dns privacy
play

DNS Privacy dnsprivacy.org Sara Dickinson Sinodun (Salesforce, - PowerPoint PPT Presentation

Aug 26, 2023 •150 likes •1.02k views

DNS Privacy dnsprivacy.org Sara Dickinson Sinodun (Salesforce, NLnet Foundation) sara@sinodun.com AFNIC JCSA Paris, France (July 2017) Overview The problem: Why Internet privacy and DNS Privacy are important (DNS

  1. DNS Privacy dnsprivacy.org Sara Dickinson Sinodun (Salesforce, NLnet Foundation) sara@sinodun.com AFNIC JCSA Paris, France (July 2017)

  2. Overview • The problem: Why Internet privacy and DNS Privacy are important (DNS leakage) • Recent Progress: Chart progress during last 3-4 years (DPRIVE) • Where are we now? Present current status and tools July 2017, Paris, France DNS Privacy @ AFNIC JCSA 2

  3. Internet Privacy Slides from: Daniel Kahn Gillmor (ACLU) July 2017, Paris, France DNS Privacy @ AFNIC JCSA 3

  4. Why does internet privacy matter? • Surveillance as social 
 control • Machine learning at scale 
 today means small number 
 of people controlling 
 network can perform 
 mass surveillance July 2017, Paris, France DNS Privacy @ AFNIC JCSA 4

  5. Behaviour changes (even when no-one is watching) July 2017, Paris, France DNS Privacy @ AFNIC JCSA 5

  6. DNS is part of the leaky boat problem July 2017, Paris, France DNS Privacy @ AFNIC JCSA 6

  7. DNS Privacy - A brief history July 2017, Paris, France DNS Privacy @ AFNIC JCSA 7

  8. 
 IETF Privacy activity March 2011 I-D: Privacy Considerations for Internet Protocols (IAB) Snowdon What timing! June 2013 revelations RFC6973: Privacy Considerations for Internet Protocols July 2013 RFC7258 : Pervasive Monitoring is an Attack: 
 “ PM is an attack on the privacy of Internet users May 2014 and organisations .” July 2017, Paris, France DNS Privacy @ AFNIC JCSA 8

  9. RFC 7258 “ PM is an attack on the privacy of Internet users and organisations .” “…that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible . “ July 2017, Paris, France DNS Privacy @ AFNIC JCSA 9

  10. DNS Privacy in 2013? • DNS is 30 year old! [RFC1034/5 (1987)] • Original design availability, redundancy and speed! • DNS is an ‘enabler’ • DNS standards: DNS sent in clear text -> NSA: ‘ MORECOWBELL ’ • UDP (99% of traffic to root) • TCP only for ‘fallback’ (pre 2010) • Perception: The DNS is public, right? It is not sensitive/personal information….it doesn’t need to be protected/encrypted 10 July 2017, Paris, France DNS Privacy @ AFNIC JCSA

  11. DNS Disclosure Example 1 datatracker.ietf.org Root Rec datatracker.ietf.org Auth datatracker.ietf.org for .org Auth for ietf.org datatracker.ietf.org July 2017, Paris, France DNS Privacy @ AFNIC JCSA 11

  12. DNS Disclosure Example 1 datatracker.ietf.org datatracker.ietf.org Leak information Root Rec datatracker.ietf.org Auth datatracker.ietf.org datatracker.ietf.org for .org Auth for ietf.org datatracker.ietf.org July 2017, Paris, France DNS Privacy @ AFNIC JCSA 11

  13. EDNS0 problem • RFC6891 : Extension Mechanisms for DNS (EDNS0) Intended to enhance DNS protocol capabilities • But…. mechanism enabled addition of end-user data into DNS queries (non-standard options) 12 July 2017, Paris, France DNS Privacy @ AFNIC JCSA

  14. EDNS0 problem • RFC6891 : Extension Mechanisms for DNS (EDNS0) Intended to enhance DNS protocol capabilities • But…. mechanism enabled addition of end-user data into DNS queries (non-standard options) ISP justification: Parental Filtering (per user) CDN justification: Faster content (geo location) 12 July 2017, Paris, France DNS Privacy @ AFNIC JCSA

  15. DNS Disclosure Example 2 Parental Filtering ietf.org ? [00:00:53:00:53:00] Auth Rec Stub CPE [User src address] MAC address or id in DNS query July 2017, Paris, France DNS Privacy @ AFNIC JCSA 13

  16. DNS Disclosure Example 2 Parental Filtering CDN Geo-location ietf.org ? ? ietf.org ? [00:00:53:00:53:00] [192.168.1] Auth Rec Stub CPE [User src address] Client Subnet (RFC7871) MAC address or id contains source subnet in DNS query in DNS query July 2017, Paris, France DNS Privacy @ AFNIC JCSA 13

  17. DNS Disclosure Example 2 Auth Rec Stub CPE Even behind a NAT, Even behind a recursive do do not have not have anonymity! anonymity! DNS Privacy Tutorial @ IETF 97 Nov 2016, Seoul 14

  18. DNS Disclosure Example 2 afnic.fr ? parisinfo.com ? dnsreactions.tumblr.com? Auth Rec Stub CPE Even behind a NAT, Even behind a recursive do do not have not have anonymity! anonymity! DNS Privacy Tutorial @ IETF 97 Nov 2016, Seoul 14

  19. DNS Disclosure Example 2 afnic.fr ? afnic.fr ? parisinfo.com ? parisinfo.com ? dnsreactions.tumblr.com? dnsreactions.tumblr.com? Auth Rec Stub CPE Even behind a NAT, Even behind a recursive do do not have not have anonymity! anonymity! DNS Privacy Tutorial @ IETF 97 Nov 2016, Seoul 14

  20. 
 DNS: It’s not just for names • MX records (email domain) • SRV records (services) • OPENPGPKEY (email addresses) • …this is only going to increase…. 
 July 2017, Paris, France DNS Privacy @ AFNIC JCSA 15

  21. 
 DNS: It’s not just for names • MX records (email domain) • SRV records (services) • OPENPGPKEY (email addresses) • …this is only going to increase…. 
 July 2017, Paris, France DNS Privacy @ AFNIC JCSA 15

  22. DNS Disclosure Example 3 • (AUTH) Who monitors or has access here ISP/ government/NSA/Passive DNS? • (AUTH) Does my ISP sell my (anonymous) data? • (UNAUTH) How safe is this data? Root Rec Auth for .org • When at home… • When in a coffee shop… July 2017, Paris, France DNS Privacy @ AFNIC JCSA 16

  23. DNS Disclosure Example 3 • (AUTH) Who monitors or has access here ISP/ Who monitors or has government/NSA/Passive DNS? access here? • (AUTH) Does my ISP sell my (anonymous) data? • (UNAUTH) How safe is this data? Root Rec Auth for .org • When at home… • When in a coffee shop… Who monitors or has access here? July 2017, Paris, France DNS Privacy @ AFNIC JCSA 16

  24. DNS - leakage • Basic problem is leakage of meta data • Allows fingerprinting and re-identification of individuals • Even without user meta data traffic analysis is possible based just on timings and cache snooping • Operators see (and log) your 
 DNS queries 
 DNS Privacy Tutorial @ IETF 97 17 Nov 2016, Seoul

  25. DNS - leakage • Basic problem is leakage of meta data • Allows fingerprinting and re-identification of individuals • Even without user meta data traffic analysis is possible based just on timings and cache snooping • Operators see (and log) your 
 DNS queries 
 DNS Privacy Tutorial @ IETF 97 17 Nov 2016, Seoul

  26. 
 
 DNS Risk Matrix In-Flight At Rest Risk Stub => Rec Rec => Auth At 
 At 
 Recursive Authoritative Passive Monitoring Active Monitoring Other Disclosure Risks e.g. Data breaches July 2017, Paris, France DNS Privacy @ AFNIC JCSA 18

  27. DPRIVE WG et al. July 2017, Paris, France DNS Privacy @ AFNIC JCSA 19

  28. 
 DPRIVE WG • DPRIVE WG create in 2014 
 Charter: Primary Focus is Stub to recursive Why not tackle whole problem? • • Don’t boil the ocean, stepwise solution • Stub to Rec reveals most information • Rec to Auth is a particularly hard problem July 2017, Paris, France DNS Privacy @ AFNIC JCSA 20

  29. DNS Privacy problem Relationship: Root 1 to ‘a few’ some of whom are know (ISP) Relationship: 1 to many most of whom are not known Rec => Authentication is hard Auth for .org July 2017, Paris, France DNS Privacy @ AFNIC JCSA 21

  30. Problem statement: RFC 7626 DNS Privacy Considerations: 
 Expert coverage of risks throughout DNS ecosystem • Rebuts “alleged public nature of DNS data” • The data may be public, but a DNS 
 ‘ transaction ’ is not/should not be. “A typical example from outside the DNS world is: the web site of Alcoholics Anonymous is public; the fact that you visit it should not be.” July 2017, Paris, France DNS Privacy @ AFNIC JCSA 22

  31. Stub/Rec Encryption Options Pros Cons • Port 53 • Downgrade attack on negotiation • Known technique • Port 53 - middleboxes blocking? STARTTLS • Incrementation deployment • Latency from negotiation • New DNS port 
 TLS • New port assignment (no interference with port 53) • Scalability? (new port) • Existing implementations • Truncation of DNS messages • UDP based DTLS (just like UDP) • Not as widely used/ ➡ Fallback to TLS or clear text (new port) deployed ❌ Can’t be standalone solution July 2017, Paris, France DNS Privacy @ AFNIC JCSA 23

  32. Stub/Rec Encryption Options Pros Cons • Port 53 • Downgrade attack on negotiation • Known technique • Port 53 - middleboxes blocking? STARTTLS • Incrementation deployment • Latency from negotiation • New DNS port 
 TLS • New port assignment (no interference with port 53) • Scalability? (new port) • Existing implementations • Truncation of DNS messages • UDP based DTLS (just like UDP) • Not as widely used/ ➡ Fallback to TLS or clear text (new port) deployed ❌ Can’t be standalone solution July 2017, Paris, France DNS Privacy @ AFNIC JCSA 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire (Image from geekologie.com) Relevant to corporations & government agencies Recently increased awareness However, general public

171 views • 16 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
WELCOME Governors Advisory Council on Veterans Services AUGUST 19, 2020 Please ensure all

WELCOME Governors Advisory Council on Veterans Services AUGUST 19, 2020 Please ensure all

WELCOME Governors Advisory Council on Veterans Services AUGUST 19, 2020 Please ensure all microphones remain muted. --We will begin shortly-- > community > commonwealth > country COMMITTEE UPDATES > community >

911 views • 70 slides
DNS Privacy dnsprivacy.org Sara Dickinson Sinodun sara@sinodun.com RMLL, Saint-tienne, France

DNS Privacy dnsprivacy.org Sara Dickinson Sinodun sara@sinodun.com RMLL, Saint-tienne, France

DNS Privacy dnsprivacy.org Sara Dickinson Sinodun sara@sinodun.com RMLL, Saint-tienne, France July 2017 Overview The problem: Why Internet privacy and DNS Privacy are

1.06k views • 63 slides
Privacy and Quaero's Quest for the Perfect Search Engine: Threats and Opportunities Michael

Privacy and Quaero's Quest for the Perfect Search Engine: Threats and Opportunities Michael

Privacy and Quaero's Quest for the Perfect Search Engine: Threats and Opportunities Michael Zimmer, PhD Fellow, Information Society Project Yale Law School Privacy and Quaero's Quest for the Perfect Search Engine: Threats and Opportunities

643 views • 27 slides
DNS Privacy EDU Tutorial dnsprivacy.org Sara Dickinson Sinodun sara@sinodun.com IETF 99

DNS Privacy EDU Tutorial dnsprivacy.org Sara Dickinson Sinodun sara@sinodun.com IETF 99

DNS Privacy EDU Tutorial dnsprivacy.org Sara Dickinson Sinodun sara@sinodun.com IETF 99 Prague, July 2017 Overview The problem: Why Internet privacy and DNS Privacy are important (DNS

916 views • 89 slides
Thank you for joining us! The webinar will begin promptly at 10 am PT. Feel free to introduce

Thank you for joining us! The webinar will begin promptly at 10 am PT. Feel free to introduce

Thank you for joining us! The webinar will begin promptly at 10 am PT. Feel free to introduce yourself in the chat window! Changing Developmental Math from a Gatekeeper to a Bridge: The Promise of New Math Pathways Wednesday, May 18, 2016

867 views • 40 slides
CS400 Problem Seminar Fall 2000 Assignment 3: Distributed Calendar Management Handed out:

CS400 Problem Seminar Fall 2000 Assignment 3: Distributed Calendar Management Handed out:

CS400 Problem Seminar Fall 2000 Assignment 3: Distributed Calendar Management Handed out: Sept. 29, 2000 Due: Oct. 13, 2000 TA: Luke Deqing Chen ( lukechen@cs ) 1 Introduction This fortnights assignment is mainly in systems,

388 views • 14 slides
Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth

Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth

Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth University, Ireland Overview Outline Overview What is data privacy? Why is it necessary and why it is challenging/difficult? Some definitions

2.02k views • 188 slides
TO ACT OR BE ACTED UPON - Aligning with Principles Overview Recap Motivation

TO ACT OR BE ACTED UPON - Aligning with Principles Overview Recap Motivation

Presented By: Ankur Sharma (EE) Tamal Das (CSE) Slides By: Nishant Khadria (Siemens, Germany) TO ACT OR BE ACTED UPON - Aligning with Principles Overview Recap Motivation Principles of personal vision Freedom to choose

828 views • 39 slides

More recommend