Privacy Illusion: Beware of Unpadded DoH

Hynek, Karel; Čejka, Tomáš

doi:10.1109/iemcon51383.2020.9284864

Cited by 7 publications

(6 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to RFC 8484, each packet contains only one DNS query or response. Thus, network observers can reliably count the number of queries/responses transferred in the encrypted channel [7]. Apart from that, no other information can be directly obtained from the network packets due to the TLS encryption.…”

Section: B Doh From the Network Monitoring Point Of Viewmentioning

confidence: 99%

“…At the time of writing, DoH is supported (and sometimes enabled by default 7 ) by most modern web browsers such as Chrome (since version 83 8 ), Edge, Firefox, Opera, and Brave; a comprehensive evaluation of DoH support in web browsers can be found at zdnet.com [4]. There are also native resolvers with DoH support in Microsoft Windows [17] and modern GNU/Linux distributions (e.g., via systemdresolved).…”

Section: B Adoption Perspectivementioning

confidence: 99%

“…Hynek et al [7] performed an experiment similar to the website fingerprinting; however, they aimed to infer actual queries inside a single DNS packet. They studied the shape of DoH traffic and showed that it is possible to identify the number of queries or used versions of the HTTP protocol.…”

Section: B Adoption Perspectivementioning

confidence: 99%

See 2 more Smart Citations

Summary of DNS Over HTTPS Abuse

et al. 2022

Self Cite

View full text Add to dashboard Cite

The Internet Engineering Task Force adopted the DNS over HTTPS protocol in 2018 to remediate privacy issues regarding the plain text transmission of the DNS protocol. According to our observations and the analysis described in this paper, protecting DNS queries using HTTPS entails security threats. This paper surveys DoH related research works and analyzes malicious and unwanted activities that leverage DNS over HTTPS and can be currently observed in the wild. Additionally, we describe three realworld abuse scenarios observed in the web environment that reveal how service providers intentionally use DNS over HTTPS to violate policies. Last but not least, we identified several research challenges that we consider important for future security research.

show abstract

Section: B Doh From the Network Monitoring Point Of Viewmentioning

confidence: 99%

Section: B Adoption Perspectivementioning

confidence: 99%

See 1 more Smart Citation

Summary of DNS Over HTTPS Abuse

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, according to [64], DNS message padding was not well supported (at least until 2020) by the majority of browsers such as Firefox that limits its public adoption.…”

Section: Practical Issues and Security Vulnerabilitymentioning

confidence: 99%

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Lyu,

Gharakheili,

Sivaraman

2022

Preprint

View full text Add to dashboard Cite

The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role for Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and hence, can be read and/or hijacked by third parties. To protect user privacy, the networking community has proposed standard encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) for DNS communications, enabling clients to perform secure and private domain name lookups. We survey the DNS encryption literature published since 2016, focusing on its current landscape and how it is misused by malware, and highlighting the existing techniques developed to make inferences from encrypted DNS traffic. First, we provide an overview of various standards developed in the space of DNS encryption and their adoption status, performance, benefits, and security issues. Second, we highlight ways that various malware families can exploit DNS encryption to their advantage for botnet communications and/or data exfiltration. Third, we discuss existing inference methods for profiling normal patterns and/or detecting malicious encrypted DNS traffic. Several directions are presented to motivate future research in enhancing the performance and security of DNS encryption.CCS Concepts: • Networks → Application layer protocols; Naming and addressing; • Security and privacy → Security protocols; Malware and its mitigation.

show abstract

“…Several studies [4,16,21,33] also challenge the privacypreserving characteristics of encrypted DNS. Studies from Siby et al [33] and Bushart et al [4] brought interesting results by performing very accurate website fingerprinting using only DoH and DoT traffic.…”

Section: Related Workmentioning

confidence: 99%

Large Scale Measurement on the Adoption of Encrypted DNS

García,

Hynek,

Vekshin

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Several encryption proposals for DNS have been presented since 2016, but their adoption was not comprehensively studied yet. This research measured the current adoption of DoH (DNS over HTTPS), DoT (DNS over TLS), and DoQ (DNS over QUIC) for five months at the beginning of 2021 by three different organizations with global coverage. By comparing the total values, amount of requests per user, and the seasonality of the traffic, it was possible to obtain the current adoption trends. Moreover, we actively scanned the Internet for still-unknown working DoH servers and we compared them with a novel curated list of well-known DoH servers.We conclude that despite growing in 2020, during the first five months of 2021 there was statistically significant evidence that the average amount of Internet traffic for DoH, DoT and DoQ remained stationary. However, we found that the amount of, still unknown and ready to use, DoH servers grew 4 times. These measurements suggest that even though the amount of encrypted DNS is currently not growing, there may probably be more connections soon to those unknown DoH servers for benign and malicious purposes.

show abstract

Privacy Illusion: Beware of Unpadded DoH

Cited by 7 publications

References 7 publications

Summary of DNS Over HTTPS Abuse

Summary of DNS Over HTTPS Abuse

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Large Scale Measurement on the Adoption of Encrypted DNS

Contact Info

Product

Resources

About