Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS
نویسندگان
چکیده
Abstract The Internet’s Domain Name System (DNS) responds to client hostname queries with corresponding IP addresses and records. Traditional DNS is unencrypted leaks user information on-lookers. Recent efforts secure using over TLS (DoT) HTTPS (DoH) have been gaining traction, ostensibly protecting messages from third parties. However, the small number of available public large-scale DoT DoH resolvers has reinforced privacy concerns, specifically that operators could use query contents link activities identities. Oblivious (ODoH) safeguards against these problems. In this paper we implement deploy interoperable instantiations protocol, construct a formal model analysis, evaluate protocols’ performance wide-scale measurements. Results suggest ODoH practical privacy-enhancing replacement for DNS.
منابع مشابه
DNS Privacy
KURZFASSUNG Im Domain Name System (DNS) existieren sowohl auf Seiten der Clients als auch auf Seiten der Betreiber erhebliche Sicherheitslücken im Bezug auf die Vertraulichkeit und Privatheit der jeweils eigenen Daten. Der Informationsfluss von Clients, die einen Domain Name auflösen wollen, findet unverschlüsselt statt und wird meist durch mehrere Server geleitet. Serverbetreiber und Angreifer...
متن کاملT-DNS: Connection-Oriented DNS to Improve Privacy and Security
This paper explores connection-oriented DNS to improve DNS security and privacy. DNS is the canonical example of a connectionless, single packet, request/response protocol, with UDP as its dominant transport. Yet DNS today is challenged by eavesdropping that compromises privacy, sourceaddress spoofing that results in denial-of-service (DoS) attacks on the server and third parties, injection att...
متن کاملPractical Comprehensive Bounds on Surreptitious Communication over DNS
DNS queries represent one of the most common forms of network traffic, and likely the least blocked by sites. As such, DNS provides a highly attractive channel for attackers who wish to communicate surreptitiously across a network perimeter, and indeed a variety of tunneling toolkits exist [7, 10, 13–15]. We develop a novel measurement procedure that fundamentally limits the amount of informati...
متن کاملT-DNS: Connection-Oriented DNS to Improve Privacy and Security (extended)
DNS is the canonical protocol for connectionless UDP. Yet DNS today is challenged by eavesdropping that compromises privacy, source-address spoofing that results in denial-ofservice (DoS) attacks on the server and third parties, injection attacks that exploit fragmentation, and size limitations that constrain policy and operational choices. We propose T-DNS to address these problems. It uses TC...
متن کاملConnection-Oriented DNS to Improve Privacy and Security (extended)
The Domain Name System (DNS) seems ideal for connectionless UDP, yet this choice results in challenges of eavesdropping that compromises privacy, source-address spoofing that simplifies denial-of-service (DoS) attacks on the server and third parties, injection attacks that exploit fragmentation, and reply-size limits that constrain key sizes and policy choices. We propose T-DNS to address these...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings on Privacy Enhancing Technologies
سال: 2021
ISSN: ['2299-0984']
DOI: https://doi.org/10.2478/popets-2021-0085