TY - GEN
T1 - Anonymous resolution of DNS queries
AU - Castillo-Perez, Sergio
AU - Garcia-Alfaro, Joaquin
PY - 2008/1/1
Y1 - 2008/1/1
N2 - The use of the DNS as the underlying technology of new resolution name services can lead to privacy violations. The exchange of data between servers and clients flows without protection. Such an information can be captured by service providers and eventually sold with malicious purposes (i.e., spamming, phishing, etc.). A motivating example is the use of DNS on VoIP services for the translation of traditional telephone numbers into Internet URLs. We analyze in this paper the use of statistical noise for the construction of proper DNS queries. Our objective aims at reducing the risk that sensible data within DNS queries could be inferred by local and remote DNS servers. We evaluate the implementation of a proof-of-concept of our approach. We study the benefits and limitations of our proposal. A first limitation is the possibility of attacks against the integrity and authenticity of our queries by means of, for instance, man-in-the-middle or replay attacks. However, this limitation can be successfully solved combining our proposal together with the use of the DNSSEC (DNS Security extensions). We evaluate the impact of including this complementary countermeasure.
AB - The use of the DNS as the underlying technology of new resolution name services can lead to privacy violations. The exchange of data between servers and clients flows without protection. Such an information can be captured by service providers and eventually sold with malicious purposes (i.e., spamming, phishing, etc.). A motivating example is the use of DNS on VoIP services for the translation of traditional telephone numbers into Internet URLs. We analyze in this paper the use of statistical noise for the construction of proper DNS queries. Our objective aims at reducing the risk that sensible data within DNS queries could be inferred by local and remote DNS servers. We evaluate the implementation of a proof-of-concept of our approach. We study the benefits and limitations of our proposal. A first limitation is the possibility of attacks against the integrity and authenticity of our queries by means of, for instance, man-in-the-middle or replay attacks. However, this limitation can be successfully solved combining our proposal together with the use of the DNSSEC (DNS Security extensions). We evaluate the impact of including this complementary countermeasure.
KW - Anonymity
KW - Domain name system
KW - IT security
KW - Privacy
KW - Privacy information retrieval
UR - https://www.scopus.com/pages/publications/85099426805
U2 - 10.1007/978-3-540-88873-4_5
DO - 10.1007/978-3-540-88873-4_5
M3 - Conference contribution
AN - SCOPUS:85099426805
SN - 3540888705
SN - 9783540888703
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 987
EP - 1000
BT - On the Move to Meaningful Internet Systems
PB - Springer Verlag
T2 - OTM 2008 Confederated International Conferences CoopIS, DOA, GADA, IS, and ODBASE 2008
Y2 - 9 November 2008 through 14 November 2008
ER -