Characterizing Privacy Leakage in Encrypted DNS Traffic

Characterizing Privacy Leakage in Encrypted DNS Traffic

Increased demand for DNS privacy has driven the creation of several encrypted DNS protocols, such as DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ). Recently, DoT and DoH have been deployed by some vendors like Google and Cloudflare. This paper addresses privacy leakage in these t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE Transactions on Communications 2023/02/01, Vol.E106.B(2), pp.156-165
Hauptverfasser: HU, Guannan, FUKUDA, Kensuke
Format: Artikel
Sprache:eng
Schlagworte:
Domain names
encrypted DNS
Leakage
Privacy
privacy leakage
Resolvers
website fingerprinting
Websites
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 165
container_issue 2
container_start_page 156
container_title IEICE Transactions on Communications
container_volume E106.B
creator HU, Guannan
FUKUDA, Kensuke
description Increased demand for DNS privacy has driven the creation of several encrypted DNS protocols, such as DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ). Recently, DoT and DoH have been deployed by some vendors like Google and Cloudflare. This paper addresses privacy leakage in these three encrypted DNS protocols (especially DoQ) with different DNS recursive resolvers (Google, NextDNS, and Bind) and DNS proxy (AdGuard). More particularly, we investigate encrypted DNS traffic to determine whether the adversary can infer the category of websites users visit for this purpose. Through analyzing packet traces of three encrypted DNS protocols, we show that the classification performance of the websites (i.e., user's privacy leakage) is very high in terms of identifying 42 categories of the websites both in public (Google and NextDNS) and local (Bind) resolvers. By comparing the case with cache and without cache at the local resolver, we confirm that the caching effect is negligible as regards identification. We also show that discriminative features are mainly related to the inter-arrival time of packets for DNS resolving. Indeed, we confirm that the F1 score decreases largely by removing these features. We further investigate two possible countermeasures that could affect the inter-arrival time analysis in the local resolver: AdBlocker and DNS prefetch. However, there is no significant improvement in results with these countermeasures. These findings highlight that information leakage is still possible even in encrypted DNS traffic regardless of underlying protocols (i.e., HTTPS, TLS, QUIC).
doi_str_mv 10.1587/transcom.2022EBP3014
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2786720378</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2786720378</sourcerecordid><originalsourceid>FETCH-LOGICAL-c426t-f594f65c8e25b71b7dff069b7919cf422be645220724bea570f1d72a97d79c423</originalsourceid><addsrcrecordid>eNpNkE1PAjEQhhujiYj-Aw-beF5sZ_uxPQouakKUKJ6bbrfFRdjFtpjgr3cNCp5mDu_zTuZB6JLgAWG5uI5eN8G0qwFggGI4zTChR6hHBGUpySg7Rj0sCU9zRvgpOgthgTHJgUAPidGb9tpE6-uvupknU19_arNNJla_67lN6iYpGuO362ir5PbxJZl57VxtztGJ08tgL35nH72Oi9noPp083T2MbiapocBj6pikjjOTW2ClIKWonMNclkISaRwFKC2nDAALoKXVTGBHKgFaikrIriLro6td79q3Hxsbolq0G990JxWInAvAmci7FN2ljG9D8Napta9X2m8VwepHkfpTpP4p6rDnHbYIsXt2D2kfa7O0B6ggmKuhgv1yKNmHTSdS2Sb7BuuEd34</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2786720378</pqid></control><display><type>article</type><title>Characterizing Privacy Leakage in Encrypted DNS Traffic</title><source>Alma/SFX Local Collection</source><creator>HU, Guannan ; FUKUDA, Kensuke</creator><creatorcontrib>HU, Guannan ; FUKUDA, Kensuke</creatorcontrib><description>Increased demand for DNS privacy has driven the creation of several encrypted DNS protocols, such as DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ). Recently, DoT and DoH have been deployed by some vendors like Google and Cloudflare. This paper addresses privacy leakage in these three encrypted DNS protocols (especially DoQ) with different DNS recursive resolvers (Google, NextDNS, and Bind) and DNS proxy (AdGuard). More particularly, we investigate encrypted DNS traffic to determine whether the adversary can infer the category of websites users visit for this purpose. Through analyzing packet traces of three encrypted DNS protocols, we show that the classification performance of the websites (i.e., user's privacy leakage) is very high in terms of identifying 42 categories of the websites both in public (Google and NextDNS) and local (Bind) resolvers. By comparing the case with cache and without cache at the local resolver, we confirm that the caching effect is negligible as regards identification. We also show that discriminative features are mainly related to the inter-arrival time of packets for DNS resolving. Indeed, we confirm that the F1 score decreases largely by removing these features. We further investigate two possible countermeasures that could affect the inter-arrival time analysis in the local resolver: AdBlocker and DNS prefetch. However, there is no significant improvement in results with these countermeasures. These findings highlight that information leakage is still possible even in encrypted DNS traffic regardless of underlying protocols (i.e., HTTPS, TLS, QUIC).</description><identifier>ISSN: 0916-8516</identifier><identifier>EISSN: 1745-1345</identifier><identifier>DOI: 10.1587/transcom.2022EBP3014</identifier><language>eng</language><publisher>Tokyo: The Institute of Electronics, Information and Communication Engineers</publisher><subject>Domain names ; encrypted DNS ; Leakage ; Privacy ; privacy leakage ; Resolvers ; website fingerprinting ; Websites</subject><ispartof>IEICE Transactions on Communications, 2023/02/01, Vol.E106.B(2), pp.156-165</ispartof><rights>2023 The Institute of Electronics, Information and Communication Engineers</rights><rights>Copyright Japan Science and Technology Agency 2023</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c426t-f594f65c8e25b71b7dff069b7919cf422be645220724bea570f1d72a97d79c423</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>HU, Guannan</creatorcontrib><creatorcontrib>FUKUDA, Kensuke</creatorcontrib><title>Characterizing Privacy Leakage in Encrypted DNS Traffic</title><title>IEICE Transactions on Communications</title><addtitle>IEICE Trans. Commun.</addtitle><description>Increased demand for DNS privacy has driven the creation of several encrypted DNS protocols, such as DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ). Recently, DoT and DoH have been deployed by some vendors like Google and Cloudflare. This paper addresses privacy leakage in these three encrypted DNS protocols (especially DoQ) with different DNS recursive resolvers (Google, NextDNS, and Bind) and DNS proxy (AdGuard). More particularly, we investigate encrypted DNS traffic to determine whether the adversary can infer the category of websites users visit for this purpose. Through analyzing packet traces of three encrypted DNS protocols, we show that the classification performance of the websites (i.e., user's privacy leakage) is very high in terms of identifying 42 categories of the websites both in public (Google and NextDNS) and local (Bind) resolvers. By comparing the case with cache and without cache at the local resolver, we confirm that the caching effect is negligible as regards identification. We also show that discriminative features are mainly related to the inter-arrival time of packets for DNS resolving. Indeed, we confirm that the F1 score decreases largely by removing these features. We further investigate two possible countermeasures that could affect the inter-arrival time analysis in the local resolver: AdBlocker and DNS prefetch. However, there is no significant improvement in results with these countermeasures. These findings highlight that information leakage is still possible even in encrypted DNS traffic regardless of underlying protocols (i.e., HTTPS, TLS, QUIC).</description><subject>Domain names</subject><subject>encrypted DNS</subject><subject>Leakage</subject><subject>Privacy</subject><subject>privacy leakage</subject><subject>Resolvers</subject><subject>website fingerprinting</subject><subject>Websites</subject><issn>0916-8516</issn><issn>1745-1345</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNpNkE1PAjEQhhujiYj-Aw-beF5sZ_uxPQouakKUKJ6bbrfFRdjFtpjgr3cNCp5mDu_zTuZB6JLgAWG5uI5eN8G0qwFggGI4zTChR6hHBGUpySg7Rj0sCU9zRvgpOgthgTHJgUAPidGb9tpE6-uvupknU19_arNNJla_67lN6iYpGuO362ir5PbxJZl57VxtztGJ08tgL35nH72Oi9noPp083T2MbiapocBj6pikjjOTW2ClIKWonMNclkISaRwFKC2nDAALoKXVTGBHKgFaikrIriLro6td79q3Hxsbolq0G990JxWInAvAmci7FN2ljG9D8Napta9X2m8VwepHkfpTpP4p6rDnHbYIsXt2D2kfa7O0B6ggmKuhgv1yKNmHTSdS2Sb7BuuEd34</recordid><startdate>20230201</startdate><enddate>20230201</enddate><creator>HU, Guannan</creator><creator>FUKUDA, Kensuke</creator><general>The Institute of Electronics, Information and Communication Engineers</general><general>Japan Science and Technology Agency</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>L7M</scope></search><sort><creationdate>20230201</creationdate><title>Characterizing Privacy Leakage in Encrypted DNS Traffic</title><author>HU, Guannan ; FUKUDA, Kensuke</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c426t-f594f65c8e25b71b7dff069b7919cf422be645220724bea570f1d72a97d79c423</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Domain names</topic><topic>encrypted DNS</topic><topic>Leakage</topic><topic>Privacy</topic><topic>privacy leakage</topic><topic>Resolvers</topic><topic>website fingerprinting</topic><topic>Websites</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>HU, Guannan</creatorcontrib><creatorcontrib>FUKUDA, Kensuke</creatorcontrib><collection>CrossRef</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><jtitle>IEICE Transactions on Communications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>HU, Guannan</au><au>FUKUDA, Kensuke</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Characterizing Privacy Leakage in Encrypted DNS Traffic</atitle><jtitle>IEICE Transactions on Communications</jtitle><addtitle>IEICE Trans. Commun.</addtitle><date>2023-02-01</date><risdate>2023</risdate><volume>E106.B</volume><issue>2</issue><spage>156</spage><epage>165</epage><pages>156-165</pages><artnum>2022EBP3014</artnum><issn>0916-8516</issn><eissn>1745-1345</eissn><abstract>Increased demand for DNS privacy has driven the creation of several encrypted DNS protocols, such as DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ). Recently, DoT and DoH have been deployed by some vendors like Google and Cloudflare. This paper addresses privacy leakage in these three encrypted DNS protocols (especially DoQ) with different DNS recursive resolvers (Google, NextDNS, and Bind) and DNS proxy (AdGuard). More particularly, we investigate encrypted DNS traffic to determine whether the adversary can infer the category of websites users visit for this purpose. Through analyzing packet traces of three encrypted DNS protocols, we show that the classification performance of the websites (i.e., user's privacy leakage) is very high in terms of identifying 42 categories of the websites both in public (Google and NextDNS) and local (Bind) resolvers. By comparing the case with cache and without cache at the local resolver, we confirm that the caching effect is negligible as regards identification. We also show that discriminative features are mainly related to the inter-arrival time of packets for DNS resolving. Indeed, we confirm that the F1 score decreases largely by removing these features. We further investigate two possible countermeasures that could affect the inter-arrival time analysis in the local resolver: AdBlocker and DNS prefetch. However, there is no significant improvement in results with these countermeasures. These findings highlight that information leakage is still possible even in encrypted DNS traffic regardless of underlying protocols (i.e., HTTPS, TLS, QUIC).</abstract><cop>Tokyo</cop><pub>The Institute of Electronics, Information and Communication Engineers</pub><doi>10.1587/transcom.2022EBP3014</doi><tpages>10</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0916-8516
ispartof IEICE Transactions on Communications, 2023/02/01, Vol.E106.B(2), pp.156-165
issn 0916-8516
1745-1345
language eng
recordid cdi_proquest_journals_2786720378
source Alma/SFX Local Collection
subjects Domain names
encrypted DNS
Leakage
Privacy
privacy leakage
Resolvers
website fingerprinting
Websites
title Characterizing Privacy Leakage in Encrypted DNS Traffic
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T00%3A03%3A39IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Characterizing%20Privacy%20Leakage%20in%20Encrypted%20DNS%20Traffic&rft.jtitle=IEICE%20Transactions%20on%20Communications&rft.au=HU,%20Guannan&rft.date=2023-02-01&rft.volume=E106.B&rft.issue=2&rft.spage=156&rft.epage=165&rft.pages=156-165&rft.artnum=2022EBP3014&rft.issn=0916-8516&rft.eissn=1745-1345&rft_id=info:doi/10.1587/transcom.2022EBP3014&rft_dat=%3Cproquest_cross%3E2786720378%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2786720378&rft_id=info:pmid/&rfr_iscdi=true