research-article

Public Access

An investigation on information leakage of DNS over TLS

Authors:
Rebekah Houser

University of Delaware

University of Delaware
View Profile

,
Zhou Li

University of California

University of California
View Profile

,
Chase Cotton

University of Delaware

University of Delaware
View Profile

,
Haining Wang

Virginia Tech

Virginia Tech
View Profile

CoNEXT '19: Proceedings of the 15th International Conference on Emerging Networking Experiments And TechnologiesDecember 2019Pages 123–137https://doi.org/10.1145/3359989.3365429

Published:03 December 2019Publication History

CoNEXT '19: Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies

Pages 123–137

ABSTRACT

DNS over TLS (DoT) protects the confidentiality and integrity of DNS communication by encrypting DNS messages transmitted between users and resolvers. In recent years, DoT has been deployed by popular recursive resolvers like Cloudflare and Google. While DoT is supposed to prevent on-path adversaries from learning and tampering with victims' DNS requests and responses, it is unclear how much information can be deduced through traffic analysis on DoT messages. To answer this question, in this work, we develop a DoT fingerprinting method to analyze DoT traffic and determine if a user has visited websites of interest to adversaries. Given that a visit to a website typically introduces a sequence of DNS packets, we can infer the visited websites by modeling the temporal patterns of packet sizes. Our method can identify DoT traffic for websites with a false negative rate of less than 17% and a false positive rate of less than 0.5% when DNS messages are not padded. Moreover, we show that information leakage is still possible even when DoT messages are padded. These findings highlight the challenges of protecting DNS privacy, and indicate the necessity of a thorough analysis of the threats underlying DNS communications for effective defenses.

References

[n.d.]. Inferring the source of encrypted HTTP connections. In Proceedings of the 13th ACM Conference on Computer and Communications Security, publisher = ACM, author = Liberatore, Marc and Levine, Brian N., year = 2006. Alexandria, Virginia, USA.Google Scholar
[n.d.]. Mass XS-Search using Cache Attack. https://terjanq.github.io/Bug-Bounty/Google/cache-attack-06jd2d2mz2r0/index.htmlGoogle Scholar
[n.d.]. Optionally partition cache to prevent using cache for tracking. OptionallypartitioncachetopreventusingcachefortrackingGoogle Scholar
[n.d.]. VIRUSTOTAL. https://www.virustotal.com/gui/home/uploadGoogle Scholar
2017. Alexa Top Sites. https://docs.aws.amazon.com/AlexaTopSites/latest/index.htmlGoogle Scholar
2018. About Stubby. https://github.com/getdnsapi/stubbyGoogle Scholar
2019. DNSSEC Validation Rate by country. https://stats.labs.apnic.net/dnssecGoogle Scholar
2019. Estimating IPv6 & DNSSEC Deployment SnapShots. https://fedv6-deployment.antd.nist.gov/snap-all.htmlGoogle Scholar
2019. Firefox Extended Support Release. https://www.mozilla.org/en-US/firefox/organizations/Google Scholar
2019. Headless mode. https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Headless_modeGoogle Scholar
2019. Master Database URL Categories. https://www.forcepoint.com/product/feature/master-database-url-categoriesGoogle Scholar
2019. TCPDUMP and LIBPCAP. https://www.tcpdump.orgGoogle Scholar
2019. The top 500 sites on the web. https://www.alexa.com/topsites/categoryGoogle Scholar
2019. What's going on with my Alexa Rank? https://support.alexa.com/hc/en-us/articles/200449614-What-s-going-on-with-my-Alexa-Rank-Google Scholar
A. Bianco, G. Mardente, M. Mellia, M. Munafo, and L. Muscariello. 2009. Web User-Session Inference by Means of Clustering Techniques. IEEE/ACM Transactions on Networking 17, 2 (April 2009), 405--416.Google ScholarDigital Library
S Bortzmeyer. 2015. DNS Privacy Considerations. RFC 7626. RFC Editor. 1--17 pages. https://tools.ietf.org/html/rfc7626Google Scholar
Michael Butkiewicz, Harsha V. Madhyastha, and Vyas Sekar. 2011. Understanding Website Complexity: Measurements, Metrics, and Implications. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference (IMC '11). ACM, 313--328.Google ScholarDigital Library
Xiang Cai, Rishab Nithyanand, and Rob Johnson. 2014. CS-BuFLO: A Congestion Sensitive Website Fingerprinting Defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES '14). ACM, 121--130.Google ScholarDigital Library
Xiang Cai, Xin Cheng Zhang, Brijesh Joshi, and Rob Johnson. 2012. Touching from a distance: website fingerprinting attacks and defenses. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12). Raleigh, North Carolina, USA.Google ScholarDigital Library
Sergio Castillo-Perez and Joaquin Garcia-Alfaro. 2008. Anonymous Resolution of DNS Queries. In On the Move to Meaningful Internet Systems: OTM 2008. 987--1000.Google Scholar
Manu Chantra. 2018. DNS over TLS_ Encrypting DNS end-to-end - Facebook Code.pdf.Google Scholar
Claudia Díaz, Stefaan Seys, Joris Claessens, and Bart Preneel. 2003. Towards Measuring Anonymity. In Privacy Enhancing Technologies (PET'03). 54--68.Google Scholar
John Dickinson and Sara Dickinson. 2019. DNS Privacy Implementation Status. https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Implementation+StatusGoogle Scholar
Sara Dickinson. 2019. Windows installer for Stubby. https://dnsprivacy.org/wiki/display/DP/Windows+installer+for+StubbyGoogle Scholar
Chris Duckett. 2019. Google Public DNS gets DNS-over-TLS treatment. https://www.zdnet.com/article/google-public-dns-gets-dns-over-tls-treatment/Google Scholar
Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. 2012. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In 2012 IEEE Symposium on Security and Privacy. IEEE, San Francisco, CA, USA, 332--346.Google ScholarDigital Library
S. Farrel and H. Tschofenig. 2014. Pervasive Monitoring Is an Attack. RFC 7258. RFC Editor. 1--6 pages. https://tools.ietf.org/pdf/rfc7258.pdfGoogle Scholar
Tom Fawcett. 2006. An introduction to ROC analysis. Pattern Recognition Letters 27, 8 (June 2006), 861--874.Google ScholarDigital Library
Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann, and Christopher Piosecny. 2011. Privacy-Preserving DNS: Analysis of Broadcast, Range Queries and Mix-Based Protection Methods. In ESORICS 2011. 665--683.Google Scholar
M. Galar, A. Fernandez, E. Barrenechea, H. Bustince, and F. Herrera. 2012. A Review on Ensembles for the Class Imbalance Problem: Bagging-, Boosting-, and Hybrid-Based Approaches. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) 42, 4 (July 2012), 463--484.Google ScholarDigital Library
Joaquin Garcia-Alfaro, Michel Barbeau, and Evangelos Kranakis. 2009. Evaluation of Anonymized ONS Queries. arXiv:0911.4313 [cs] (Nov. 2009). arXiv: 0911.4313.Google Scholar
Jamie Hayes and George Danezis. 2016. k-fingerprinting: A Robust Scalable Website Fingerprinting Technique. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 1187--1203.Google ScholarDigital Library
Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. 2009. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW '09). Chicago, Illinois, USA.Google ScholarDigital Library
P. Hoffman and P. McManus. 2018. DNS Queries over HTTPS (DoH). Technical Report RFC8484. RFC Editor. RFC8484 pages. https://www.rfc-editor.org/info/rfc8484Google Scholar
Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels, and P. Hoffman. 2016. Specification for DNS over Transport Layer Security (TLS). RFC 7858. RFC Editor. 1--19 pages. https://tools.ietf.org/html/rfc7858Google Scholar
Jaeyeon Jung, E. Sit, H. Balakrishnan, and R. Morris. 2002. DNS performance and the effectiveness of caching. IEEE/ACM Transactions on Networking 10, 5 (Oct 2002), 589--603.Google Scholar
Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, and Rachel Greenstadt. 2014. A Critical Evaluation of Website Fingerprinting Attacks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, 263--274.Google ScholarDigital Library
Marc Juarez, Mohsen Imani, Mike Perry, Claudia Diaz, and Matthew Wright. 2016. Toward an Efficient Website Fingerprinting Defense. In ESORICS 2016. 27--46.Google ScholarCross Ref
Shuai Li, Huajun Guo, and Nicholas Hopper. 2018. Measuring Information Leakage in Website Fingerprinting Attacks and Defenses. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS '18). ACM, 1977--1992.Google ScholarDigital Library
Yanbin Lu and Gene Tsudik. 2009. Towards Plugging Privacy Leaks in Domain Name System. arXiv:0910.2472 [cs] (Oct. 2009). arXiv: 0910.2472.Google Scholar
A. Mayrhofer. 2016. The EDNS(0) Padding Option. Technical Report RFC7830. RFC Editor. RFC7830 pages. https://www.rfc-editor.org/info/rfc7830Google Scholar
A. Mayrhofer. 2018. Padding Policies for Extension Mechanisms for DNS (EDNS(0)). RFC 8467. RFC Editor. 1--9 pages. https://tools.ietf.org/pdf/rfc8467Google Scholar
P Mockapetris. 1987. Domain Names - Concepts and Facilities. Technical Report RFC 1034. RFC Editor. 1-- 55 pages. https://www.rfc-editor.org/rfc/pdfrfc/rfc1034.txt.pdfGoogle Scholar
P.V. Mockapetris. 1987. Domain names - implementation and specification. Technical Report RFC1035. RFC Editor. 1--55 pages. https://www.rfc-editor.org/info/rfc1035Google Scholar
Giovane C.M. Moura, John Heidemann, Ricardo de O. Schmidt, and Wes Hardaker. 2019. Cache Me If You Can: Effects of DNS Time-to-Live (extended). In Proceedings of the ACM Internet Measurement Conference. ACM, Amsterdam, the Netherlands.Google ScholarDigital Library
Baiju Muthukadan. 2018. Selenium with Python. https://selenium-python.readthedocs.io/#Google Scholar
B. Newton, K. Jeffay, and J. Aikat. 2013. The Continued Evolution of Web Traffic. In 2013 IEEE 21st International Symposium on Modelling, Analysis and Simulation of Computer and Telecommunication Systems. 80--89.Google Scholar
Andriy Panchenko, Fabian Lanze, Andreas Zinnen, Martin Henze, Jan Pennekamp, Klaus Wehrle, and Thomas Engel. 2016. Website Fingerprinting at Internet Scale. In Proceedings 2016 Network and Distributed System Security Symposium. Internet Society, San Diego, CA.Google ScholarCross Ref
Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. 2011. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society (WPES '11). Chicago, Illinois, USA.Google ScholarDigital Library
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research 12 (2011), 2825--2830.Google ScholarDigital Library
Mike Perry. 2011. Experimental Defense for Website Traffic Fingerprinting. https://blog.torproject.org/experimental-defense-website-traffic-fingerprintingGoogle Scholar
R. Polikar. 2006. Ensemble based systems in decision making. IEEE Circuits and Systems Magazine 6, 3 (2006), 21--45.Google ScholarCross Ref
Daniel Roethlisberger. 2018. SSLsplit - transparent SSL/TLS interception. https://www.roe.ch/SSLsplitGoogle Scholar
Sharma Shivani and Josh Karlin. 2019. HTTP Cache Threat Model - Partitioning the cache. Technical Report.Google Scholar
Haya Shulman. 2014. Pretty Bad Privacy: Pitfalls of DNS Encryption. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES '14). ACM, 191--200.Google ScholarDigital Library
Haya Shulman. 2015. Pretty Bad Privacy Pitfalls of DNS Encryption. https://www.ietf.org/proceedings/93/slides/slides-93-irtfopen-1.pdfGoogle Scholar
Roland van Rijswijk-Deij, Anna Sperotto, and Aiko Pras. 2014. DNSSEC and Its Potential for DDoS Attacks: A Comprehensive Measurement Study. In Proceedings of the 2014 Conference on Internet Measurement Conference (IMC '14). ACM, 449--460.Google ScholarDigital Library
Luca Vassio, Idilio Drago, Marco Mellia, Zied Ben Houidi, and Mohamed Lamine Lamali. 2018. You, the Web, and Your Device: Longitudinal Characterization of Browsing Habits. ACM Transactions on Web 12, 4, Article 24 (Sept. 2018), 24:1--24:30 pages.Google ScholarDigital Library
Juan Vera, Soumen Chakrabarti, and Alan Frieze. 2006. The Influence of Search Engines on Preferential Attachment. Internet Mathematics 3, 3 (1 1 2006).Google Scholar
Kai Wang, Liyun Chen, and Xingkai Chen. 2019. Website Fingerprinting Attack Method Based on DNS Resolution Sequence. In International Conference on Applications and Techniques in Cyber Security and Intelligence 2018. Vol. 842. 1227--1233.Google Scholar
Tao Wang. 2013. Comparing Website Fingerprinting Attacks and Defenses.Google Scholar
Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective Attacks and Provable Defenses for Website Fingerprinting. In Proceedings of the 23rd USENIX Security Symposium. USENIEX Association, San Diego, CA.Google Scholar
T. Wang and I. Goldberg. 2013. Improved website fingerprinting on TOR. In Proceedings of ACM Conference on Computer and Communications Security (CCS'13). Berlin, Germany.Google Scholar
Fangming Zhao, Yoshiaki Hori, and Kouichi Sakurai. 2007. Analysis of Privacy Disclosure in DNS Query. In 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07). IEEE, Seoul, Korea, 952--957.Google Scholar
Fangming Zhao, Yoshiaki Hori, and Kouichi Sakurai. 2007. Two-Servers PIR Based DNS Query Scheme with Privacy-Preserving. In The 2007 International Conference on Intelligent Pervasive Computing (IPC 2007). IEEE, Korea, 299--302.Google Scholar

Index Terms

An investigation on information leakage of DNS over TLS
1. Security and privacy
  1. Security services
    1. Privacy-preserving protocols

Recommendations

An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?
IMC '19: Proceedings of the Internet Measurement Conference

DNS packets are designed to travel in unencrypted form through the Internet based on its initial standard. Recent discoveries show that real-world adversaries are actively exploiting this design vulnerability to compromise Internet users' security and ...
Read More
RFC 9230: Oblivious DNS over HTTPS
Read More
Pretty Bad Privacy: Pitfalls of DNS Encryption
WPES '14: Proceedings of the 13th Workshop on Privacy in the Electronic Society

As awareness for privacy of Domain Name System (DNS) is increasing, a number of mechanisms for encryption of DNS packets were proposed. We study the prominent defences, focusing on the privacy guarantees, interoperability with the DNS infrastructure, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CoNEXT '19: Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies
December 2019
395 pages
ISBN:9781450369985
DOI:10.1145/3359989
General Chairs:
Aziz Mohaisen
University of Central Florida
,
Zhi-Li Zhang
University of Minnesota
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 December 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
DNS privacy
traffic analysis
website fingerprinting
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate198of789submissions,25%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 40
  Total Citations
  View Citations
- 1,724
  Total Downloads
- Downloads (Last 12 months)460
- Downloads (Last 6 weeks)46
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

An investigation on information leakage of DNS over TLS

CoNEXT '19: Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?

RFC 9230: Oblivious DNS over HTTPS

Pretty Bad Privacy: Pitfalls of DNS Encryption

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

An investigation on information leakage of DNS over TLS

CoNEXT '19: Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?

RFC 9230: Oblivious DNS over HTTPS

Pretty Bad Privacy: Pitfalls of DNS Encryption

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media