EncDNS: A Lightweight Privacy-Preserving Name Resolution Service

设为首页

收藏本站

网站地图 | English | 公务邮箱

About the library

Background
History
Leadership
Organization

Readers' Guide

Opening Hours
Collections
Help Via Email

Publications

Electronic Information Resources

EncDNS: A Lightweight Privacy-Preserving Name Resolution Service

详细信息查看全文

作者：Dominik Herrmann (17)
Karl-Peter Fuchs (17)
Jens Lindemann (17)
Hannes Federrath (17)
关键词：anonymity ; obfuscation ; confidentiality ; encapsulation ; DNSCurve ; nameserver ; DNS proxy ; encryption ; third ; party DNS ; open source
刊名：Lecture Notes in Computer Science
出版年：2014
出版时间：2014
年：2014
卷：8712
期：1
页码：37-55
全文大小：366 KB
参考文献：1. Lemley, M., Levine, D.S., Post, D.G.: Don鈥檛 Break the Internet. 64 Stan. L. Rev. Online聽34 (2011)
2. Kleinschmidt, B.: An International Comparison of ISP鈥檚 Liabilities for Unlawful Third Party Content. I. J. Law and Information Technology聽18(4), 332鈥?55 (2010) CrossRef
3. Nabi, Z.: The Anatomy of Web Censorship in Pakistan. CoRR abs/1307.1144 (2013)
4. Verkamp, J.P., Gupta, M.: Inferring Mechanics of Web Censorship Around the World. In: 2nd USENIX Workshop on Free and Open Communications on the Internet. USENIX Association (2012)
5. Zittrain, J., Edelman, B.: Internet Filtering in China. IEEE Internet Computing聽7(2), 70鈥?7 (2003) CrossRef
6. Goodson, S.: If You鈥檙e Not Paying For It, You Become The Product. Forbes.com (2012), http://onforb.es/wVrU4G
7. Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS Security Introduction and Requirements. RFC 4033 (2005)
8. Conrad, D.: Towards Improving DNS Security, Stability, and Resiliency (2012), http://www.internetsociety.org/towards-improving-dns-security-stability-and-resiliency-0
9. Poulson, K.: Edward Snowden鈥檚 E-Mail Provider Defied FBI Demands to Turn Over Crypto Keys, Documents Show. Wired, http://www.wired.com/2013/10/lavabit_unsealed/
10. Hsiao, H.C., Kim, T.H.J., Perrig, A., Yamada, A., Nelson, S.C., Gruteser, M., Meng, W.: LAP: Lightweight Anonymity and Privacy. In: IEEE Symposium on Security and Privacy (S&P 2012), pp. 506鈥?20. IEEE (2012)
11. Jansen, R., Johnson, A., Syverson, P.F.: LIRA: Lightweight Incentivized Routing for Anonymity. In: 20th Annual Network and Distributed System Security Symposium (NDSS 2013). The Internet Society (2013)
12. Mockapetris, P.: Domain Names: Concepts and Facilities. RFC 1034 (1987)
13. Mockapetris, P.: Domain Names: Implementation and Specification. RFC 1035 (1987)
14. Zhao, F., Hori, Y., Sakurai, K.: Analysis of Privacy Disclosure in DNS Query. In: International Conference on Multimedia and Ubiquitous Engineering (MUE 2007), pp. 952鈥?57. IEEE (2007)
15. Zhao, F., Hori, Y., Sakurai, K.: Two鈥揝ervers PIR Based DNS Query Scheme with Privacy鈥揚reserving. In: International Conference on Intelligent Pervasive Computing (IPC 2007), pp. 299鈥?02. IEEE (2007)
16. Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private Information Retrieval. In: Proceedings of the 36th Annual Symposium on Foundations of Computer Science, Milwaukee, Wisconsin, pp. 41鈥?0. IEEE (1995)
17. Castillo-Perez, S., Garcia-Alfaro, J.: Anonymous Resolution of DNS Queries. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol.聽5332, pp. 987鈥?000. Springer, Heidelberg (2008)
18. Castillo-Perez, S., Garc铆a-Alfaro, J.: Evaluation of Two Privacy鈥揚reserving Protocols for the DNS. In: 6th International Conference on Information Technology: New Generations (ITNG 2009), pp. 411鈥?16. IEEE (2009)
19. Lu, Y., Tsudik, G.: Towards Plugging Privacy Leaks in the Domain Name System. In: IEEE 10th International Conference on Peer-to-Peer Computing (P2P 2010), pp. 1鈥?0. IEEE (2010)
20. Ramasubramanian, V., Sirer, E.G.: The Design and Implementation of a Next Generation Name Service for the Internet. In: SIGCOMM 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 331鈥?42. ACM (2004)
21. Fabian, B., Goertz, F., Kunz, S., M眉ller, S., Nitzsche, M.: Privately Waiting 鈥?A Usability Analysis of the Tor Anonymity Network. In: Santana, M., Luftman, J.N., Vinze, A.S. (eds.) 16th Americas Conference on Information Systems (AMCIS 2010), p. 258. Association for Information Systems (2010)
22. Federrath, H., Fuchs, K.P., Herrmann, D., Piosecny, C.: Privacy-Preserving DNS: Analysis of Broadcast, Range Queries and Mix-Based Protection Methods. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol.聽6879, pp. 665鈥?83. Springer, Heidelberg (2011) CrossRef
23. Ager, B., M眉hlbauer, W., Smaragdakis, G., Uhlig, S.: Comparing DNS Resolvers in the Wild. In: Allman, M. (ed.) SIGCOMM Conference on Internet Measurement 2010 (IMC 2010), pp. 15鈥?1. ACM (2010)
24. Wander, M., Weis, T.: Measuring Occurrence of DNSSEC Validation. In: [52], pp. 125鈥?34
25. Elz, R., Bush, R.: Clarifications to the DNS Specification. RFC 2181 (1997)
26. Vixie, P.: Extension Mechanisms for DNS (EDNS0). RFC 2671 (1999)
27. Dempsky, M.: DNSCurve: Link-Level Security for the Domain Name System. Internet Draft draft-dempsky-dnscurve-01, RFC Editor (2010)
28. Bernstein, D.J.: The Poly1305-AES Message-Authentication Code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol.聽3557, pp. 32鈥?9. Springer, Heidelberg (2005) CrossRef
29. Bernstein, D.J.: Curve25519: New Diffie-Hellman Speed Records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol.聽3958, pp. 207鈥?28. Springer, Heidelberg (2006) CrossRef
30. Bernstein, D.J.: The Salsa20 Family of Stream Ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol.聽4986, pp. 84鈥?7. Springer, Heidelberg (2008) CrossRef
31. Bernstein, D.J., Lange, T., Schwabe, P.: The Security Impact of a New Cryptographic Library. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol.聽7533, pp. 159鈥?76. Springer, Heidelberg (2012)
32. Bernstein, D.J.: Cryptography in NaCl. Technical report, Department of Computer Science (MC 152). The University of Illinois, Chicago, IL (March 2009), http://cr.yp.to/highspeed/naclcrypto-20090310.pdf
33. Fuchs, K.P., Herrmann, D., Federrath, H.: Introducing the gMix Open Source Framework for Mix Implementations. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol.聽7459, pp. 487鈥?04. Springer, Heidelberg (2012) CrossRef
34. Levine, B.N., Reiter, M.K., Wang, C.-X., Wright, M.: Timing attacks in low-latency mix systems (extended abstract). In: Juels, A. (ed.) FC 2004. LNCS, vol.聽3110, pp. 251鈥?65. Springer, Heidelberg (2004) CrossRef
35. Pries, R., Yu, W., Fu, X., Zhao, W.: A new replay attack against anonymous communication networks. In: International Conference on Communications (ICC 2008), pp. 1578鈥?582. IEEE (2008)
36. McCoy, D., Bauer, K.S., Grunwald, D., Kohno, T., Sicker, D.C.: Shining Light in Dark Places: Understanding the Tor Network. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol.聽5134, pp. 63鈥?6. Springer, Heidelberg (2008) CrossRef
37. Winter, P., Lindskog, S.: Spoiled Onions: Exposing Malicious Tor Exit Relays. CoRR abs/1401.4917 (2014)
38. Park, K., Pai, V.S., Peterson, L.L., Wang, Z.: CoDNS: Improving DNS Performance and Reliability via Cooperative Lookups. In: 6th Symposium on Operating System Design and Implementation, pp. 199鈥?14. USENIX Association (2004)
39. Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing. In: USENIX Annual Technical Conference, pp. 321鈥?34. USENIX (2008)
40. Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: Detecting DNS Amplification Attacks. In: Lopez, J., H盲mmerli, B.M. (eds.) CRITIS 2007. LNCS, vol.聽5141, pp. 185鈥?96. Springer, Heidelberg (2008) CrossRef
41. Linux Foundation: Netem (2009), http://www.linuxfoundation.org/collaborate/workgroups/networking/netem
42. Nussbaum, L., Richard, O.: A Comparative Study of Network Link Emulators. In: Wainer, G.A., Shaffer, C.A., McGraw, R.M., Chinni, M.J. (eds.) Proceedings of the 2009 Spring Simulation Multiconference. SCS/ACM (2009)
43. Liang, J., Jiang, J., Duan, H.X., Li, K., Wu, J.: Measuring Query Latency of Top Level DNS Servers. In: [52], pp. 145鈥?54
44. Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., Lee, W.: Increased DNS Forgery Resistance Through 0x20-bit Encoding: Security via Leet Queries. In: Ning, P., Syverson, P.F., Jha, S. (eds.) Conference on Computer and Communications Security (CCS 2008), pp. 211鈥?22. ACM (2008)
45. Schomp, K., Callahan, T., Rabinovich, M., Allman, M.: Assessing DNS Vulnerability to Record Injection. In: Faloutsos, M., Kuzmanovic, A. (eds.) PAM 2014. LNCS, vol.聽8362, pp. 214鈥?23. Springer, Heidelberg (2014) CrossRef
46. Karol, M., Hluchyj, M., Morgan, S.: Input versus output queueing on a space-division packet switch. IEEE Trans. on Communications聽35(12), 1347鈥?356 (1987) CrossRef
47. Nowlan, M.F., Wolinsky, D., Ford, B.: Reducing Latency in Tor Circuits with Unordered Delivery. In: 3rd USENIX Workshop on Free and Open Communications on the Internet. USENIX Association (2013)
48. Reardon, J., Goldberg, I.: Improving Tor using a TCP-over-DTLS Tunnel. In: USENIX Security Symposium, pp. 119鈥?34. USENIX Association (2009)
49. AlSabah, M., Goldberg, I.: PCTCP: per-circuit TCP-over-IPsec transport for anonymous communication overlay networks. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) Conference on Computer and Communications Security (CCS 2013), pp. 349鈥?60. ACM (2013)
50. Josefsson, S.: The Base16, Base32, and Base64 Data Encodings. RFC 4648 (2006)
51. Barnes, R.: Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE). RFC 6394 (2011)
52. Roughan, M., Chang, R. (eds.): PAM 2013. LNCS, vol.聽7799. Springer, Heidelberg (2013)
作者单位：Dominik Herrmann (17)
Karl-Peter Fuchs (17)
Jens Lindemann (17)
Hannes Federrath (17)

17. Computer Science Department, University of Hamburg, Germany
ISSN：1611-3349

文摘

Users are increasingly switching to third party DNS resolvers (e. g., Google Public DNS and OpenDNS). The resulting monitoring capabilities constitute an emerging threat to online privacy. In this paper we present EncDNS, a novel lightweight privacy-preserving name resolution service as a replacement for conventional third-party resolvers. The EncDNS protocol, which is based on DNSCurve, encapsulates encrypted messages in standards-compliant DNS messages. User privacy is protected by exploiting the fact that a conventional DNS resolver provides sender anonymity against the EncDNS server. Unlike traditional privacy-preserving techniques like mixes or onion routing, which introduce considerable delays due to routing messages over multiple hops, the EncDNS architecture introduces only one additional server in order to achieve a sufficient level of protection against realistic adversaries. EncDNS is open source software. An initial test deployment is available for public use.