Article

Anonymous Resolution of DNS Queries

Authors:

Sergio Castillo-Perez and

Joaquin Garcia-AlfaroAuthors Info & Claims

OTM '08: Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems

November 2008

Pages 987 - 1000

https://doi.org/10.1007/978-3-540-88873-4_5

Published: 09 November 2008 Publication History

Abstract

The use of the DNS as the underlying technology of new resolution name services can lead to privacy violations. The exchange of data between servers and clients flows without protection. Such an information can be captured by service providers and eventually sold with malicious purposes (i.e., spamming, phishing, etc.). A motivating example is the use of DNS on VoIP services for the translation of traditional telephone numbers into Internet URLs. We analyze in this paper the use of statistical noise for the construction of proper DNS queries. Our objective aims at reducing the risk that sensible data within DNS queries could be inferred by local and remote DNS servers. We evaluate the implementation of a proof-of-concept of our approach. We study the benefits and limitations of our proposal. A first limitation is the possibility of attacks against the integrity and authenticity of our queries by means of, for instance, man-in-the-middle or replay attacks. However, this limitation can be successfully solved combining our proposal together with the use of the DNSSEC (DNS Security extensions). We evaluate the impact of including this complementary countermeasure.

References

[1]

Ager, B., Dreger, H., Feldmann, A.: Predicting the DNSSEC Overhead Using DNS Traces. In: 40th Annual Conf. on Information Sciences and Systems, pp. 1484-1489 (2006)

[2]

Atkins, D., Austein, R.: Threats Analysis of the Domain Name System (DNS). Request for Comments, RFC 3833, IETF (2004)

[3]

Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private Information Retrieval. Journal of the ACM, 965-981 (1998)

Digital Library

[4]

Young, E.A., Hudson, T.J.: OpenSSL: The Open Source Toolkit for SSL/TLS, http://www.openssl.org/

[5]

ETSI, Methods and Protocols for Security; part 1: Threat analysis. Technical Specification ETSI TS 102 165-1 V4.1.1 (2003)

[6]

Faltstrom, P., Mealling, M.: The E.164 to Uniform Resource Identifiers Dynamic Delegation Discovery System Application. Request for Comments, RFC 3761, IETF (2004)

[7]

Federal Trade Commission. Protecting Consumers from Spam, Spyware, and Fraud. A Legislative Recommendation to Congress (2005)

[8]

Garcia-Alfaro, J., Barbeau, M., Kranakis, E.: Evaluation of Anonymized ONS Queries. In: 1st Workshop on Security of Autonomous and Spontaneous Networks (SETOP 2008), Loctudy, Brittany, France (October 2008)

[9]

Mealling, M., Daniel, R.: The Naming Authority Pointer (NAPTR) DNS Resource Record. Request for Comments, RFC 2915, IETF (2000)

[10]

Mockapetris, P.: Domain Names - Implementation and Specification. Request for Comments, RFC 1035, IETF (1987)

[11]

Nomium Inc. A DNS Toolkit for Python, http://www.dnspython.org/

[12]

Siong, N.P., Toivonen, H.: Mee Too Crypto, http://chandlerproject.org/bin/view/Projects/MeTooCrypto

[13]

Rosenberg, J., et al.: Session Initiation Protocol. Request for Comments, RFC 3261 (2002)

[14]

Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation Onion Router. In: 13th conference on USENIX Security Symposium (2004)

Digital Library

[15]

DNSSEC Deployment Initiative, http://dnssec-deployment.org/

[16]

IETF IPsec, http://www.ietf.org/ids.by.wg/ipsec.html

[17]

Meenakshi, S.P., Raghavan, S.V.: Impact of IPSec Overhead on Web Application Servers. In: Advanced Computing and Communications (ADCOM 2006), pp. 652-657 (2006)

[18]

Ostrovsky, R., Skeith, W.E.: A Survey of Single Database PIR: Techniques and Applications. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 393-411. Springer, Heidelberg (2007)

Digital Library

[19]

Rossebø, J., Cadzow, S., Sijben, P.: eTVRA, a Threat, Vulnerability and Risk Assessment Method and Tool for eEurope. In: 2nd Int'l Conf. on Availability, Reliability and Security, ARES 2007, Vienna, Austria, pp. 925-933 (2007)

Digital Library

[20]

Rossebø, J., Cadzow, S., Sijben, P.: eTVRA, a Threat, Vulnerability and Risk Assessment Tool for eEurope. In: Stølen, K., Winsborough, W.H., Martinelli, F., Massacci, F. (eds.) iTrust 2006. LNCS, vol. 3986, pp. 467-471. Springer, Heidelberg (2006)

Digital Library

[21]

Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous Connections and Onion Routing. IEEE Journal on Selected Areas in Communications 16(4), 482-494 (1998)

Digital Library

[22]

Sion, R., Carbunar, B.: On the Computational Practicality of Private Information Retrieval. In: Network and Distributed Systems Security Symposium (NDSS) (2007)

[23]

Zhao, F., Hori, Y., Sakurai, K.: Analysis of Privacy Disclosure in DNS Query. In: IEEE Int'l Conf. on Multimedia and Ubiquitous Engineering, pp. 952-957 (2007)

Digital Library

[24]

Zhao, F., Hori, Y., Sakurai, K.: Two-Servers PIR Based DNS Query Scheme with Privacy-Preserving. In: IEEE Int'l Conf. on Intelligent Pervasive Computing, pp. 299-302 (2007)

Digital Library

Cited By

Hoang NAkhavan Niaki ABorisov NGill PPolychronakis MSun HShieh SGu GAteniese G(2020)Assessing the Privacy Benefits of Domain Name EncryptionProceedings of the 15th ACM Asia Conference on Computer and Communications Security10.1145/3320269.3384728(290-304)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3320269.3384728
Nakatsuka YPaverd ATsudik GBalenson D(2019)PDoTProceedings of the 35th Annual Computer Security Applications Conference10.1145/3359789.3359793(489-499)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3359789.3359793
Federrath HFuchs KHerrmann DPiosecny C(2011)Privacy-preserving DNSProceedings of the 16th European conference on Research in computer security10.5555/2041225.2041272(665-683)Online publication date: 12-Sep-2011
https://dl.acm.org/doi/10.5555/2041225.2041272

Recommendations

Evaluation of Two Privacy-Preserving Protocols for the DNS
ITNG '09: Proceedings of the 2009 Sixth International Conference on Information Technology: New Generations

The rise of new Internet services, especially those related to the integration of people and physical objects to the net, makes visible the limitations of the DNS protocol. The exchange of data through DNS procedures flows today into hostile networks as ...
Read More
Silence is not Golden: Disrupting the Load Balancing of Authoritative DNS Servers
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Authoritative nameservers are delegated to provide the final resource record. Since the security and robustness of DNS are critical to the general operation of the Internet, domain name owners are required to deploy multiple candidate nameservers for ...
Read More
Measuring the impact of a successful DDoS attack on the customer behaviour of managed DNS service providers

Distributed Denial-of-Service (DDoS) attacks continue to pose a serious threat to the availability of Internet services. The Domain Name System (DNS) is part of the core of the Internet and a crucial factor in the successful delivery of Internet ...
Read More

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

OTM '08: Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems

November 2008

641 pages

ISBN:9783540888727

Editors:
Robert Meersman
STARLab, Vrije Universiteit Brussel (VUB),, Brussels, Belgium 1050
,
Zahir Tari
School of Computer Science and Information Technology, RMIT University, Melbourne,, Australia VIC 3001

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 09 November 2008

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Hoang NAkhavan Niaki ABorisov NGill PPolychronakis MSun HShieh SGu GAteniese G(2020)Assessing the Privacy Benefits of Domain Name EncryptionProceedings of the 15th ACM Asia Conference on Computer and Communications Security10.1145/3320269.3384728(290-304)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3320269.3384728
Nakatsuka YPaverd ATsudik GBalenson D(2019)PDoTProceedings of the 35th Annual Computer Security Applications Conference10.1145/3359789.3359793(489-499)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3359789.3359793
Federrath HFuchs KHerrmann DPiosecny C(2011)Privacy-preserving DNSProceedings of the 16th European conference on Research in computer security10.5555/2041225.2041272(665-683)Online publication date: 12-Sep-2011
https://dl.acm.org/doi/10.5555/2041225.2041272

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents