• Corpus ID: 18687638

NSA’s MORECOWBELL: Knell for DNS

@inproceedings{Grothoff2015NSAsMK,
  title={NSA’s MORECOWBELL: Knell for DNS},
  author={Christian Grothoff and Matthias Wachs and Monika Ermert},
  year={2015}
}
On the net, close to everything starts with a request to the Domain Name System (DNS), a core Internet protocol to allow users to access Internet services by names, such as www.example.com, instead of using numeric IP addresses, like 2001:DB8:4145::4242. Developed in the “Internet good old times” the contemporary DNS is like a large network activity chart for the visually impaired. Consequently, it now attracts not only all sorts of commercially-motivated surveillance, but, as new documents of… 
cryptome.org
8 Citations
Highly Influential Citations
1
Background Citations
3
Methods Citations
1

8 Citations

Citation Type

Citation Type

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS
TLDR
Interoperable instantiations of the Oblivious DNS over HTTPS protocol are implemented, a corresponding formal model and analysis is constructed, and results suggest that ODoH is a practical privacy-enhancing replacement for DNS.
An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?
TLDR
This paper performs by far the first end-to-end and large-scale analysis on DNS-over-Encryption by collecting data from Internet scanning, user-end measurement and passive monitoring logs, and gains several unique insights.
Encrypted DNS -> Privacy? A Traffic Analysis Perspective
TLDR
This paper examines whether encrypting DNS traffic can protect users from traffic analysis-based monitoring and censoring and shows that Tor -- which does not effectively mitigate traffic analysis attacks on web traffic -- is a good defense against DoH traffic analysis.
Comparative Analysis of DoT and HTTPS Certificate Ecosystems
TLDR
Preliminary results show that DoT appears to have benefited from the PKI security advancements that were mostly tailored to HTTPS, and this research compares the DoT and HTTPS certificate ecosystems.
A Comprehensive Study of DNS-over-HTTPS Downgrade Attack
TLDR
DNS-over-HTTPS (DoH) is one major effort to protect DNS confidentiality and integrity, which has been deployed by most of the popular browsers but could be tainted by the downgrade attack.
A Paged Domain Name System for Query Privacy
TLDR
This paper investigates a new approach for a privacy-preserving DNS mechanism that hides query information from root name servers and TLD registries, and evaluates the memory overhead for a resolver and obtain feasibility guarantees through a prototype implementation of the new functionalities for resolvers and registries.
Potential Identity Resolution Systems for the Industrial Internet of Things: A Survey
TLDR
A comprehensive survey on the potential identity resolution systems that may be used in the Industrial Internet of Things, including a reference framework that can be used to evaluate an identity resolution system.
Privacy analysis of DNS resolver solutions
TLDR
This research will show that the best protection a DNS user could achieve is combining a DNS forwarder with a public resolver, and encryption should be used in the two steps between stub and public Resolver.

References

SHOWING 1-10 OF 31 REFERENCES
Fragmentation Considered Poisonous, or: One-domain-to-rule-them-all.org
TLDR
Off-path DNS cache poisoning attacks, circumventing widely-deployed challenge-response defenses, e.g., transaction identifier randomisation, port and query randomisation are presented, resulting in IP fragmentation.
A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System
TLDR
The design and implementation of the GNU Name System GNS is introduced, a fully decentralized and censorship-resistant name system which provides a privacy-enhancing alternative to DNS which preserves the desirable property of memorable names.
DNS Prefetching and Its Privacy Implications: When Good Things Go Bad
TLDR
This paper examines how prefetching amplifies disclosure attacks to a degree where it is possible to infer the likely search terms issued by clients using a given DNS resolver.
DNS Security Introduction and Requirements
TLDR
This document introduces these extensions and describes their capabilities and limitations, and describes the interrelationships between the documents that collectively describe DNSSEC.
Possible solutions to DNS privacy issues
This document describes some possible solutions to the DNS privacy issues described in [I-D.bortzmeyer-dnsop-dns-privacy]. Discussions of the document should currently take place on the dnsop mailing
DNS Query Name Minimisation to Improve Privacy
This document describes a technique to improve DNS privacy, a technique called "QNAME minimisation", where the DNS resolver no longer sends the full original QNAME to the upstream name server.
Curve25519: New Diffie-Hellman Speed Records
TLDR
This paper explains the design and implementation of a high-security elliptic-curve-Diffie-Hellman function achieving record-setting speeds: e.g., 832457 Pentium III cycles more than twice as fast as other authors' results at the same conjectured security level.
DNS Privacy Considerations
TLDR
The privacy issues associated with the use of the DNS by Internet users are described to be an analysis of the present situation and does not prescribe solutions.
A close look at the NSA ’ s most powerful Internet attack tool
  • Wired
  • 2014
A close look at the NSA's most powerful Internet attack tool. Wired
  • 2014
...
1
2
3
4
...