The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
La demande croissante de confidentialité DNS a conduit à la création de plusieurs protocoles DNS cryptés, tels que DNS sur HTTPS (DoH), DNS sur TLS (DoT) et DNS sur QUIC (DoQ). Récemment, DoT et DoH ont été déployés par certains fournisseurs comme Google et Cloudflare. Cet article aborde les fuites de confidentialité dans ces trois protocoles DNS cryptés (en particulier DoQ) avec différents résolveurs DNS récursifs (Google, NextDNS et Bind) et proxy DNS (AdGuard). Plus particulièrement, nous étudions le trafic DNS crypté pour déterminer si l'adversaire peut déduire la catégorie de sites Web que les utilisateurs visitent à cette fin. En analysant les traces de paquets de trois protocoles DNS cryptés, nous montrons que les performances de classification des sites Web (c'est-à-dire la fuite de la vie privée des utilisateurs) sont très élevées en termes d'identification de 42 catégories de sites Web à la fois publics (Google et NextDNS) et locaux (Bind). ) résolveurs. En comparant le cas avec cache et sans cache au niveau du résolveur local, nous confirmons que l'effet de mise en cache est négligeable en termes d'identification. Nous montrons également que les caractéristiques discriminantes sont principalement liées au temps inter-arrivée des paquets pour la résolution DNS. En effet, nous confirmons que le score F1 diminue largement en supprimant ces fonctionnalités. Nous étudions plus en détail deux contre-mesures possibles qui pourraient affecter l'analyse du temps entre les arrivées dans le résolveur local : AdBlocker et la prélecture DNS. Cependant, il n’y a pas d’amélioration significative des résultats avec ces contre-mesures. Ces résultats soulignent que la fuite d'informations est toujours possible même dans le trafic DNS crypté, quels que soient les protocoles sous-jacents (c'est-à-dire HTTPS, TLS, QUIC).
Guannan HU
the Graduate University for Advanced Studies (Sokendai)
Kensuke FUKUDA
the Graduate University for Advanced Studies (Sokendai),National Institute of Informatics (NII)
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Guannan HU, Kensuke FUKUDA, "Characterizing Privacy Leakage in Encrypted DNS Traffic" in IEICE TRANSACTIONS on Communications,
vol. E106-B, no. 2, pp. 156-165, February 2023, doi: 10.1587/transcom.2022EBP3014.
Abstract: Increased demand for DNS privacy has driven the creation of several encrypted DNS protocols, such as DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ). Recently, DoT and DoH have been deployed by some vendors like Google and Cloudflare. This paper addresses privacy leakage in these three encrypted DNS protocols (especially DoQ) with different DNS recursive resolvers (Google, NextDNS, and Bind) and DNS proxy (AdGuard). More particularly, we investigate encrypted DNS traffic to determine whether the adversary can infer the category of websites users visit for this purpose. Through analyzing packet traces of three encrypted DNS protocols, we show that the classification performance of the websites (i.e., user's privacy leakage) is very high in terms of identifying 42 categories of the websites both in public (Google and NextDNS) and local (Bind) resolvers. By comparing the case with cache and without cache at the local resolver, we confirm that the caching effect is negligible as regards identification. We also show that discriminative features are mainly related to the inter-arrival time of packets for DNS resolving. Indeed, we confirm that the F1 score decreases largely by removing these features. We further investigate two possible countermeasures that could affect the inter-arrival time analysis in the local resolver: AdBlocker and DNS prefetch. However, there is no significant improvement in results with these countermeasures. These findings highlight that information leakage is still possible even in encrypted DNS traffic regardless of underlying protocols (i.e., HTTPS, TLS, QUIC).
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.2022EBP3014/_p
Copier
@ARTICLE{e106-b_2_156,
author={Guannan HU, Kensuke FUKUDA, },
journal={IEICE TRANSACTIONS on Communications},
title={Characterizing Privacy Leakage in Encrypted DNS Traffic},
year={2023},
volume={E106-B},
number={2},
pages={156-165},
abstract={Increased demand for DNS privacy has driven the creation of several encrypted DNS protocols, such as DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ). Recently, DoT and DoH have been deployed by some vendors like Google and Cloudflare. This paper addresses privacy leakage in these three encrypted DNS protocols (especially DoQ) with different DNS recursive resolvers (Google, NextDNS, and Bind) and DNS proxy (AdGuard). More particularly, we investigate encrypted DNS traffic to determine whether the adversary can infer the category of websites users visit for this purpose. Through analyzing packet traces of three encrypted DNS protocols, we show that the classification performance of the websites (i.e., user's privacy leakage) is very high in terms of identifying 42 categories of the websites both in public (Google and NextDNS) and local (Bind) resolvers. By comparing the case with cache and without cache at the local resolver, we confirm that the caching effect is negligible as regards identification. We also show that discriminative features are mainly related to the inter-arrival time of packets for DNS resolving. Indeed, we confirm that the F1 score decreases largely by removing these features. We further investigate two possible countermeasures that could affect the inter-arrival time analysis in the local resolver: AdBlocker and DNS prefetch. However, there is no significant improvement in results with these countermeasures. These findings highlight that information leakage is still possible even in encrypted DNS traffic regardless of underlying protocols (i.e., HTTPS, TLS, QUIC).},
keywords={},
doi={10.1587/transcom.2022EBP3014},
ISSN={1745-1345},
month={February},}
Copier
TY - JOUR
TI - Characterizing Privacy Leakage in Encrypted DNS Traffic
T2 - IEICE TRANSACTIONS on Communications
SP - 156
EP - 165
AU - Guannan HU
AU - Kensuke FUKUDA
PY - 2023
DO - 10.1587/transcom.2022EBP3014
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E106-B
IS - 2
JA - IEICE TRANSACTIONS on Communications
Y1 - February 2023
AB - Increased demand for DNS privacy has driven the creation of several encrypted DNS protocols, such as DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ). Recently, DoT and DoH have been deployed by some vendors like Google and Cloudflare. This paper addresses privacy leakage in these three encrypted DNS protocols (especially DoQ) with different DNS recursive resolvers (Google, NextDNS, and Bind) and DNS proxy (AdGuard). More particularly, we investigate encrypted DNS traffic to determine whether the adversary can infer the category of websites users visit for this purpose. Through analyzing packet traces of three encrypted DNS protocols, we show that the classification performance of the websites (i.e., user's privacy leakage) is very high in terms of identifying 42 categories of the websites both in public (Google and NextDNS) and local (Bind) resolvers. By comparing the case with cache and without cache at the local resolver, we confirm that the caching effect is negligible as regards identification. We also show that discriminative features are mainly related to the inter-arrival time of packets for DNS resolving. Indeed, we confirm that the F1 score decreases largely by removing these features. We further investigate two possible countermeasures that could affect the inter-arrival time analysis in the local resolver: AdBlocker and DNS prefetch. However, there is no significant improvement in results with these countermeasures. These findings highlight that information leakage is still possible even in encrypted DNS traffic regardless of underlying protocols (i.e., HTTPS, TLS, QUIC).
ER -