• Corpus ID: 245668743

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

  title={A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques},
  author={Minzhao Lyu and Hassan Habibi Gharakheili and Vijay Sivaraman},
The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role for Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and hence, can be read and/or hijacked by third parties. To protect user privacy, the networking community has proposed standard encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) for DNS communications, enabling… 


On the Impact of DNS Over HTTPS Paradigm on Cyber Systems
  • Kimo Bumanglag, H. Kettani
  • Computer Science
    2020 3rd International Conference on Information and Computer Technologies (ICICT)
  • 2020
The weaknesses of the DNS protocol are reviewed and how malware has abused those weaknesses, enhancements to DNS security, andHow malware uses DNS and how that use is detected are reviewed, with a special emphasis on the effects that DNS over HTTPS may have on an organization's security.
Pretty Bad Privacy: Pitfalls of DNS Encryption
This work indicates that further study may be required to adjust the proposals for end-to-end encryption to stand up to their security guarantees, and to make them suitable for the common servers' configurations in the DNS infrastructure.
Encrypted DNS -> Privacy? A Traffic Analysis Perspective
This paper examines whether encrypting DNS traffic can protect users from traffic analysis-based monitoring and censoring and shows that Tor -- which does not effectively mitigate traffic analysis attacks on web traffic -- is a good defense against DoH traffic analysis.
An investigation on information leakage of DNS over TLS
A DoT fingerprinting method is developed to analyze DoT traffic and determine if a user has visited websites of interest to adversaries and it is shown that information leakage is still possible even when DoT messages are padded.
Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS
This paper proposes a novel traffic analysis method that combines size and timing information to infer the websites a user visits purely based on encrypted and padded DNS traces, and concludes by showing that successful mitigations to such attacks have to remove the entropy of inter-arrival timings between query responses.
Comparing the Effects of DNS, DoT, and DoH on Web Performance
This paper measures the effect of Do53, DoT, and DoH on query response times and page load times from five global vantage points and provides several recommendations to improve DNS performance, such as opportunistic partial responses and wire format caching.
Connection-Oriented DNS to Improve Privacy and Security
The contribution is to show that T-DNS significantly improves security and privacy: TCP prevents denial-of-service (DoS) amplification against others, reduces the effects of DoS on the server, and simplifies policy choices about key size.
Detecting Malicious DNS over HTTPS Traffic Using Machine Learning
  • S. Singh, P. Roy
  • Computer Science
    2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT)
  • 2020
This paper uses various machine learning classifiers such as Naive Bayes, Logistic Regression, Random Forest, and Gradient Boosting to detect the malicious activity at DNS level in the DoH environment and confirmed that the RF and GB classifiers are better choices for the said problem.
Understanding the Impact of Encrypted DNS on Internet Censorship
The impact of the encrypted DNS on Internet censorship in two aspects is studied, including the severity of DNS manipulation, which could be leveraged for Internet censorship, given the use of encrypted DNS resolvers, and the effectiveness of using encrypted DNS Resolvers for censorship circumvention.
DoH Insight: detecting DNS over HTTPS by machine learning
The aim is to evaluate what information (if any) can be gained from HTTPS extended IP flow data using machine learning, and evaluated five popular ML methods to find the best DoH classifiers.