Abstract
The Domain Name System (DNS) is the only globally deployed Internet service that provides user-friendly naming for Internet hosts. It was originally designed to return the same answer to any given query regardless of who may have issued the query, and thus all data in the DNS is assumed to be public. Such an assumption potentially conflicts with the privacy policies of private Internet hosts, particularly the increasing numbers of laptops and PDAs used by mobile users as their primary computing device. IP addresses of such devices in the DNS reveal the host’s, and typically the user’s, dynamic geographic location to anyone that is interested without the host’s knowledge or explicit consent. This paper demonstrates, and measures the severity of an attack that allows anyone on the Internet to covertly monitor mobile devices to construct detailed user profiles including user identity, daily commute patterns, and travel itineraries. Users that wish to identify their private hosts using user-friendly names are locked into the DNS model, thus becoming unwitting victims to this attack; we identify a growing number of such dynamic DNS users (two million and climbing), and covertly trail over one hundred thousand of them. We report on a large scale study that demonstrates the feasibility and severity of such an attack in today’s Internet. We further propose short-term and long-term defenses for the attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: RFC 4033: DNS Security Introduction and Requirements (March 2005)
Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review 79(1), 119–158 (2004)
Padmanabhan, V.N., Subramanian, L.: An investigation of geographic mapping techniques for Internet hosts. In: Proceedings of the SIGCOMM 2001, San Diego, CA (August 2001)
Spring, N., Mahajan, R., Anderson, T.: Quantifying the Causes of Path Inflation. In: Proceedings of the SIGCOMM 2003, Karlsruhe, Germany (August 2003)
The Privacy Ecosystem: IPPages – IP Address properties of your Internet Connection
Dynamic Network Services, Inc.: DynDNS – A free DNS service for those with dynamic IP addresses
Vitalwerks Internet Solutions, LLC.: No-IP – Dynamic DNS, Static DNS for Your Dynamic IP
Tzolkin Corporation: TZO.com – Dynamic DNS Services for your Dynamic or Static IP Address
Deerfield dot com: DNS2GO – Dynamic DNS Services for your IP Address
CanWeb Internet Services Ltd.: DynIP – Dynamic DNS Service
GravityFree: DtDNS – Your Complete DNS Solution
Dynamic Network Services, Inc.: DynDNS: Third Party Clients – keep IP address current, use with all DNS services
Akamai Technologies, Inc.: Akamai: How it works
Dynamic Network Services, Inc.: Private communications (2006)
Kanellos, M.: Notebooks pass desktops in U.S. retail, ZDNet News (February 2006)
Mockapetris, P., Dunlap, K.: Development of the Domain Name System. In: Proceedings of the SIGCOMM 1988, Stanford, CA (August 1988)
Park, K., Pai, V.S., Peterson, L., Wang, Z.: CoDNS: Improving DNS performance and reliability via cooperative lookups. In: Proceedings of the Sixth Symposium on Operating Systems Design and Implementation (OSDI 2004), San Francisco, CA (December 2004)
Ramasubramanian, V., Sirer, E.G.: CoDoNS: The Design and Implementation of a Next Generation Name Service for the Internet. In: Proceedings of SIGCOMM 2004, Portland, OR (August 2004)
Poole, L., Pai, V.S.: ConfiDNS: Leveraging Scale and History to Improve DNS Security. In: Proceedings of WORLDS 2006, Seattle, WA (November 2006)
Gabrilovich, E., Gontmakher, A.: The Homograph Attack. Communications of the ACM 45(2), 128 (2002)
Walfish, M., Stribling, J., Krohn, M., Balakrishnan, H., Morris, R., Shenker, S.: Middleboxes No Longer Considered Harmful. In: Proceedings of the OSDI 2004, San Francisco, CA (December 2004)
Ford, B., Strauss, J., Lesniewski-Laas, C., Rhea, S., Kaashoek, F., Morris, R.: Persistent Personal Names for Globally Connected Mobile Devices. In: Proceedings of the OSDI 2006, Seattle, WA (November 2004)
Perkowitz, M., Doorenbos, R.B., Etzioni, O., Weld, D.S.: Learning to Understand Information on the Internet: An Example-Based Approach. Journal of Intelligent Information Systems 8(2), 133–153 (2004)
Gordon Lyon: Nmap Security Scanner
Dagon, D., Gu, G., Zou, C., Grizzard, J., Dwivedi, S., Lee, W., Lipton, R.: A Taxonomy of Botnets. In: Proceedings of CAIDA DNS-OARC Workshop, San Jose, CA (July 2005)
Gueye, B., Ziviani, A., Crovella, M., Fdida, S.: Constraint-based geolocation of internet hosts. IEEE/ACM Transactions on Networking 14(6), 1219–1232 (2006)
Wong, B., Stoyanov, I., Sirer, E.G.: Octant: A Comprehensive Framework for the Geolocalization of Internet Hosts. In: Proceedings of the NSDI 2007, Cambridge, MA (May 2007)
Srisuresh, P., Egevang, K.: RFC 3022: Traditional IP Network Address Translator (Traditional NAT) (January 2001)
Laurie, B., Sisson, G., Arends, R., Blacka, D.: Internet draft: DNSSEC Hashed Authenticated Denial of Existence Work in progress. draft-ietf-dnsext-nsec3-11.txt (July 2007)
US-CERT: The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0)
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption. FOCS 00, 394 (1997)
Boneh, D., Gentry, C., Waters, B.: Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)
Saltzer, J.H., Reed, D., Clark, D.D.: End-to-end arguments in system design. ACM Transactions on Computer Systems 2(4), 277–288 (1984)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: RFC 3261: SIP Session Initiation Protocol (June 2002)
Jung, J., Sit, E., Balakrishnan, H., Morris, R.: DNS Performance and Effectiveness of Caching. In: Proceedings of SIGCOMM Internet Measurement Workshop, San Francisco, CA (November 2001)
Breslau, L., Cao, P., Fan, L., Phillips, G., Shenker, S.: Web Caching and Zipf-like Distributions: Evidence and Implications. In: Proceedings of INFOCOM 1999, New York, pp. 126–134 (March 1999)
Guha, S., Francis, P.: An End-Middle-End Approach to Connection Establishment. In: Proceedings of SIGCOMM 2007, Kyoto, Japan (August 2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Guha, S., Francis, P. (2007). Identity Trail: Covert Surveillance Using DNS. In: Borisov, N., Golle, P. (eds) Privacy Enhancing Technologies. PET 2007. Lecture Notes in Computer Science, vol 4776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75551-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-75551-7_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75550-0
Online ISBN: 978-3-540-75551-7
eBook Packages: Computer ScienceComputer Science (R0)