ABSTRACT
DNS over TLS (DoT) protects the confidentiality and integrity of DNS communication by encrypting DNS messages transmitted between users and resolvers. In recent years, DoT has been deployed by popular recursive resolvers like Cloudflare and Google. While DoT is supposed to prevent on-path adversaries from learning and tampering with victims' DNS requests and responses, it is unclear how much information can be deduced through traffic analysis on DoT messages. To answer this question, in this work, we develop a DoT fingerprinting method to analyze DoT traffic and determine if a user has visited websites of interest to adversaries. Given that a visit to a website typically introduces a sequence of DNS packets, we can infer the visited websites by modeling the temporal patterns of packet sizes. Our method can identify DoT traffic for websites with a false negative rate of less than 17% and a false positive rate of less than 0.5% when DNS messages are not padded. Moreover, we show that information leakage is still possible even when DoT messages are padded. These findings highlight the challenges of protecting DNS privacy, and indicate the necessity of a thorough analysis of the threats underlying DNS communications for effective defenses.
- [n.d.]. Inferring the source of encrypted HTTP connections. In Proceedings of the 13th ACM Conference on Computer and Communications Security, publisher = ACM, author = Liberatore, Marc and Levine, Brian N., year = 2006. Alexandria, Virginia, USA.Google Scholar
- [n.d.]. Mass XS-Search using Cache Attack. https://terjanq.github.io/Bug-Bounty/Google/cache-attack-06jd2d2mz2r0/index.htmlGoogle Scholar
- [n.d.]. Optionally partition cache to prevent using cache for tracking. OptionallypartitioncachetopreventusingcachefortrackingGoogle Scholar
- [n.d.]. VIRUSTOTAL. https://www.virustotal.com/gui/home/uploadGoogle Scholar
- 2017. Alexa Top Sites. https://docs.aws.amazon.com/AlexaTopSites/latest/index.htmlGoogle Scholar
- 2018. About Stubby. https://github.com/getdnsapi/stubbyGoogle Scholar
- 2019. DNSSEC Validation Rate by country. https://stats.labs.apnic.net/dnssecGoogle Scholar
- 2019. Estimating IPv6 & DNSSEC Deployment SnapShots. https://fedv6-deployment.antd.nist.gov/snap-all.htmlGoogle Scholar
- 2019. Firefox Extended Support Release. https://www.mozilla.org/en-US/firefox/organizations/Google Scholar
- 2019. Headless mode. https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Headless_modeGoogle Scholar
- 2019. Master Database URL Categories. https://www.forcepoint.com/product/feature/master-database-url-categoriesGoogle Scholar
- 2019. TCPDUMP and LIBPCAP. https://www.tcpdump.orgGoogle Scholar
- 2019. The top 500 sites on the web. https://www.alexa.com/topsites/categoryGoogle Scholar
- 2019. What's going on with my Alexa Rank? https://support.alexa.com/hc/en-us/articles/200449614-What-s-going-on-with-my-Alexa-Rank-Google Scholar
- A. Bianco, G. Mardente, M. Mellia, M. Munafo, and L. Muscariello. 2009. Web User-Session Inference by Means of Clustering Techniques. IEEE/ACM Transactions on Networking 17, 2 (April 2009), 405--416.Google ScholarDigital Library
- S Bortzmeyer. 2015. DNS Privacy Considerations. RFC 7626. RFC Editor. 1--17 pages. https://tools.ietf.org/html/rfc7626Google Scholar
- Michael Butkiewicz, Harsha V. Madhyastha, and Vyas Sekar. 2011. Understanding Website Complexity: Measurements, Metrics, and Implications. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference (IMC '11). ACM, 313--328.Google ScholarDigital Library
- Xiang Cai, Rishab Nithyanand, and Rob Johnson. 2014. CS-BuFLO: A Congestion Sensitive Website Fingerprinting Defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES '14). ACM, 121--130.Google ScholarDigital Library
- Xiang Cai, Xin Cheng Zhang, Brijesh Joshi, and Rob Johnson. 2012. Touching from a distance: website fingerprinting attacks and defenses. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12). Raleigh, North Carolina, USA.Google ScholarDigital Library
- Sergio Castillo-Perez and Joaquin Garcia-Alfaro. 2008. Anonymous Resolution of DNS Queries. In On the Move to Meaningful Internet Systems: OTM 2008. 987--1000.Google Scholar
- Manu Chantra. 2018. DNS over TLS_ Encrypting DNS end-to-end - Facebook Code.pdf.Google Scholar
- Claudia Díaz, Stefaan Seys, Joris Claessens, and Bart Preneel. 2003. Towards Measuring Anonymity. In Privacy Enhancing Technologies (PET'03). 54--68.Google Scholar
- John Dickinson and Sara Dickinson. 2019. DNS Privacy Implementation Status. https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Implementation+StatusGoogle Scholar
- Sara Dickinson. 2019. Windows installer for Stubby. https://dnsprivacy.org/wiki/display/DP/Windows+installer+for+StubbyGoogle Scholar
- Chris Duckett. 2019. Google Public DNS gets DNS-over-TLS treatment. https://www.zdnet.com/article/google-public-dns-gets-dns-over-tls-treatment/Google Scholar
- Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. 2012. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. In 2012 IEEE Symposium on Security and Privacy. IEEE, San Francisco, CA, USA, 332--346.Google ScholarDigital Library
- S. Farrel and H. Tschofenig. 2014. Pervasive Monitoring Is an Attack. RFC 7258. RFC Editor. 1--6 pages. https://tools.ietf.org/pdf/rfc7258.pdfGoogle Scholar
- Tom Fawcett. 2006. An introduction to ROC analysis. Pattern Recognition Letters 27, 8 (June 2006), 861--874.Google ScholarDigital Library
- Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann, and Christopher Piosecny. 2011. Privacy-Preserving DNS: Analysis of Broadcast, Range Queries and Mix-Based Protection Methods. In ESORICS 2011. 665--683.Google Scholar
- M. Galar, A. Fernandez, E. Barrenechea, H. Bustince, and F. Herrera. 2012. A Review on Ensembles for the Class Imbalance Problem: Bagging-, Boosting-, and Hybrid-Based Approaches. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) 42, 4 (July 2012), 463--484.Google ScholarDigital Library
- Joaquin Garcia-Alfaro, Michel Barbeau, and Evangelos Kranakis. 2009. Evaluation of Anonymized ONS Queries. arXiv:0911.4313 [cs] (Nov. 2009). arXiv: 0911.4313.Google Scholar
- Jamie Hayes and George Danezis. 2016. k-fingerprinting: A Robust Scalable Website Fingerprinting Technique. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 1187--1203.Google ScholarDigital Library
- Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. 2009. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW '09). Chicago, Illinois, USA.Google ScholarDigital Library
- P. Hoffman and P. McManus. 2018. DNS Queries over HTTPS (DoH). Technical Report RFC8484. RFC Editor. RFC8484 pages. https://www.rfc-editor.org/info/rfc8484Google Scholar
- Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels, and P. Hoffman. 2016. Specification for DNS over Transport Layer Security (TLS). RFC 7858. RFC Editor. 1--19 pages. https://tools.ietf.org/html/rfc7858Google Scholar
- Jaeyeon Jung, E. Sit, H. Balakrishnan, and R. Morris. 2002. DNS performance and the effectiveness of caching. IEEE/ACM Transactions on Networking 10, 5 (Oct 2002), 589--603.Google Scholar
- Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, and Rachel Greenstadt. 2014. A Critical Evaluation of Website Fingerprinting Attacks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, 263--274.Google ScholarDigital Library
- Marc Juarez, Mohsen Imani, Mike Perry, Claudia Diaz, and Matthew Wright. 2016. Toward an Efficient Website Fingerprinting Defense. In ESORICS 2016. 27--46.Google ScholarCross Ref
- Shuai Li, Huajun Guo, and Nicholas Hopper. 2018. Measuring Information Leakage in Website Fingerprinting Attacks and Defenses. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS '18). ACM, 1977--1992.Google ScholarDigital Library
- Yanbin Lu and Gene Tsudik. 2009. Towards Plugging Privacy Leaks in Domain Name System. arXiv:0910.2472 [cs] (Oct. 2009). arXiv: 0910.2472.Google Scholar
- A. Mayrhofer. 2016. The EDNS(0) Padding Option. Technical Report RFC7830. RFC Editor. RFC7830 pages. https://www.rfc-editor.org/info/rfc7830Google Scholar
- A. Mayrhofer. 2018. Padding Policies for Extension Mechanisms for DNS (EDNS(0)). RFC 8467. RFC Editor. 1--9 pages. https://tools.ietf.org/pdf/rfc8467Google Scholar
- P Mockapetris. 1987. Domain Names - Concepts and Facilities. Technical Report RFC 1034. RFC Editor. 1-- 55 pages. https://www.rfc-editor.org/rfc/pdfrfc/rfc1034.txt.pdfGoogle Scholar
- P.V. Mockapetris. 1987. Domain names - implementation and specification. Technical Report RFC1035. RFC Editor. 1--55 pages. https://www.rfc-editor.org/info/rfc1035Google Scholar
- Giovane C.M. Moura, John Heidemann, Ricardo de O. Schmidt, and Wes Hardaker. 2019. Cache Me If You Can: Effects of DNS Time-to-Live (extended). In Proceedings of the ACM Internet Measurement Conference. ACM, Amsterdam, the Netherlands.Google ScholarDigital Library
- Baiju Muthukadan. 2018. Selenium with Python. https://selenium-python.readthedocs.io/#Google Scholar
- B. Newton, K. Jeffay, and J. Aikat. 2013. The Continued Evolution of Web Traffic. In 2013 IEEE 21st International Symposium on Modelling, Analysis and Simulation of Computer and Telecommunication Systems. 80--89.Google Scholar
- Andriy Panchenko, Fabian Lanze, Andreas Zinnen, Martin Henze, Jan Pennekamp, Klaus Wehrle, and Thomas Engel. 2016. Website Fingerprinting at Internet Scale. In Proceedings 2016 Network and Distributed System Security Symposium. Internet Society, San Diego, CA.Google ScholarCross Ref
- Andriy Panchenko, Lukas Niessen, Andreas Zinnen, and Thomas Engel. 2011. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society (WPES '11). Chicago, Illinois, USA.Google ScholarDigital Library
- F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. 2011. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research 12 (2011), 2825--2830.Google ScholarDigital Library
- Mike Perry. 2011. Experimental Defense for Website Traffic Fingerprinting. https://blog.torproject.org/experimental-defense-website-traffic-fingerprintingGoogle Scholar
- R. Polikar. 2006. Ensemble based systems in decision making. IEEE Circuits and Systems Magazine 6, 3 (2006), 21--45.Google ScholarCross Ref
- Daniel Roethlisberger. 2018. SSLsplit - transparent SSL/TLS interception. https://www.roe.ch/SSLsplitGoogle Scholar
- Sharma Shivani and Josh Karlin. 2019. HTTP Cache Threat Model - Partitioning the cache. Technical Report.Google Scholar
- Haya Shulman. 2014. Pretty Bad Privacy: Pitfalls of DNS Encryption. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES '14). ACM, 191--200.Google ScholarDigital Library
- Haya Shulman. 2015. Pretty Bad Privacy Pitfalls of DNS Encryption. https://www.ietf.org/proceedings/93/slides/slides-93-irtfopen-1.pdfGoogle Scholar
- Roland van Rijswijk-Deij, Anna Sperotto, and Aiko Pras. 2014. DNSSEC and Its Potential for DDoS Attacks: A Comprehensive Measurement Study. In Proceedings of the 2014 Conference on Internet Measurement Conference (IMC '14). ACM, 449--460.Google ScholarDigital Library
- Luca Vassio, Idilio Drago, Marco Mellia, Zied Ben Houidi, and Mohamed Lamine Lamali. 2018. You, the Web, and Your Device: Longitudinal Characterization of Browsing Habits. ACM Transactions on Web 12, 4, Article 24 (Sept. 2018), 24:1--24:30 pages.Google ScholarDigital Library
- Juan Vera, Soumen Chakrabarti, and Alan Frieze. 2006. The Influence of Search Engines on Preferential Attachment. Internet Mathematics 3, 3 (1 1 2006).Google Scholar
- Kai Wang, Liyun Chen, and Xingkai Chen. 2019. Website Fingerprinting Attack Method Based on DNS Resolution Sequence. In International Conference on Applications and Techniques in Cyber Security and Intelligence 2018. Vol. 842. 1227--1233.Google Scholar
- Tao Wang. 2013. Comparing Website Fingerprinting Attacks and Defenses.Google Scholar
- Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective Attacks and Provable Defenses for Website Fingerprinting. In Proceedings of the 23rd USENIX Security Symposium. USENIEX Association, San Diego, CA.Google Scholar
- T. Wang and I. Goldberg. 2013. Improved website fingerprinting on TOR. In Proceedings of ACM Conference on Computer and Communications Security (CCS'13). Berlin, Germany.Google Scholar
- Fangming Zhao, Yoshiaki Hori, and Kouichi Sakurai. 2007. Analysis of Privacy Disclosure in DNS Query. In 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07). IEEE, Seoul, Korea, 952--957.Google Scholar
- Fangming Zhao, Yoshiaki Hori, and Kouichi Sakurai. 2007. Two-Servers PIR Based DNS Query Scheme with Privacy-Preserving. In The 2007 International Conference on Intelligent Pervasive Computing (IPC 2007). IEEE, Korea, 299--302.Google Scholar
Index Terms
- An investigation on information leakage of DNS over TLS
Recommendations
An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?
IMC '19: Proceedings of the Internet Measurement ConferenceDNS packets are designed to travel in unencrypted form through the Internet based on its initial standard. Recent discoveries show that real-world adversaries are actively exploiting this design vulnerability to compromise Internet users' security and ...
Pretty Bad Privacy: Pitfalls of DNS Encryption
WPES '14: Proceedings of the 13th Workshop on Privacy in the Electronic SocietyAs awareness for privacy of Domain Name System (DNS) is increasing, a number of mechanisms for encryption of DNS packets were proposed. We study the prominent defences, focusing on the privacy guarantees, interoperability with the DNS infrastructure, ...
Comments