Does domain name encryption increase users' privacy?-Reference-Cited by-同舟云学术

Does domain name encryption increase users' privacy?

Published:2020-07-22 Issue:3 Volume:50 Page:16-22
ISSN:0146-4833
Container-title:ACM SIGCOMM Computer Communication Review
language:en
Short-container-title:SIGCOMM Comput. Commun. Rev.

Author:

Trevisan Martino¹,Soro Francesca¹,Mellia Marco¹,Drago Idilio²,Morla Ricardo³

Affiliation:

1. Politecnico di Torino, Italy

2. University of Turin, Italy

3. University of Porto, Portugal

Abstract

Knowing domain names associated with traffic allows eavesdroppers to profile users without accessing packet payloads. Encrypting domain names transiting the network is, therefore, a key step to increase network confidentiality. Latest efforts include encrypting the TLS Server Name Indication (eSNI extension) and encrypting DNS traffic, with DNS over HTTPS (DoH) representing a prominent proposal. In this paper, we show that an attacker able to observe users' traffic relying on plain-text DNS can uncover the domain names of users relying on eSNI or DoH. By relying on large-scale network traces, we show that simplistic features and off-the-shelf machine learning models are sufficient to achieve surprisingly high precision and recall when recovering encrypted domain names. The triviality of the attack calls for further actions to protect privacy, in particular considering transient scenarios in which only a fraction of users will adopt these new privacy-enhancing technologies.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3411740.3411743

Reference29 articles.

1. B. Anderson and D. McGrew. 2019. TLS Beyond the Browser: Combining End Host and Network Data to Understand Application Behavior (Proc. of the IMC). 379--392. B. Anderson and D. McGrew. 2019. TLS Beyond the Browser: Combining End Host and Network Data to Understand Application Behavior (Proc. of the IMC). 379--392.

2. Torben

3. S. Bhat D. Lu A. Kwon and S. Devadas. 2019. Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning (Proc. of the PET). 292--310. S. Bhat D. Lu A. Kwon and S. Devadas. 2019. Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning (Proc. of the PET). 292--310.

4. T. Böttger F. Cuadrado G. Antichi E. Fernandes G. Tyson I. Castro and S. Uhlig. 2019. An Empirical Study of the Cost of DNS-over-HTTPS (Proc. of the IMC). 15--21. T. Böttger F. Cuadrado G. Antichi E. Fernandes G. Tyson I. Castro and S. Uhlig. 2019. An Empirical Study of the Cost of DNS-over-HTTPS (Proc. of the IMC). 15--21.

Cited by 11 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Introductory Chapter: Exploring Cryptography – Examining Its Fundamentals and Potential Applications;Biometrics and Cryptography;2024-06-19

2. Attacking DoH and ECH: Does Server Name Encryption Protect Users’ Privacy?;ACM Transactions on Internet Technology;2023-02-23

3. Web browsing privacy in the deep learning era: Beyond VPNs and encryption;Computer Networks;2023-01

4. Measuring the Performance of iCloud Private Relay;Passive and Active Measurement;2023

5. ProFi: Scalable and Efficient Website Fingerprinting;IEEE Transactions on Network and Service Management;2023