Skip to main content
SpringerLink
Log in

Identity Trail: Covert Surveillance Using DNS

  • Conference paper
Privacy Enhancing Technologies (PET 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4776))

Included in the following conference series:

Abstract

The Domain Name System (DNS) is the only globally deployed Internet service that provides user-friendly naming for Internet hosts. It was originally designed to return the same answer to any given query regardless of who may have issued the query, and thus all data in the DNS is assumed to be public. Such an assumption potentially conflicts with the privacy policies of private Internet hosts, particularly the increasing numbers of laptops and PDAs used by mobile users as their primary computing device. IP addresses of such devices in the DNS reveal the host’s, and typically the user’s, dynamic geographic location to anyone that is interested without the host’s knowledge or explicit consent. This paper demonstrates, and measures the severity of an attack that allows anyone on the Internet to covertly monitor mobile devices to construct detailed user profiles including user identity, daily commute patterns, and travel itineraries. Users that wish to identify their private hosts using user-friendly names are locked into the DNS model, thus becoming unwitting victims to this attack; we identify a growing number of such dynamic DNS users (two million and climbing), and covertly trail over one hundred thousand of them. We report on a large scale study that demonstrates the feasibility and severity of such an attack in today’s Internet. We further propose short-term and long-term defenses for the attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: RFC 4033: DNS Security Introduction and Requirements (March 2005)

    Google Scholar 

  2. Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review 79(1), 119–158 (2004)

    Google Scholar 

  3. Padmanabhan, V.N., Subramanian, L.: An investigation of geographic mapping techniques for Internet hosts. In: Proceedings of the SIGCOMM 2001, San Diego, CA (August 2001)

    Google Scholar 

  4. Spring, N., Mahajan, R., Anderson, T.: Quantifying the Causes of Path Inflation. In: Proceedings of the SIGCOMM 2003, Karlsruhe, Germany (August 2003)

    Google Scholar 

  5. The Privacy Ecosystem: IPPages – IP Address properties of your Internet Connection

    Google Scholar 

  6. Dynamic Network Services, Inc.: DynDNS – A free DNS service for those with dynamic IP addresses

    Google Scholar 

  7. Vitalwerks Internet Solutions, LLC.: No-IP – Dynamic DNS, Static DNS for Your Dynamic IP

    Google Scholar 

  8. Tzolkin Corporation: TZO.com – Dynamic DNS Services for your Dynamic or Static IP Address

    Google Scholar 

  9. Deerfield dot com: DNS2GO – Dynamic DNS Services for your IP Address

    Google Scholar 

  10. CanWeb Internet Services Ltd.: DynIP – Dynamic DNS Service

    Google Scholar 

  11. GravityFree: DtDNS – Your Complete DNS Solution

    Google Scholar 

  12. Dynamic Network Services, Inc.: DynDNS: Third Party Clients – keep IP address current, use with all DNS services

    Google Scholar 

  13. Akamai Technologies, Inc.: Akamai: How it works

    Google Scholar 

  14. Dynamic Network Services, Inc.: Private communications (2006)

    Google Scholar 

  15. Kanellos, M.: Notebooks pass desktops in U.S. retail, ZDNet News (February 2006)

    Google Scholar 

  16. Mockapetris, P., Dunlap, K.: Development of the Domain Name System. In: Proceedings of the SIGCOMM 1988, Stanford, CA (August 1988)

    Google Scholar 

  17. Park, K., Pai, V.S., Peterson, L., Wang, Z.: CoDNS: Improving DNS performance and reliability via cooperative lookups. In: Proceedings of the Sixth Symposium on Operating Systems Design and Implementation (OSDI 2004), San Francisco, CA (December 2004)

    Google Scholar 

  18. Ramasubramanian, V., Sirer, E.G.: CoDoNS: The Design and Implementation of a Next Generation Name Service for the Internet. In: Proceedings of SIGCOMM 2004, Portland, OR (August 2004)

    Google Scholar 

  19. Poole, L., Pai, V.S.: ConfiDNS: Leveraging Scale and History to Improve DNS Security. In: Proceedings of WORLDS 2006, Seattle, WA (November 2006)

    Google Scholar 

  20. Gabrilovich, E., Gontmakher, A.: The Homograph Attack. Communications of the ACM 45(2), 128 (2002)

    Article  Google Scholar 

  21. Walfish, M., Stribling, J., Krohn, M., Balakrishnan, H., Morris, R., Shenker, S.: Middleboxes No Longer Considered Harmful. In: Proceedings of the OSDI 2004, San Francisco, CA (December 2004)

    Google Scholar 

  22. Ford, B., Strauss, J., Lesniewski-Laas, C., Rhea, S., Kaashoek, F., Morris, R.: Persistent Personal Names for Globally Connected Mobile Devices. In: Proceedings of the OSDI 2006, Seattle, WA (November 2004)

    Google Scholar 

  23. Perkowitz, M., Doorenbos, R.B., Etzioni, O., Weld, D.S.: Learning to Understand Information on the Internet: An Example-Based Approach. Journal of Intelligent Information Systems 8(2), 133–153 (2004)

    Article  Google Scholar 

  24. Gordon Lyon: Nmap Security Scanner

    Google Scholar 

  25. Dagon, D., Gu, G., Zou, C., Grizzard, J., Dwivedi, S., Lee, W., Lipton, R.: A Taxonomy of Botnets. In: Proceedings of CAIDA DNS-OARC Workshop, San Jose, CA (July 2005)

    Google Scholar 

  26. Gueye, B., Ziviani, A., Crovella, M., Fdida, S.: Constraint-based geolocation of internet hosts. IEEE/ACM Transactions on Networking 14(6), 1219–1232 (2006)

    Article  Google Scholar 

  27. Wong, B., Stoyanov, I., Sirer, E.G.: Octant: A Comprehensive Framework for the Geolocalization of Internet Hosts. In: Proceedings of the NSDI 2007, Cambridge, MA (May 2007)

    Google Scholar 

  28. Srisuresh, P., Egevang, K.: RFC 3022: Traditional IP Network Address Translator (Traditional NAT) (January 2001)

    Google Scholar 

  29. Laurie, B., Sisson, G., Arends, R., Blacka, D.: Internet draft: DNSSEC Hashed Authenticated Denial of Existence Work in progress. draft-ietf-dnsext-nsec3-11.txt (July 2007)

    Google Scholar 

  30. US-CERT: The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0)

    Google Scholar 

  31. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption. FOCS 00, 394 (1997)

    Google Scholar 

  32. Boneh, D., Gentry, C., Waters, B.: Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)

    Google Scholar 

  33. Saltzer, J.H., Reed, D., Clark, D.D.: End-to-end arguments in system design. ACM Transactions on Computer Systems 2(4), 277–288 (1984)

    Article  Google Scholar 

  34. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: RFC 3261: SIP Session Initiation Protocol (June 2002)

    Google Scholar 

  35. Jung, J., Sit, E., Balakrishnan, H., Morris, R.: DNS Performance and Effectiveness of Caching. In: Proceedings of SIGCOMM Internet Measurement Workshop, San Francisco, CA (November 2001)

    Google Scholar 

  36. Breslau, L., Cao, P., Fan, L., Phillips, G., Shenker, S.: Web Caching and Zipf-like Distributions: Evidence and Implications. In: Proceedings of INFOCOM 1999, New York, pp. 126–134 (March 1999)

    Google Scholar 

  37. Guha, S., Francis, P.: An End-Middle-End Approach to Connection Establishment. In: Proceedings of SIGCOMM 2007, Kyoto, Japan (August 2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cornell University, Ithaca NY 14853, USA

    Saikat Guha & Paul Francis

Authors
  1. Saikat Guha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paul Francis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Nikita Borisov Philippe Golle

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Guha, S., Francis, P. (2007). Identity Trail: Covert Surveillance Using DNS. In: Borisov, N., Golle, P. (eds) Privacy Enhancing Technologies. PET 2007. Lecture Notes in Computer Science, vol 4776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75551-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75551-7_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75550-0

  • Online ISBN: 978-3-540-75551-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation