dns prefetching when good things go bad
play

DNS PREFETCHING: WHEN GOOD THINGS GO BAD Srinivas Krishnan and - PowerPoint PPT Presentation

Dec 07, 2022 •121 likes •476 views

DNS PREFETCHING: WHEN GOOD THINGS GO BAD Srinivas Krishnan and Fabian Monrose 1 1 Information quest 1980 1990 2000 2010 Timeline 2 2 Information quest 1980 1990 2000 2010 Latency: Hours Minutes Seconds Timeline 2 2

  1. DNS PREFETCHING: WHEN GOOD THINGS GO BAD Srinivas Krishnan and Fabian Monrose 1 1

  2. Information quest 1980 1990 2000 2010 Timeline 2 2

  3. Information quest 1980 1990 2000 2010 Latency: Hours Minutes Seconds Timeline 2 2

  4. Information quest 1980 1990 2000 2010 Latency: Hours Minutes Seconds Timeline 2 2

  5. Information quest 1980 1990 2000 2010 Latency: Hours Minutes Seconds Milliseconds Timeline 2 2

  6. Browser Wars Scripting Render 3 3

  7. Browsing and DNS Cache www.unc.edu root . Cache DNS dmtns07.turner.com ns2.unc.edu. cnn.com Server unc.edu bristol.cs.unc.edu. cs.unc.edu unc.edu NS 86400 ns2.unc.edu Cache ns2.unc.edu A 86400 152.2.253.100 Cache unc.edu A 86400 152.19.240.120 <domain> <A, CNAME, NS> <TTL> <meta> 4 4

  8. DNS Optimization • Proactive DNS pre-resolutions • Two basic approaches: • Guess as the user types • Fetch <href> links from a rendered page • Focus on reducing user perceived latency 5 5

  9. DNS PRE-RESOLUTION Gambling Addiction www.google.com CNAME 586186 www.l.google.com www.l.google.com A 60 www.l.google.com DNS Server Cache 6 6

  10. DNS PRE-RESOLUTION Gambling Addiction www.google.com CNAME 586186 www.l.google.com www.l.google.com A 60 www.l.google.com DNS Server sac.edu Cache 6 6

  11. DNS PRE-RESOLUTION Gambling Addiction www.google.com CNAME 586186 www.l.google.com www.l.google.com A 60 www.l.google.com DNS Server sac.edu A 73136 sac.edu Cache 6 6

  12. DNS PRE-RESOLUTION Gambling Addiction www.google.com CNAME 586186 www.l.google.com www.l.google.com A 60 www.l.google.com DNS Server sac.edu A 73136 sac.edu gamblersanonymous.org. A 73416 casinogambling.about.com.CNAME 900 treatment-centers.net. CNAME 3600 robertperkinson.com. A 86400 Cache en.wikipedia.org. CNAME 1052 ncpgambling.org. A 73416, helpguide.org. A 73340 gamblingaddiction.org. A 3600 Prefetching 6 6

  13. Privacy Threat • Reconnaissance of an enterprise • Ability to track users • Exploit: • Ability to probe a DNS server to infer cache hits. • Online probes with target search • Offline probe with no prior knowledge 7 7

  14. Online Probing Was a target search performed by a client ? • Build a profile of target search • Use cache snooping • Check for presence of profile • Report 8 8

  15. Building a Profile www.howstuffworks.com. ama-assn.org learn.genetics.utah.edu. www.humancloning.org. www.time.com. www.ornl.gov. en.wikipedia.org www.globalchange.com www.ncsl.org 9 9

  16. Building a Profile MinTTL Decay Curve Domains howstuffworks.com. ama-assn.org genetics.utah.edu. humancloning.org. time.com. ornl.gov. en.wikipedia.org globalchange.com ncsl.org 10 10

  17. Building a Profile MinTTL Decay Curve Domains ama-assn.org. genetics.utah.edu. humancloning.org. ornl.gov. globalchange.com ncsl.org 10 10

  18. Building a Profile MinTTL Decay Curve Domains Human Cloning 1.0 ama-assn.org 1800 ama-assn.org. .9 genetics.utah.edu. 3600 .8 A genetics.utah.edu. c .7 humancloning.org 3600 humancloning.org. c .6 u ornl.gov 86400 ornl.gov. r .5 a .4 globalchange.com 600 globalchange.com c y .3 ncsl.org ncsl.org 86400 .2 .1 .0 0 3 10 38 97 209 Time in Cache 10 10

  19. Building a Profile Decay Curve Get Scan Rate Human Cloning 1.0 95% 5 Mins .9 90% 10 Mins .8 A c 80% 20 Mins .7 c 75% 30 Mins .6 u r .5 50% 60 Mins a c .4 y .3 .2 .1 .0 0 3 10 38 97 209 Time in Cache 11 11

  20. Probe Attacker ama-assn.org. genetics.utah.edu ? genetics.utah.edu. DNS Server humancloning.org. ornl.gov. globalchange.com Cache Hit ncsl.org 12 12

  21. Probe ama-assn.org. ? Attacker genetics.utah.edu.? humancloning.org. ? ama-assn.org. ornl.gov. genetics.utah.edu. DNS Server globalchange.com ? humancloning.org. ncsl.org ? ornl.gov. globalchange.com ncsl.org 12 12

  22. Probe Confidence = % of Elements with same age Current Auth Domain Age TTL TTL ama-assn.org 1498 1800 302 genetics.utah.edu. 3298 3600 302 humancloning.org 3301 3600 299 ornl.gov 86099 86400 301 globalchange.com 298 600 302 ncsl.org 86101 86400 299 12 12

  23. And if we had access to logs ? • Can we extract all searches ? 13 13

  24. DNS Cache: privacy leaks Goal: Reconstruct Search Term from DNS Cache Search Cluster By Extract Age Keywords Term Rank n-Suggest steroid.com 600s steroid (1) steroid steroid steroid, baseball steroidsinbaseball.net 598s (2) baseball baseball steroid, baseball, baseballsteroidera.com 602s (3) era era steroid baseball baseball steroids steriod baseball era 14 14

  25. Case I: Preliminary Results ~500 Clients Target Control DNS DNS Server Server • 50 queries • Over 4 hours • Variable scan rate Inject Queries 15 15

  26. Case I: Preliminary Results ~500 Clients Target Control DNS DNS Server Server Build Profile • 50 queries • Over 4 hours • Variable scan rate Inject Queries 15 15

  27. Case I: Preliminary Results ~500 Clients Target Control DNS DNS Server Server Probe Server • 50 queries @Scan Rate • Over 4 hours • Variable scan rate Inject Queries 15 15

  28. Selected Results 1 Scan Rate Average Gay Rights Gambling Addiction Accuracy Racism in America Genetic Engineering 10 Mins 90% 0.9 30 Mins 85% 0.8 Achieved Accuracy 60 Mins 65% 0.7 0.6 0.5 0.4 0 10 20 30 40 50 60 70 80 90 Scan Rate (Minutes) 16 16

  29. Case II: Preliminary results ~500 Clients Cache Snaphot @5 mins Target DNS Server Collect Data Disk • 50 queries • Over 24 hours Inject Queries 17 17

  30. Case II: Preliminary results ~500 Clients Cache Snaphot @5 mins Target DNS Server Disk • 50 queries • Over 24 hours Inject Queries Reconstruct 17 17

  31. Snapshot of Results First Second Third Actual Query Guess Guess Guess gambling addiction gambling age addict Gambling Addiction Alcohol Withdrawal alcohol withdrawal alcoholics anonymous alcohol poisoning Syndrome symptoms Gun Control gunbroker guns for sale - racism america racism today racism facts Racism In America biological warfare weapons - Biological Weapons 18 18

  32. Limitations • Current profiles are non-adaptive, hence searches on “hot topics” will lead to high false negatives • Similarly, if majority of prefetched domains do not have identifiable keywords, search reconstruction will fail 19 19

  33. Summary • Wide-scale study required to fully gauge the effect of DNS prefetching (w.r.t. its privacy implications) • Effect on DNS server load remains unclear • Reduction of user-perceived latency at the cost of privacy • Primary focus is to foster discussion on the effects of DNS prefetching 20 20

  34. Questions 21 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Prefetching Implementations Recall Stream Buffer Diagram Sequential and stride prefetching

1 Prefetching Implementations Recall Stream Buffer Diagram Sequential and stride prefetching

Memory Wall 1000 Lecture 25: Advanced Data CPU Prefetching Techniques 100 Prefetching and data prefetching overview, Stride prefetching, 10 Markov prefetching, precomputation- DRAM based prefetching 1 1980 1981 1982 1983 1984 1985

298 views • 4 slides
Prefetching Hyperlinks Prefetching Methods Prefetching Uncacheable/Dynamic Data

Prefetching Hyperlinks Prefetching Methods Prefetching Uncacheable/Dynamic Data

Prefetching Hyperlinks Prefetching Methods Prefetching Uncacheable/Dynamic Data Effect on Network Load Prefetching and the Wireless World Wide Web Privacy Concerns Additional References February 22, 2000 1

436 views • 15 slides
COMP 590-154: Computer Architecture Prefetching Prefetching (1/3) Fetch block ahead of demand

COMP 590-154: Computer Architecture Prefetching Prefetching (1/3) Fetch block ahead of demand

COMP 590-154: Computer Architecture Prefetching Prefetching (1/3) Fetch block ahead of demand Target compulsory, capacity, (&amp; coherence) misses Why not conflict? Big challenges: Knowing what to fetch Fetching

540 views • 32 slides
Collective Prefetching for Parallel I/O Systems Yong Chen and Philip C. Roth Oak Ridge National

Collective Prefetching for Parallel I/O Systems Yong Chen and Philip C. Roth Oak Ridge National

Collective Prefetching for Parallel I/O Systems Yong Chen and Philip C. Roth Oak Ridge National Laboratory Outline I/O gap in high-performance computing I/O prefetching and limitation Collective prefetching design and implementation

469 views • 19 slides
ADVANTAGEOUS DISADVANTAGES HOW UNDESIRABLE THINGS CAN TURN INTO GOOD THINGS EDUCATION: DESIRABLE

ADVANTAGEOUS DISADVANTAGES HOW UNDESIRABLE THINGS CAN TURN INTO GOOD THINGS EDUCATION: DESIRABLE

ADVANTAGEOUS DISADVANTAGES HOW UNDESIRABLE THINGS CAN TURN INTO GOOD THINGS EDUCATION: DESIRABLE DIFFICULTY MAKING THINGS HARD ON YOURSELF BUSINESS: ADVANTAGEOUS DISADVANTAGES TURNING DISADVANTAGES INTO STRENGTHS WORLD: HAPPY ACCIDENTS UNDESIRED

356 views • 18 slides
Mickey Friedrich Campus Shepherd it seemed good to me also, having followed all things

Mickey Friedrich Campus Shepherd it seemed good to me also, having followed all things

Mickey Friedrich Campus Shepherd it seemed good to me also, having followed all things closely for some time past, to write an orderly account for you, most excellent Theophilus, that you may have certainty concerning the things you have

342 views • 11 slides
is Good Video Some things you already know, a few you may not have thought of, and a lot

is Good Video Some things you already know, a few you may not have thought of, and a lot

Not all Video is Good Video Some things you already know, a few you may not have thought of, and a lot presented without any expert authority. Anna Howard, Teaching Associate Professor, MAE Show of hands: Have you made videos before? A word

494 views • 31 slides
Graph Prefetching Using Data Structure Knowledge Sam Ainsworth and Timothy M. Jones Computer

Graph Prefetching Using Data Structure Knowledge Sam Ainsworth and Timothy M. Jones Computer

Graph Prefetching Using Data Structure Knowledge Sam Ainsworth and Timothy M. Jones Computer Laboratory Graph500 Search Performance Current Prefetching Techniques Stride Software Exploit Look-ahead! Work List Vertex List Edge List

430 views • 17 slides
Linux solution for prefetching necessary data during application and system startup Krzysztof

Linux solution for prefetching necessary data during application and system startup Krzysztof

Linux solution for prefetching necessary data during application and system startup Krzysztof Lichota lichota@mimuw.edu.pl What is prefetching and why it is needed? The problem In modern computers CPUs fast Memory fast

893 views • 53 slides
3 rd Data Prefetching Championship June 23 rd , 2019 Held in conjunction with ISCA 2019 Seth

3 rd Data Prefetching Championship June 23 rd , 2019 Held in conjunction with ISCA 2019 Seth

3 rd Data Prefetching Championship June 23 rd , 2019 Held in conjunction with ISCA 2019 Seth Pugsley (Intel Labs) and Michael Ferdman (Stony Brook University) Welcome The 3 rd Data Prefetching Championship History Many

347 views • 8 slides
The human heart is an idol factory that takes good things like a successful career, love,

The human heart is an idol factory that takes good things like a successful career, love,

The human heart is an idol factory that takes good things like a successful career, love, material possessions, even family, and turns them into ultimate things. Our hearts deify them as the center of our lives, because, we think, they can

239 views • 23 slides
WWW.TOTW.ORG By Kenneth M Hoeck Finally, brethren, whatsoever things are true, whatsoever things

WWW.TOTW.ORG By Kenneth M Hoeck Finally, brethren, whatsoever things are true, whatsoever things

WWW.TOTW.ORG By Kenneth M Hoeck Finally, brethren, whatsoever things are true, whatsoever things are honest, whatsoever things are just, whatsoever things are pure, whatsoever things are lovely, whatsoever things are of good report; if there be

1.16k views • 55 slides
GETTING STARTED WE WANT TO DRAW GOOD DATA GRAPHICS REPRODUCIBLY Abstraction in Software Less

GETTING STARTED WE WANT TO DRAW GOOD DATA GRAPHICS REPRODUCIBLY Abstraction in Software Less

GETTING STARTED WE WANT TO DRAW GOOD DATA GRAPHICS REPRODUCIBLY Abstraction in Software Less More Easy things are awkward Easy things are trivial Hard things are straightforward Hard things are really awkward Really hard things are

1.42k views • 112 slides
8 . Things you should avoid in your oral presentation: Here you will find some short but good tips

8 . Things you should avoid in your oral presentation: Here you will find some short but good tips

8 . Things you should avoid in your oral presentation: Here you will find some short but good tips about things you should avoid in the presentation. Link: http:/ / w w w .cs.w isc.edu/ ~ m arkhill/ conference- talk.htm l# badtalk How to

324 views • 3 slides
Using Private Land for the Public Good Paula Smith Dobbs Run Ranch Things we learned 4

Using Private Land for the Public Good Paula Smith Dobbs Run Ranch Things we learned 4

Using Private Land for the Public Good Paula Smith Dobbs Run Ranch Things we learned 4 endangered species noted Archeological interest Unfamiliar native plants Birds in the Texas Hill Country Things we learned 4 endangered

295 views • 26 slides
An unsophisticated cooperative approach to prefetching linked data structures Alexander Galazin

An unsophisticated cooperative approach to prefetching linked data structures Alexander Galazin

An unsophisticated cooperative approach to prefetching linked data structures Alexander Galazin Murad Neiman-zade JSC MCST, Moscow EPIC-8, April 24, 2010 An unsophisticated cooperative approach to prefetching linked data structures

962 views • 11 slides
Asynchronous programming (and more) with Qt5 and C++11 Dario Freddi, Ispirata Qt Developer Days

Asynchronous programming (and more) with Qt5 and C++11 Dario Freddi, Ispirata Qt Developer Days

Asynchronous programming (and more) with Qt5 and C++11 Dario Freddi, Ispirata Qt Developer Days 2013 Hello Hello Hello Hello Qt5 &lt;3 C++11 C++11 in 10 minutes A quick tour C++11 in 10 minutes Main Concepts C++11 in 10 minutes class

899 views • 71 slides
IN5550 Neural Methods in Natural Language Processing Attention! Vinit Ravishankar

IN5550 Neural Methods in Natural Language Processing Attention! Vinit Ravishankar

IN5550 Neural Methods in Natural Language Processing Attention! Vinit Ravishankar University of Oslo April 4, 2019 Coming up: Last Week Gated RNNs Structured predictions RNN applications Today Seq2seq Attention

588 views • 48 slides
Diagnostics &amp; Kernel Methods Visualized Ondej Bojar April 3, 2019 NPFL104 Machine

Diagnostics &amp; Kernel Methods Visualized Ondej Bojar April 3, 2019 NPFL104 Machine

Diagnostics &amp; Kernel Methods Visualized Ondej Bojar April 3, 2019 NPFL104 Machine Learning Methods Charles University Faculty of Mathematics and Physics Institute of Formal and Applied Linguistics unless otherwise stated Diagnostics

1.45k views • 113 slides
Usability testing on steroids How to get feedback from more people in less time Dr Nikiforos

Usability testing on steroids How to get feedback from more people in less time Dr Nikiforos

Usability testing on steroids How to get feedback from more people in less time Dr Nikiforos Karamanis Senior User Experience Designer European Bioinformatics Institute niki@ebi.ac.uk @technorasis What is usability testing? Traditional

893 views • 24 slides
MEPHEDRONE NOTE: THIS INFORMATION IS NOT INTENDED FOR UNIT LEVEL TRAINING Learning Objectives

MEPHEDRONE NOTE: THIS INFORMATION IS NOT INTENDED FOR UNIT LEVEL TRAINING Learning Objectives

MEPHEDRONE NOTE: THIS INFORMATION IS NOT INTENDED FOR UNIT LEVEL TRAINING Learning Objectives The learning objective for todays class is to provide educational awareness about Mephedrone The Unit Commander will become familiar with

336 views • 14 slides
Conflict of Interest I have no conflicts of interest to report Evaluation of Motivational

Conflict of Interest I have no conflicts of interest to report Evaluation of Motivational

APNA 29th Annual Conference Session 4026: October 31, 2015 Conflict of Interest I have no conflicts of interest to report Evaluation of Motivational This study was funded by private donors Interviewing in Adolescents to Ronald and Leanne

253 views • 7 slides
ADHD: ADHD: Differential Diagnosis and Treatment Differential Diagnosis and Treatment

ADHD: ADHD: Differential Diagnosis and Treatment Differential Diagnosis and Treatment

UNC- -CH School of Social Work CH School of Social Work UNC Clinical Lecture Series Clinical Lecture Series ADHD: ADHD: Differential Diagnosis and Treatment Differential Diagnosis and Treatment Strategies Across the Life Course Strategies

686 views • 36 slides
3/30/20 ADHD Medication Answers with Laurie Dupar, PMHNP, RN, PCC Nurse Practitioner, ADHD

3/30/20 ADHD Medication Answers with Laurie Dupar, PMHNP, RN, PCC Nurse Practitioner, ADHD

3/30/20 ADHD Medication Answers with Laurie Dupar, PMHNP, RN, PCC Nurse Practitioner, ADHD Life Coach &amp; Founder, International ADHD Coach Training Center iACTcenter.com The International ADHD Coach Training Center Class # 5: Cracking

426 views • 7 slides

More recommend