oblivious dns practical privacy for dns queries
play

Oblivious DNS: Practical Privacy for DNS Queries Paul Schmitt - PowerPoint PPT Presentation

Nov 14, 2022 •259 likes •509 views

Oblivious DNS: Practical Privacy for DNS Queries Paul Schmitt (Princeton) Anne Edmundson (Princeton) Allison Mankin (Salesforce) Nick Feamster (Princeton) Conventional DNS 2 Root Server www.foo.com? 3 1 TLD Server Client Recursive DNS

  1. Oblivious DNS: Practical Privacy for DNS Queries Paul Schmitt (Princeton) Anne Edmundson (Princeton) Allison Mankin (Salesforce) Nick Feamster (Princeton)

  2. Conventional DNS 2 Root Server www.foo.com? 3 1 TLD Server Client Recursive DNS Server 4 Authoritative Server

  3. Conventional DNS www.google.com www.amazon.com Client identity and query ● www.bing.com are viewable at and prior to the recursive (ISP) 2 Root Server server 3 1 DNS operators can be ● targets of data requests TLD Server Client Recursive DNS 4 Server Authoritative Server

  4. Conventional DNS www.google.com www.amazon.com Services now offer open ● www.bing.com DNS resolvers with promise of deleting logs 2 Root Server Shifts trust to these ● 3 1 providers TLD Server Client Recursive DNS 4 Other techniques do not ● Server fully protect user privacy: DNS-over-TLS ○ DNS-over-HTTPS ○ Authoritative QNAME minimization ○ Server

  5. Oblivious DNS User queries NOT visible Goal: at recursive server Separate user identity Stub encrypts & formats ● domain with a session key from query 2 Root Server 1 3 Requirements: TLD Server Clients ODNS Stub Recursive 4 DNS Server Compatible with ● existing infrastructure ODNS Authoritative Server Minimize overhead ●

  6. Oblivious DNS User queries NOT visible Goal: at recursive server Separate user identity Stub encrypts & formats ● domain with a session key from query Root Server 2 Root Server 5 1 3 Requirements: 6 TLD Server TLD Server Clients ODNS Stub Recursive 4 DNS Server Compatible with ● 7 existing infrastructure ODNS Authoritative Server Authoritative Server Minimize overhead ● ODNS authoritative acts as a recursive resolver User identities NOT visible at ODNS Authoritative server

  7. ODNS Crypto Overhead ● Roughly ~1-2 ms for crypto operations using standard libraries ● Symmetric encryption/decryption is lightweight

  8. ODNS Crypto Overhead ● Roughly ~1-2 ms for crypto operations using standard libraries ● Symmetric encryption/decryption is lightweight

  9. ODNS WAN Latency ● Latency to ODNS Resolver added to each query ● Widespread anycast deployment to mitigate WAN latency

  10. Key Distribution Anycast for scalability ● Special query reaches the ● nearest anycast server Server responds with ● public key and name

  11. ODNS Overhead: Page Load Time

  12. ODNS Overhead: Page Load Time Different CDNs / javascript resources

  13. ODNS Overhead: Page Load Time How is ODNS better in some cases?

  14. ODNS Overhead: Page TTFB

  15. ODNS Overhead: Page TTFB Directed to CDNs that are closer

  16. Impact on Recursive Cache ● Simulated with trace of ~8M queries ● If caching at stub, ODNS reduces traffic burden on the recursive resolver

  17. Impact on Cache (2) ● Undesirable cache entries? ● Some resolvers ignore TTL = zero ● “Bad” == ODNS entry causing non-ODNS to be ejected

  18. Discussion ● Challenges: ○ EDNS0 Client Subnet ○ QNAME length ○ 0x20 bit encoding ● Policy-based routing

  19. Thank you Paul Schmitt pschmitt@cs.princeton.edu

  20. Backup slides

  21. Why Not Tor? ● Latency (median) ○ ODNS: 31.31 ms ○ Tor: 276.76 ms ● Censorship concerns ● Exit node can be associated with traffic

  22. Protocol Stub encrypts query with ● session key and session key with resolver public key Stub appends resolver ● name to encrypted query ODNS resolver decrypts ● session key with private key, query with session key, and encrypts response

  23. QNAME Length ● QNAME = 4 sets of 63 bytes ● base64 encoding ○ 0x20 bit encoding issue

  24. EDNS0 Client Subnet ● Must avoid some recursive resolvers

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards Practical Differential Privacy for SQL Queries Noah Johnson, Joseph P. Near, Dawn Song

Towards Practical Differential Privacy for SQL Queries Noah Johnson, Joseph P. Near, Dawn Song

Towards Practical Differential Privacy for SQL Queries Noah Johnson, Joseph P. Near, Dawn Song UC Berkeley Outline 1. Discovering real-world requirements 2. Elastic sensitivity & calculating sensitivity of SQL queries 3. Our experience:

570 views • 20 slides
Oblivious Mechanisms in Differential Privacy Experiments, Conjectures, and Open Questions

Oblivious Mechanisms in Differential Privacy Experiments, Conjectures, and Open Questions

Oblivious Mechanisms in Differential Privacy Experiments, Conjectures, and Open Questions Chien-Lun Chen Joint work with Ranjan Pal and Leana Golubchik 1 5/27/2016 Quantitative Evaluation & Design (QED) Research Group Privacy Issues in

438 views • 15 slides
A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S.

A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S.

Intro vORAM HIRB Results A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S. Roche Adam J. Aviv Seung Geol Choi Computer Science Department United States Naval Academy Annapolis, Maryland, USA

395 views • 37 slides
Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann , Christopher Piosecny University of Hamburg (Germany) 1 Agenda Missing Privacy in DNS Characteristics of DNS Traffic

559 views • 24 slides
Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search Ph.D. Dissertation Defense Zeeshan Pervez Department of Computer Engineering Kyung Hee University, Global Campus, Korea email:

650 views • 24 slides
Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30,

Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30,

Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30, 2015 Robert L. Rothman Principal, Privacy Associates International LLC Purpose What is Privacy? Historical Development What is privacy? 3

712 views • 25 slides
Privacy of Ideas in P2P Information Retrieval Queries Wolfgang Mller, Andreas Henrich

Privacy of Ideas in P2P Information Retrieval Queries Wolfgang Mller, Andreas Henrich

Privacy of Ideas in P2P Information Retrieval Queries Wolfgang Mller, Andreas Henrich Angewandte Informatik I Universitt Bayreuth wmueller@btn1x1.inf.uni-bayreuth.de Scenario: Personal Information Agent queries P2P net Peer-to-Peer

248 views • 7 slides
CS573 Data Privacy and Security Differential Privacy tabular data and range queries Li Xiong

CS573 Data Privacy and Security Differential Privacy tabular data and range queries Li Xiong

CS573 Data Privacy and Security Differential Privacy tabular data and range queries Li Xiong Outline Tabular data and histogram/range queries Algorithms for low dimensional data Algorithms for high dimensional data Example:

692 views • 57 slides
Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference

Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference

Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30, 2015 Keith A. Cheresko Principal, Privacy Associates International LLC Purpose Privacy is a complex, multifaceted topic. The purpose

281 views • 27 slides
Differential Privacy and Applications Marco Gaboardi Boston University Data Private

Differential Privacy and Applications Marco Gaboardi Boston University Data Private

Differential Privacy and Applications Marco Gaboardi Boston University Data Private Queries? Private Queries? medical correlation? y r e u q r e w s n a Private Queries? Does Joe have cancer? query a n s w e r

1.03k views • 84 slides
Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from powerful threats 2 3 Powerful Threats to User Privacy Organized Crime Nation-State Actors 4 Powerful Threats to User Privacy Gather

1.56k views • 104 slides
Queries in PSM The following rules apply to the use of queries: CS 235: 1. Queries

Queries in PSM The following rules apply to the use of queries: CS 235: 1. Queries

Queries in PSM The following rules apply to the use of queries: CS 235: 1. Queries returning a single value can be Introduction to Databases used in assignments 2. Queries returning a single tuple can be used Svetlozar Nestorov with

530 views • 4 slides
Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical Order-Revealing Encryption Nate Chenette ICERM conference on Encrypted Search June 12, 2019 Project Background Baffle Inc. https://baffle.io/

407 views • 23 slides
Algorithms in Bioinformatics: A Practical Introduction Database Search Biological databases

Algorithms in Bioinformatics: A Practical Introduction Database Search Biological databases

Algorithms in Bioinformatics: A Practical Introduction Database Search Biological databases Biological data is double in size every 15 or 16 months Increasing in number of queries: 40,000 queries per day Therefore, we need to have

1.05k views • 89 slides
Practical Approaches to Big Data Privacy Over Time Alexandra Wood Fellow, Berkman Klein Center

Practical Approaches to Big Data Privacy Over Time Alexandra Wood Fellow, Berkman Klein Center

Practical Approaches to Big Data Privacy Over Time Alexandra Wood Fellow, Berkman Klein Center for Internet & Society with Micah Altman, David OBrien, & Urs Gasser Presentation for the Brussels Privacy Symposium November 8, 2016

521 views • 15 slides
FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious

FUNCTIONALLY OBLIVIOUS (AND SUCCINCT) Edward Kmett BUILDING BETTER TOOLS Cache-Oblivious Algorithms Succinct Data Structures RAM MODEL Almost everything you do in Haskell assumes this model Good for ADTs, but not a realistic

673 views • 49 slides
Computing the Matrix Square Root in a Matrix Group Nick Higham Department of Mathematics The

Computing the Matrix Square Root in a Matrix Group Nick Higham Department of Mathematics The

Computing the Matrix Square Root in a Matrix Group Nick Higham Department of Mathematics The Victoria University of Manchester higham@ma.man.ac.uk http://www.ma.man.ac.uk/~higham/ Joint work with Niloufer Mackey, D. Steven Mackey, and

507 views • 25 slides
Chapter 8 Binary Search Trees Jakes Pizza Shop Owner Jake Manager Chef Carol

Chapter 8 Binary Search Trees Jakes Pizza Shop Owner Jake Manager Chef Carol

Chapter 8 Binary Search Trees Jakes Pizza Shop Owner Jake Manager Chef Carol Brad Waitress Waiter Cook Helper Joyce

957 views • 82 slides
Trees Trees Nonrecursive definition: An edge connects parent and child. A (rooted) tree

Trees Trees Nonrecursive definition: An edge connects parent and child. A (rooted) tree

CS206 CS206 Trees Trees Nonrecursive definition: An edge connects parent and child. A (rooted) tree consists of a set of nodes, and a set of directed A node without children is a leaf. edges between nodes. Nodes with the same parent are

282 views • 4 slides
Verified error b oun d s f or multipl e roots o f syst e ms o f nonlin ea r e qu a tions St ef Gr a

Verified error b oun d s f or multipl e roots o f syst e ms o f nonlin ea r e qu a tions St ef Gr a

Verified error b oun d s f or multipl e roots o f syst e ms o f nonlin ea r e qu a tions St ef Gr a ill a t LIP6/P E QU A N , Sor b onn e Univ e rsit s , UPM C Univ P a ris 06 , C NRS Joint work with Si e g f ri ed M. Rump Journ e s m tho de

745 views • 42 slides
Practical QML Burkhard Stubert Chief Engineer, Embedded Use www.embeddeduse.com Contents Key

Practical QML Burkhard Stubert Chief Engineer, Embedded Use www.embeddeduse.com Contents Key

Practical QML Burkhard Stubert Chief Engineer, Embedded Use www.embeddeduse.com Contents Key Navigation Dynamic Language Change Themes Key Navigation in Cars Navigation clusters for controlling in-vehicle infotainment systems Key

549 views • 38 slides
DNSSEC Training Course Training Services | RIPE NCC | March 2017 Schedule Coffee, Tea 09:00 -

DNSSEC Training Course Training Services | RIPE NCC | March 2017 Schedule Coffee, Tea 09:00 -

DNSSEC Training Course Training Services | RIPE NCC | March 2017 Schedule Coffee, Tea 09:00 - 09:30 Break 11:00 - 11:15 Lunch 13:00 - 14:00 Break 15:30 - 15:45 End 17:30 2 Introduction Name Number on the list Experience

2.06k views • 172 slides
Homework 1 Due Thursday Sept 16 CLRS 2.3-7 CLRS 2-2 Solve the following recurrence

Homework 1 Due Thursday Sept 16 CLRS 2.3-7 CLRS 2-2 Solve the following recurrence

Homework 1 Due Thursday Sept 16 CLRS 2.3-7 CLRS 2-2 Solve the following recurrence exactly: T(1) = 2, and for all n 2 a power of three, T ( n ) = 4 T ( n/ 3) + 3 n + 5. 1 Chapter 6: Heapsort A complete binary tree is a binary tree

692 views • 30 slides
Dental Technical Workgroup September 23, 2015 AGENDA Dental Technical Work Group Meeting and

Dental Technical Workgroup September 23, 2015 AGENDA Dental Technical Work Group Meeting and

Dental Technical Workgroup September 23, 2015 AGENDA Dental Technical Work Group Meeting and Webinar Wednesday September 23, 11:00 a.m. - 12:30 p.m. Agenda Items Suggested Time Welcome and Introductions 11:00-11:10 (10 min.) Family

717 views • 28 slides

More recommend