DNS Privacy
نویسنده
چکیده
KURZFASSUNG Im Domain Name System (DNS) existieren sowohl auf Seiten der Clients als auch auf Seiten der Betreiber erhebliche Sicherheitslücken im Bezug auf die Vertraulichkeit und Privatheit der jeweils eigenen Daten. Der Informationsfluss von Clients, die einen Domain Name auflösen wollen, findet unverschlüsselt statt und wird meist durch mehrere Server geleitet. Serverbetreiber und Angreifer, die die Nachrichten zwischen Client und primären DNS-Server mitschneiden können, haben so Zugriff auf Informationen zu den verwendeten Domain Names, sowie deren Häufigkeit. Auf Seiten der DNS Serverbetreiber öffnet die Verwendung der standardisierten DNS Sicherheitserweiterung DNSSec Angreifern die Möglichkeit die komplette Zone des Betreibers auszulesen. Mit Verschlüsselung der DNS Nachrichten können nur die auf dem Übertragungsweg auftretenden Probleme behoben werden. Weitere Lösungsansätze, die einen Umbau des Domain Name Systems erfordern, greifen auch diese Probleme auf, sind jedoch aufgrund ihrer schlechten Skalierbarkeit nicht realistisch einsetzbar.
منابع مشابه
Towards Plugging Privacy Leaks in Domain Name System
Privacy leaks are an unfortunate and an integral part of the current Internet domain name resolution. Each DNS query generated by a user reveals – to one or more DNS servers – the origin and target of that query. Over time, a user’s browsing behavior might be exposed to entities with little or no trust. Current DNS privacy leaks stem from fundamental features of DNS and are not easily fixable b...
متن کاملThe Impact of Passive DNS Collection on End-user Privacy
There are two distinct problems in determining the impact of passive DNS (pDNS) on end-user privacy. One is whether or not pDNS would allow the observer to reconstruct an individual end-user’s DNS behavior. The other is if DNS behavior constitutes personally identifiable information (PII) or is otherwise legally protected. This paper develops a framework to discuss both aspects of the privacy i...
متن کاملExtended Abstract: Understanding the Privacy Implications of ECS
The edns-client-subnet (ECS) is a new extension for the Domain Name System (DNS) that delivers a “faster Internet” with the help of client-specific DNS answers. Under ECS, recursive DNS servers (recursives) provide client network address information to upstream authorities, permitting topologically localized answers for content delivery networks (CDNs). This optimization, however, comes with a ...
متن کاملDomain Name System Security and Privacy: Old Problems and New Challenges
The domain name system (DNS) is an important protocol in today’s Internet operation, and is the standard naming convention between domain names, names that are easy to read, understand, and remember by humans, to IP address of Internet resources. The wealth of research activities on DNS in general and security and privacy in particular suggest that all problems in this domain are solved. Realit...
متن کاملBoost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination
SRV records, DNSSEC, and DANE among others fortify the Domain Name System as the central information hub behind the Internet. Largely hidden from the end user, an increasing number of protocol and trust decisions are contingent on DNS. Neglect or attacks on DNS have much more impact today than ever, now endangering security far beyond denial of service. Opportunistic Persistent DNS (opDNS) addr...
متن کاملDoes Query Blocking Improve DNS Privacy? - Quantifying Privacy Under Partial Blocking Deployment
DNS leakage happens when queries for names within a private namespace spread out to the public DNS infrastructure (Internet), which has various privacy implications. An example of this leakage includes the documented [1] leakage of .onion names associated with Tor hidden services to the public DNS infrastructure. To mitigate this leakage, and improve Tor’s privacy, Appelbaum and Muffet [2] prop...
متن کامل