Assessing the Privacy Benefits of Domain Name Encryption
As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled, users leak information about the domains they visit via DNS que...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2020-07 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Nguyen, Phong Hoang Arian Akhavan Niaki Borisov, Nikita Gill, Phillipa Polychronakis, Michalis |
| description | As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled, users leak information about the domains they visit via DNS queries and via the Server Name Indication (SNI) extension of TLS. Two recent proposals to ameliorate this issue are DNS over HTTPS/TLS (DoH/DoT) and Encrypted SNI (ESNI). In this paper we aim to assess the privacy benefits of these proposals by considering the relationship between hostnames and IP addresses, the latter of which are still exposed. We perform DNS queries from nine vantage points around the globe to characterize this relationship. We quantify the privacy gain offered by ESNI for different hosting and CDN providers using two different metrics, the k-anonymity degree due to co-hosting and the dynamics of IP address changes. We find that 20% of the domains studied will not gain any privacy benefit since they have a one-to-one mapping between their hostname and IP address. On the other hand, 30% will gain a significant privacy benefit with a k value greater than 100, since these domains are co-hosted with more than 100 other domains. Domains whose visitors' privacy will meaningfully improve are far less popular, while for popular domains the benefit is not significant. Analyzing the dynamics of IP addresses of long-lived domains, we find that only 7.7% of them change their hosting IP addresses on a daily basis. We conclude by discussing potential approaches for website owners and hosting/CDN providers for maximizing the privacy benefits of ESNI. |
| doi_str_mv | 10.48550/arxiv.1911.00563 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_1911_00563</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2312073436</sourcerecordid><originalsourceid>FETCH-LOGICAL-a526-bc9678ff58ded490700f049e3d7a0f301caeb2e5784ca17d044977c0bb3f1d403</originalsourceid><addsrcrecordid>eNotj7FOwzAURS0kJKrSD2DCEnPCs58dO2MppSBVwNA9chIbXBEn2GlF_57SMt3l6OocQm4Y5EJLCfcm_vh9zkrGcgBZ4AWZcESWacH5FZmltAUAXiguJU6InqdkU_Lhg46flr5HvzfNgT7YYJ0fE-0dfew74wN9NZ2ly9DEwzD6PlyTS2e-kp3975RsnpabxXO2flu9LObrzEheZHVTFko7J3VrW1GCAnAgSoutMuAQWGNsza1UWjSGqRaEKJVqoK7RsVYATsnt-faUVQ3RdyYeqr-86pR3JO7OxBD7751NY7XtdzEcnSqOjINCgQX-AptqUW8</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2312073436</pqid></control><display><type>article</type><title>Assessing the Privacy Benefits of Domain Name Encryption</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Nguyen, Phong Hoang ; Arian Akhavan Niaki ; Borisov, Nikita ; Gill, Phillipa ; Polychronakis, Michalis</creator><creatorcontrib>Nguyen, Phong Hoang ; Arian Akhavan Niaki ; Borisov, Nikita ; Gill, Phillipa ; Polychronakis, Michalis</creatorcontrib><description>As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled, users leak information about the domains they visit via DNS queries and via the Server Name Indication (SNI) extension of TLS. Two recent proposals to ameliorate this issue are DNS over HTTPS/TLS (DoH/DoT) and Encrypted SNI (ESNI). In this paper we aim to assess the privacy benefits of these proposals by considering the relationship between hostnames and IP addresses, the latter of which are still exposed. We perform DNS queries from nine vantage points around the globe to characterize this relationship. We quantify the privacy gain offered by ESNI for different hosting and CDN providers using two different metrics, the k-anonymity degree due to co-hosting and the dynamics of IP address changes. We find that 20% of the domains studied will not gain any privacy benefit since they have a one-to-one mapping between their hostname and IP address. On the other hand, 30% will gain a significant privacy benefit with a k value greater than 100, since these domains are co-hosted with more than 100 other domains. Domains whose visitors' privacy will meaningfully improve are far less popular, while for popular domains the benefit is not significant. Analyzing the dynamics of IP addresses of long-lived domains, we find that only 7.7% of them change their hosting IP addresses on a daily basis. We conclude by discussing potential approaches for website owners and hosting/CDN providers for maximizing the privacy benefits of ESNI.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.1911.00563</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Communications traffic ; Computer Science - Cryptography and Security ; Computer Science - Networking and Internet Architecture ; Domain names ; Encryption ; IP (Internet Protocol) ; Mapping ; Privacy ; Proposals ; Queries ; Websites</subject><ispartof>arXiv.org, 2020-07</ispartof><rights>2020. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,784,885,27924</link.rule.ids><backlink>$$Uhttps://doi.org/10.1145/3320269.3384728$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.48550/arXiv.1911.00563$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Nguyen, Phong Hoang</creatorcontrib><creatorcontrib>Arian Akhavan Niaki</creatorcontrib><creatorcontrib>Borisov, Nikita</creatorcontrib><creatorcontrib>Gill, Phillipa</creatorcontrib><creatorcontrib>Polychronakis, Michalis</creatorcontrib><title>Assessing the Privacy Benefits of Domain Name Encryption</title><title>arXiv.org</title><description>As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled, users leak information about the domains they visit via DNS queries and via the Server Name Indication (SNI) extension of TLS. Two recent proposals to ameliorate this issue are DNS over HTTPS/TLS (DoH/DoT) and Encrypted SNI (ESNI). In this paper we aim to assess the privacy benefits of these proposals by considering the relationship between hostnames and IP addresses, the latter of which are still exposed. We perform DNS queries from nine vantage points around the globe to characterize this relationship. We quantify the privacy gain offered by ESNI for different hosting and CDN providers using two different metrics, the k-anonymity degree due to co-hosting and the dynamics of IP address changes. We find that 20% of the domains studied will not gain any privacy benefit since they have a one-to-one mapping between their hostname and IP address. On the other hand, 30% will gain a significant privacy benefit with a k value greater than 100, since these domains are co-hosted with more than 100 other domains. Domains whose visitors' privacy will meaningfully improve are far less popular, while for popular domains the benefit is not significant. Analyzing the dynamics of IP addresses of long-lived domains, we find that only 7.7% of them change their hosting IP addresses on a daily basis. We conclude by discussing potential approaches for website owners and hosting/CDN providers for maximizing the privacy benefits of ESNI.</description><subject>Communications traffic</subject><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Networking and Internet Architecture</subject><subject>Domain names</subject><subject>Encryption</subject><subject>IP (Internet Protocol)</subject><subject>Mapping</subject><subject>Privacy</subject><subject>Proposals</subject><subject>Queries</subject><subject>Websites</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj7FOwzAURS0kJKrSD2DCEnPCs58dO2MppSBVwNA9chIbXBEn2GlF_57SMt3l6OocQm4Y5EJLCfcm_vh9zkrGcgBZ4AWZcESWacH5FZmltAUAXiguJU6InqdkU_Lhg46flr5HvzfNgT7YYJ0fE-0dfew74wN9NZ2ly9DEwzD6PlyTS2e-kp3975RsnpabxXO2flu9LObrzEheZHVTFko7J3VrW1GCAnAgSoutMuAQWGNsza1UWjSGqRaEKJVqoK7RsVYATsnt-faUVQ3RdyYeqr-86pR3JO7OxBD7751NY7XtdzEcnSqOjINCgQX-AptqUW8</recordid><startdate>20200708</startdate><enddate>20200708</enddate><creator>Nguyen, Phong Hoang</creator><creator>Arian Akhavan Niaki</creator><creator>Borisov, Nikita</creator><creator>Gill, Phillipa</creator><creator>Polychronakis, Michalis</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20200708</creationdate><title>Assessing the Privacy Benefits of Domain Name Encryption</title><author>Nguyen, Phong Hoang ; Arian Akhavan Niaki ; Borisov, Nikita ; Gill, Phillipa ; Polychronakis, Michalis</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a526-bc9678ff58ded490700f049e3d7a0f301caeb2e5784ca17d044977c0bb3f1d403</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Communications traffic</topic><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Networking and Internet Architecture</topic><topic>Domain names</topic><topic>Encryption</topic><topic>IP (Internet Protocol)</topic><topic>Mapping</topic><topic>Privacy</topic><topic>Proposals</topic><topic>Queries</topic><topic>Websites</topic><toplevel>online_resources</toplevel><creatorcontrib>Nguyen, Phong Hoang</creatorcontrib><creatorcontrib>Arian Akhavan Niaki</creatorcontrib><creatorcontrib>Borisov, Nikita</creatorcontrib><creatorcontrib>Gill, Phillipa</creatorcontrib><creatorcontrib>Polychronakis, Michalis</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Nguyen, Phong Hoang</au><au>Arian Akhavan Niaki</au><au>Borisov, Nikita</au><au>Gill, Phillipa</au><au>Polychronakis, Michalis</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Assessing the Privacy Benefits of Domain Name Encryption</atitle><jtitle>arXiv.org</jtitle><date>2020-07-08</date><risdate>2020</risdate><eissn>2331-8422</eissn><abstract>As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled, users leak information about the domains they visit via DNS queries and via the Server Name Indication (SNI) extension of TLS. Two recent proposals to ameliorate this issue are DNS over HTTPS/TLS (DoH/DoT) and Encrypted SNI (ESNI). In this paper we aim to assess the privacy benefits of these proposals by considering the relationship between hostnames and IP addresses, the latter of which are still exposed. We perform DNS queries from nine vantage points around the globe to characterize this relationship. We quantify the privacy gain offered by ESNI for different hosting and CDN providers using two different metrics, the k-anonymity degree due to co-hosting and the dynamics of IP address changes. We find that 20% of the domains studied will not gain any privacy benefit since they have a one-to-one mapping between their hostname and IP address. On the other hand, 30% will gain a significant privacy benefit with a k value greater than 100, since these domains are co-hosted with more than 100 other domains. Domains whose visitors' privacy will meaningfully improve are far less popular, while for popular domains the benefit is not significant. Analyzing the dynamics of IP addresses of long-lived domains, we find that only 7.7% of them change their hosting IP addresses on a daily basis. We conclude by discussing potential approaches for website owners and hosting/CDN providers for maximizing the privacy benefits of ESNI.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.1911.00563</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2020-07 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_arxiv_primary_1911_00563 |
| source | arXiv.org; Free E- Journals |
| subjects | Communications traffic Computer Science - Cryptography and Security Computer Science - Networking and Internet Architecture Domain names Encryption IP (Internet Protocol) Mapping Privacy Proposals Queries Websites |
| title | Assessing the Privacy Benefits of Domain Name Encryption |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-11T11%3A33%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Assessing%20the%20Privacy%20Benefits%20of%20Domain%20Name%20Encryption&rft.jtitle=arXiv.org&rft.au=Nguyen,%20Phong%20Hoang&rft.date=2020-07-08&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.1911.00563&rft_dat=%3Cproquest_arxiv%3E2312073436%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2312073436&rft_id=info:pmid/&rfr_iscdi=true |