Corpus ID: 18687638


  title={NSA’s MORECOWBELL: Knell for DNS},
  author={Christian Grothoff and Matthias Wachs and Monika Ermert},
On the net, close to everything starts with a request to the Domain Name System (DNS), a core Internet protocol to allow users to access Internet services by names, such as, instead of using numeric IP addresses, like 2001:DB8:4145::4242. Developed in the “Internet good old times” the contemporary DNS is like a large network activity chart for the visually impaired. Consequently, it now attracts not only all sorts of commercially-motivated surveillance, but, as new documents of… Expand
Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS
Interoperable instantiations of the Oblivious DNS over HTTPS protocol are implemented, a corresponding formal model and analysis is constructed, and results suggest that ODoH is a practical privacy-enhancing replacement for DNS. Expand
An End-to-End, Large-Scale Measurement of DNS-over-Encryption: How Far Have We Come?
This paper performs by far the first end-to-end and large-scale analysis on DNS-over-Encryption by collecting data from Internet scanning, user-end measurement and passive monitoring logs, and gains several unique insights. Expand
Encrypted DNS -> Privacy? A Traffic Analysis Perspective
This paper examines whether encrypting DNS traffic can protect users from traffic analysis-based monitoring and censoring and shows that Tor -- which does not effectively mitigate traffic analysis attacks on web traffic -- is a good defense against DoH traffic analysis. Expand
Comparative Analysis of DoT and HTTPS Certificate Ecosystems
The Internet’s Public Key Infrastructure (PKI) has been used to provide security to HTTPS and other protocols over the Internet. Such infrastructure began to be increasingly relied upon for DNSExpand
A Comprehensive Study of DNS-over-HTTPS Downgrade Attack
DNS-over-HTTPS (DoH) is one major effort to protect DNS confidentiality and integrity, which has been deployed by most of the popular browsers but could be tainted by the downgrade attack. Expand
A Paged Domain Name System for Query Privacy
This paper investigates a new approach for a privacy-preserving DNS mechanism that hides query information from root name servers and TLD registries, and evaluates the memory overhead for a resolver and obtain feasibility guarantees through a prototype implementation of the new functionalities for resolvers and registries. Expand
Potential Identity Resolution Systems for the Industrial Internet of Things: A Survey
A comprehensive survey on the potential identity resolution systems that may be used in the Industrial Internet of Things, including a reference framework that can be used to evaluate an identity resolution system. Expand
Privacy analysis of DNS resolver solutions
This research focuses on privacy in the Domain Name System (DNS). Techniques to improve privacy during specific phases of DNS resolution exists. The goal of this research is to evaluate thoseExpand


Fragmentation Considered Poisonous, or:
Off-path DNS cache poisoning attacks, circumventing widely-deployed challenge-response defenses, e.g., transaction identifier randomisation, port and query randomisation are presented, resulting in IP fragmentation. Expand
A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System
The design and implementation of the GNU Name System GNS is introduced, a fully decentralized and censorship-resistant name system which provides a privacy-enhancing alternative to DNS which preserves the desirable property of memorable names. Expand
DNS Prefetching and Its Privacy Implications: When Good Things Go Bad
This paper examines how prefetching amplifies disclosure attacks to a degree where it is possible to infer the likely search terms issued by clients using a given DNS resolver. Expand
DNS Security Introduction and Requirements
This document introduces these extensions and describes their capabilities and limitations, and describes the interrelationships between the documents that collectively describe DNSSEC. Expand
Possible solutions to DNS privacy issues
This document describes some possible solutions to the DNS privacy issues described in [I-D.bortzmeyer-dnsop-dns-privacy]. Discussions of the document should currently take place on the dnsop mailingExpand
DNS Query Name Minimisation to Improve Privacy
This document describes a technique to improve DNS privacy, a technique called "QNAME minimisation", where the DNS resolver no longer sends the full original QNAME to the upstream name server.
Curve25519: New Diffie-Hellman Speed Records
This paper explains the design and implementation of a high-security elliptic-curve-Diffie-Hellman function achieving record-setting speeds: e.g., 832457 Pentium III cycles more than twice as fast as other authors' results at the same conjectured security level. Expand
DNS Privacy Considerations
The privacy issues associated with the use of the DNS by Internet users are described to be an analysis of the present situation and does not prescribe solutions. Expand
A close look at the NSA ’ s most powerful Internet attack tool
  • Wired
  • 2014
A close look at the NSA's most powerful Internet attack tool. Wired
  • 2014