Abstract
The use of the DNS as the underlying technology of new resolution name services can lead to privacy violations. The exchange of data between servers and clients flows without protection. Such an information can be captured by service providers and eventually sold with malicious purposes (i.e., spamming, phishing, etc.). A motivating example is the use of DNS on VoIP services for the translation of traditional telephone numbers into Internet URLs. We analyze in this paper the use of statistical noise for the construction of proper DNS queries. Our objective aims at reducing the risk that sensible data within DNS queries could be inferred by local and remote DNS servers. We evaluate the implementation of a proof-of-concept of our approach. We study the benefits and limitations of our proposal. A first limitation is the possibility of attacks against the integrity and authenticity of our queries by means of, for instance, man-in-the-middle or replay attacks. However, this limitation can be successfully solved combining our proposal together with the use of the DNSSEC (DNS Security extensions). We evaluate the impact of including this complementary countermeasure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ager, B., Dreger, H., Feldmann, A.: Predicting the DNSSEC Overhead Using DNS Traces. In: 40th Annual Conf. on Information Sciences and Systems, pp. 1484–1489 (2006)
Atkins, D., Austein, R.: Threats Analysis of the Domain Name System (DNS). Request for Comments, RFC 3833, IETF (2004)
Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private Information Retrieval. Journal of the ACM, 965–981 (1998)
Young, E.A., Hudson, T.J.: OpenSSL: The Open Source Toolkit for SSL/TLS, http://www.openssl.org/
ETSI, Methods and Protocols for Security; part 1: Threat analysis. Technical Specification ETSI TS 102 165-1 V4.1.1 (2003)
Faltstrom, P., Mealling, M.: The E.164 to Uniform Resource Identifiers Dynamic Delegation Discovery System Application. Request for Comments, RFC 3761, IETF (2004)
Federal Trade Commission. Protecting Consumers from Spam, Spyware, and Fraud. A Legislative Recommendation to Congress (2005)
Garcia-Alfaro, J., Barbeau, M., Kranakis, E.: Evaluation of Anonymized ONS Queries. In: 1st Workshop on Security of Autonomous and Spontaneous Networks (SETOP 2008), Loctudy, Brittany, France (October 2008)
Mealling, M., Daniel, R.: The Naming Authority Pointer (NAPTR) DNS Resource Record. Request for Comments, RFC 2915, IETF (2000)
Mockapetris, P.: Domain Names - Implementation and Specification. Request for Comments, RFC 1035, IETF (1987)
Nomium Inc. A DNS Toolkit for Python, http://www.dnspython.org/
Siong, N.P., Toivonen, H.: Mee Too Crypto, http://chandlerproject.org/bin/view/Projects/MeTooCrypto
Rosenberg, J., et al.: Session Initiation Protocol. Request for Comments, RFC 3261 (2002)
Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation Onion Router. In: 13th conference on USENIX Security Symposium (2004)
DNSSEC Deployment Initiative, http://dnssec-deployment.org/
IETF IPsec, http://www.ietf.org/ids.by.wg/ipsec.html
Meenakshi, S.P., Raghavan, S.V.: Impact of IPSec Overhead on Web Application Servers. In: Advanced Computing and Communications (ADCOM 2006), pp. 652–657 (2006)
Ostrovsky, R., Skeith, W.E.: A Survey of Single Database PIR: Techniques and Applications. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 393–411. Springer, Heidelberg (2007)
Rossebø, J., Cadzow, S., Sijben, P.: eTVRA, a Threat, Vulnerability and Risk Assessment Method and Tool for eEurope. In: 2nd Int’l Conf. on Availability, Reliability and Security, ARES 2007, Vienna, Austria, pp. 925–933 (2007)
Rossebø, J., Cadzow, S., Sijben, P.: eTVRA, a Threat, Vulnerability and Risk Assessment Tool for eEurope. In: Stølen, K., Winsborough, W.H., Martinelli, F., Massacci, F. (eds.) iTrust 2006. LNCS, vol. 3986, pp. 467–471. Springer, Heidelberg (2006)
Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous Connections and Onion Routing. IEEE Journal on Selected Areas in Communications 16(4), 482–494 (1998)
Sion, R., Carbunar, B.: On the Computational Practicality of Private Information Retrieval. In: Network and Distributed Systems Security Symposium (NDSS) (2007)
Zhao, F., Hori, Y., Sakurai, K.: Analysis of Privacy Disclosure in DNS Query. In: IEEE Int’l Conf. on Multimedia and Ubiquitous Engineering, pp. 952–957 (2007)
Zhao, F., Hori, Y., Sakurai, K.: Two-Servers PIR Based DNS Query Scheme with Privacy-Preserving. In: IEEE Int’l Conf. on Intelligent Pervasive Computing, pp. 299–302 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Castillo-Perez, S., Garcia-Alfaro, J. (2008). Anonymous Resolution of DNS Queries. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems: OTM 2008. OTM 2008. Lecture Notes in Computer Science, vol 5332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88873-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-88873-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88872-7
Online ISBN: 978-3-540-88873-4
eBook Packages: Computer ScienceComputer Science (R0)