks performance but they are far from completely stopping them. Our results indicate that DNS-based censorship is still possible on encrypted DNS traffic. In fact, we demonstrate that the standardized padding schemes are not effective. Yet, Tor -- which does not effectively mitigate traffic analysis attacks on web traffic -- is a good defense against DoH traffic analysis.

Cryptography and Security

Aziz Mohaisen,Ah Reum Kang,Kui Ren

DOI: https://doi.org/10.1007/978-3-319-56549-1_1

2017-01-01

Abstract:DNS leakage happens when queries for names within a private namespace spread out to the public DNS infrastructure (Internet), which has various privacy implications. An example of this leakage includes the documented [1] leakage of. onion names associated with Tor hidden services to the public DNS infrastructure. To mitigate this leakage, and improve Tor's privacy, Appelbaum and Muffet [2] proposed the special use. onion domain name, and various best practice recommendations of blocking of. onion strings (hidden service addresses) at the stub (browser), recursive, and authoritative resolvers. Without any form of analysis of those recommendations in practice, it is very difficult to tell how much of privacy is provided by following them in various deployment settings. In this paper, we initiate for the study of those recommendations by analyzing them under various settings and conclude that while the unlikely universal deployment will naturally improve privacy by preventing leakage, partial deployment, which is the case for early adoption, will degrade the privacy of individuals not adopting those recommendations.

Minzhao Lyu,Hassan Habibi Gharakheili,Vijay Sivaraman

DOI: https://doi.org/10.1145/3547331

2022-07-08

Abstract:The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role for Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and hence, can be read and/or hijacked by third parties. To protect user privacy, the networking community has proposed standard encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) for DNS communications, enabling clients to perform secure and private domain name lookups. We survey the DNS encryption literature published since 2016, focusing on its current landscape and how it is misused by malware, and highlighting the existing techniques developed to make inferences from encrypted DNS traffic. First, we provide an overview of various standards developed in the space of DNS encryption and their adoption status, performance, benefits, and security issues. Second, we highlight ways that various malware families can exploit DNS encryption to their advantage for botnet communications and/or data exfiltration. Third, we discuss existing inference methods for profiling normal patterns and/or detecting malicious encrypted DNS traffic. Several directions are presented to motivate future research in enhancing the performance and security of DNS encryption.

Cryptography and Security,Networking and Internet Architecture

Xiaobo Ma,Junjie Zhang,Zhenhua Li,Jianfeng Li,Jing Tao,Xiaohong Guan,John C. S. Lui,Don Towsley

DOI: https://doi.org/10.1016/j.jnca.2014.09.016

IF: 7.574

2015-01-01

Journal of Network and Computer Applications

Abstract:As the hidden backbone of today׳s Internet, the Domain Name System (DNS) provides name resolution service for almost every networked application. To exploit the rich DNS query information for traffic engineering or user behavior analysis, both passive capturing and active probing techniques have been proposed in recent years. Despite its full visibility of DNS behaviors, the passive capturing technique suffers from prohibitive management cost and results in tremendous privacy concerns towards its large-scale and collaborative deployment. Comparatively, the active probing technique overcomes these limitations, providing broad-view and privacy-preserving DNS query analysis at the cost of constrained visibility of fine-grained DNS behavior. This paper aims to accurately estimate DNS query characteristics based on DNS cache activities, which can be acquired via active probing on a large scale at negligible management cost and minimized privacy concerns. Specifically, we have made three contributions: (1) we propose a novel solution, which integrates the renewal theory-based DNS caching formulation and the hyper-exponential distribution model. The solution offers great flexibility to model various domains; (2) we perform a large-scale real-world DNS trace measurement, and demonstrate that our solution significantly improves the estimation accuracy; (3) we apply our solution to estimate the malware-infected host population in remote management networks. The experimental results have demonstrated that our solution can achieve high estimation accuracy and outperforms the existing method.

Deliang Chang,Joann Qiongna Chen,Zhou Li,Xing Li

DOI: https://doi.org/10.1109/eurosp53844.2022.00020

2022-01-01

Abstract:Domain name system (DNS) is the address book of the Internet and domain names are queried before almost every network activity. Since the entities like recursive resolvers can monitor users' DNS queries, privacy concerns such as user tracking arise. Though a number of prior works have looked into this issue, they all focus on the closed-world setting, which means that victim users must be known to the adversary. We argue that it does not reflect the adversary's true capabilities. Moreover, there lacks an effective approach to defend against DNS-based user tracking. In this work, we revisit these issues by investigating the attack surface in both open-world and closed-world settings and studying how to protect users. First, we introduce a new tracking mechanism DSCorr which incorporates domain-based word embedding to capture the fine-grained distance between domain names, and automatic threshold generation for fine-tuning the attack outcome. The evaluation result on a real-world DNS dataset shows DSCorr is able to outperform the existing works by a large margin especially in the open-world setting. On the defense side, we develop a system called LDPResolve, which incorporates a recently proposed differential privacy notion ULDP (Utility-optimized Local Differential Privacy) and a new technique named parallel domain resolving, to provide privacy guarantees without damaging the utility of legitimate applications. The evaluation result on the same dataset shows the DNS-based user tracking can be effectively curbed, e.g., tracking accuracy degraded from 93% to 10.1%.

Eman Salem Alashwali,Pawel Szalachowski

DOI: https://doi.org/10.48550/arXiv.1809.05674

2018-09-15

Abstract:Most TLS clients such as modern web browsers enforce coarse-grained TLS security configurations. They support legacy versions of the protocol that have known design weaknesses, and weak ciphersuites that provide fewer security guarantees (e.g. non Forward-Secrecy), mainly to provide backward compatibility. This opens doors to downgrade attacks, as is the case of the POODLE attack [18], which exploits the client's silent fallback to downgrade the protocol version to exploit the legacy version's flaws. To achieve a better balance between security and backward compatibility, we propose a DNS-based mechanism that enables TLS servers to advertise their support for the latest version of the protocol and strong ciphersuites (that provide Forward-Secrecy and Authenticated-Encryption simultaneously). This enables clients to consider prior knowledge about the servers' TLS configurations to enforce a fine-grained TLS configurations policy. That is, the client enforces strict TLS configurations for connections going to the advertising servers, while enforcing default configurations for the rest of the connections. We implement and evaluate the proposed mechanism and show that it is feasible, and incurs minimal overhead. Furthermore, we conduct a TLS scan for the top 10,000 most visited websites globally, and show that most of the websites can benefit from our mechanism.

Cryptography and Security

LEI Kai,SHU Fangxing,HUANG Lei,ZHANG Qichao

DOI: https://doi.org/10.11959/j.issn.2096-109x.2020024

2020-01-01

Abstract:The domain name system (DNS) is an important internet infrastructure. However, current DNS utilizes centralized hierarchical structure with severe dependence on root server, which causes defects such as the risk of single-point failure and the abuse of central rights. Designing new decentralized DNS mainly focuses on transforming the domain name system from a single trust domain which relies on the center to multiple trust domains with the top-level domain name as the root parallel to each other, but also faces cross-domain credible challenges. To design a cross-domain trusted architecture, the concept of separating control and analysis was adopted, and a dual-blockchain DNS architecture was proposed. At data layer, a novel cross-domain verification was designed based on a one-way accumulator verification scheme, with the time complexity of the verification process O(N) reducing to O(1) nearly. The CDBFT algorithm was proposed by combining the DPoS mechanism and the BFT algorithm, whose average throughput reaches 736 TPS. The theoretical derivation and experimental results have demonstrated the advantages of this new DNS architecture on security, performance, and scalability.

Mike Kosek,Luca Schumann,Robin Marx,Trinh Viet Doan,Vaibhav Bajpai

DOI: https://doi.org/10.1145/3517745.3561445

2023-05-03

Abstract:Over the last decade, Web traffic has significantly shifted towards HTTPS due to an increased awareness for privacy. However, DNS traffic is still largely unencrypted, which allows user profiles to be derived from plaintext DNS queries. While DNS over TLS (DoT) and DNS over HTTPS (DoH) address this problem by leveraging transport encryption for DNS, both protocols are constrained by the underlying transport (TCP) and encryption (TLS) protocols, requiring multiple round-trips to establish a secure connection. In contrast, QUIC combines the transport and cryptographic handshake into a single round-trip, which allows the recently standardized DNS over QUIC (DoQ) to provide DNS privacy with minimal latency. In the first study of its kind, we perform distributed DoQ measurements across multiple vantage points to evaluate the impact of DoQ on Web performance. We find that DoQ excels over DoH, leading to significant improvements with up to 10% faster loads for simple webpages. With increasing complexity of webpages, DoQ even catches up to DNS over UDP (DoUDP) as the cost of encryption amortizes: With DoQ being only ~2% slower than DoUDP, encrypted DNS becomes much more appealing for the Web.

Networking and Internet Architecture

Ben Niu,Xiaoyan Zhu,Weihao Li,Hui Li,Yingjuan Wang,Zongqing Lu

DOI: https://doi.org/10.1109/iccnc.2015.7069322

2015-01-01

Abstract:The ubiquity of modern mobile devices with GPS modules and Internet connectivity such as 3G/4G techniques have resulted in rapid development of Location-Based Services (LBSs). However, users enjoy the convenience provided by the untrusted LBS server at the cost of their privacy. To protect user's sensitive information against adversaries with side information, we design a personalized spatial cloaking scheme, termed TTcloak, which provides k-anonymity for user's location privacy, 1-diversity for query privacy and desired size of cloaking region for mobile users in LBSs, simultaneously. TTcloak uses Dummy Query Determining (DQD) algorithm and Dummy Location Determining (DLD) algorithm to find out a set of realistic cells as candidates, and employs a CR-refinement Module (CRM) to guarantee that dummy users are assigned into the cloaking region with desired size. Finally, thorough security analysis and empirical evaluation results verify our proposed TTcloak.

Mingxuan Liu,Yiming Zhang,Xiang Li,Chaoyi Lu,Baojun Liu,Haixin Duan,Xiaofeng Zheng

DOI: https://doi.org/10.14722/ndss.2024.24782

2024-01-01

Abstract:Domain names are often registered and abused for harmful and illegal Internet activities.To mitigate such threats, as an emerging security service, Protective DNS (PDNS) blocks access to harmful content by proactively offering rewritten DNS responses, which resolve malicious domains to controlled hosts.While it has become an effective tool against cybercrime, given their implementation divergence, little has been done from the security community in understanding the deployment, operational status and security policies of PDNS services.In this paper, we present a large-scale measurement study of the deployment and security implications of open PDNS services.We first perform empirical analysis over 28 popular PDNS providers and summarize major formats of DNS rewriting policies.Then, powered by the derived rules, we design a methodology that identifies intentional DNS rewriting enforced by open PDNS servers in the wild.Our findings are multi-faceted.On the plus side, the deployment of PDNS is now starting to scale: we identify 17,601 DNS servers (9.1% of all probed) offering such service.For DNS clients, switching from regular DNS to PDNS induces negligible query latency, despite additional steps (e.g., checking against threat intelligence and rewriting DNS response) being required from the server side.However, we also find flaws and vulnerabilities within PDNS implementation, including evasion of blocking policies and denial of service.Through responsible vulnerability disclosure, we have received 12 audit assessment results of high-risk vulnerabilities.Our study calls for proper guidance and best practices for secure PDNS operation.