Encrypted DNS ⇒Privacy? A Traffic Analysis Perspective.

Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, Carmela Troncoso

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Virtually every connection to an Internet service is preceded by a DNS lookup which is performed without any traffic-level protection, thus enabling manipulation, redirection, surveillance, and censorship. To address these issues, large organizations such as Google and Cloudflare are deploying recently standardized protocols that encrypt DNS traffic between end users and recursive resolvers such as DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). In this paper, we examine whether encrypting DNS traffic can protect users from traffic analysis-based monitoring and censoring. We propose a novel feature set to perform the attacks, as those used to attack HTTPS or Tor traffic are not suitable for DNS’ characteristics. We show that traffic analysis enables the identification of domains with high accuracy in closed and open world settings, using 124 times less data than attacks on HTTPS flows. We find that factors such as location, resolver, platform, or client do mitigate the attacks performance but they are far from completely stopping them. Our results indicate that DNS-based censorship is still possible on encrypted DNS traffic. In fact, we demonstrate that the standardized padding schemes are not effective. Yet, Tor — which does not effectively mitigate traffic analysis attacks on web traffic— is a good defense against DoH traffic analysis.
Original languageEnglish
Title of host publicationProceedings of the 2020 Network Distributed System Security Symposium (NDSS)
Place of PublicationReston, Virginia, USA
PublisherThe Internet Society
Number of pages18
ISBN (Electronic)1-891562-61-4
DOIs
Publication statusPublished - 25 Feb 2020
EventThe Network and Distributed System Security Symposium, 2020 - San Diego, United States
Duration: 23 Feb 202026 Feb 2020
https://www.ndss-symposium.org/ndss2020/

Symposium

SymposiumThe Network and Distributed System Security Symposium, 2020
Abbreviated titleNDSS 2020
Country/TerritoryUnited States
CitySan Diego
Period23/02/2026/02/20
Internet address

Fingerprint

Dive into the research topics of 'Encrypted DNS ⇒Privacy? A Traffic Analysis Perspective.'. Together they form a unique fingerprint.

Cite this