Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS-Reference-Cited by-同舟云学术

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

Published:2021-07-23 Issue:4 Volume:2021 Page:575-592
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Singanamalla Sudheesh¹,Chunhapanya Suphanat²,Hoyland Jonathan²,Vavruša Marek²,Verma Tanya²,Wu Peter²,Fayed Marwan²,Heimerl Kurtis³,Sullivan Nick²,Wood Christopher²

Affiliation:

1. University of Washington , and Cloudflare Inc. Sudheesh was with Cloudflare Inc. while doing this work.

2. Cloudflare Inc.

3. University of Washington

Abstract

Abstract The Internet’s Domain Name System (DNS) responds to client hostname queries with corresponding IP addresses and records. Traditional DNS is unencrypted and leaks user information to on-lookers. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) have been gaining traction, ostensibly protecting DNS messages from third parties. However, the small number of available public large-scale DoT and DoH resolvers has reinforced DNS privacy concerns, specifically that DNS operators could use query contents and client IP addresses to link activities with identities. Oblivious DNS over HTTPS (ODoH) safeguards against these problems. In this paper we implement and deploy interoperable instantiations of the protocol, construct a corresponding formal model and analysis, and evaluate the protocols’ performance with wide-scale measurements. Results suggest that ODoH is a practical privacy-enhancing replacement for DNS.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2021-0085

Reference84 articles.

1. [1] ODoH Analysis Tamarin Model. https://github.com/cloudflare/odoh-analysis.

2. [2] ODoH Artifacts. https://github.com/sudheesh001/ODoH-Artifacts.

3. [3] N Aifardan, D Bernstein, K Paterson, B Poettering, and J Schuldt. On the security of RC4 in TLS and WPA. In USENIX Security, 2013.

4. [4] Michael Backes, Aniket Kate, Praveen Manoharan, Sebastian Meiser, and Esfandiar Mohammadi. AnoA: A Framework for Analyzing Anonymous Communication Protocols. In 2013 IEEE 26th Computer Security Foundations Symposium, pages 163–178, 2013.

5. [5] Kenji Baheux. Chromium blog: A safer and more private browsing experience with secure DNS. https://blog.chromium.org/2020/05/a-safer-and-more-private-browsing-DoH.html, 05 2020. (Accessed on 09/15/2020).

Cited by 15 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. VPIR: an efficient verifiable private information retrieval scheme resisting malicious cloud server;Telecommunication Systems;2024-05-28

2. Tracking and Blocking Adware using DNS Sinkholing Algorithm;2024 16th International Conference on Computer and Automation Engineering (ICCAE);2024-03-14

3. μODNS: A distributed approach to DNS anonymization with collusion resistance;Computer Networks;2023-12

4. Where on Earth is the Spatial Name System?;Proceedings of the 22nd ACM Workshop on Hot Topics in Networks;2023-11-28

5. Demo: PDNS: A Fully Privacy-Preserving DNS;Proceedings of the ACM SIGCOMM 2023 Conference;2023-09