Privacy analysis of DNS resolver solutions J.H.C. van Heugten - - PowerPoint PPT Presentation

privacy analysis of dns resolver solutions
SMART_READER_LITE
LIVE PREVIEW

Privacy analysis of DNS resolver solutions J.H.C. van Heugten - - PowerPoint PPT Presentation

Aug 22, 2022 22 likes •167 views

Privacy analysis of DNS resolver solutions J.H.C. van Heugten University of Amsterdam MSc System and Network Engineering July 3, 2018 J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 1 / 14 Introduction Weve updated our privacy

slide-1
SLIDE 1

Privacy analysis of DNS resolver solutions

J.H.C. van Heugten

University of Amsterdam MSc System and Network Engineering

July 3, 2018

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 1 / 14

slide-2
SLIDE 2

Introduction

”We’ve updated our privacy policy”

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 2 / 14

slide-3
SLIDE 3

Introduction

Research question: How can modern techniques improve the privacy of DNS users? Regular DNS resolution The problem of DNS privacy Modern techniques to solve this Combine techniques for the best result

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 3 / 14

slide-4
SLIDE 4

DNS resolution 1/2

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 4 / 14

slide-5
SLIDE 5

DNS resolution 2/2

DNS server types

Stub resolver Recursive resolver Forwarding resolver Authoritative server

Recursive/forwarder locations

Local Remote ISP Public

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 5 / 14

slide-6
SLIDE 6

The problem of DNS privacy

Eavesdropping & MITM DNS data: QNAME QTYPE IP-addresses Responses Metadata (TTL, flags, etc.) EDNS(0) Client subnet Client ID DNSSEC

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 6 / 14

slide-7
SLIDE 7

Privacy techniques

DNS-over-TLS DNS-over-HTTPS DNSCrypt Oblivious DNS DNSCurve QNAME minimisation

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 7 / 14

slide-8
SLIDE 8

Privacy techniques

Query Name (QNAME) minimisation

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 8 / 14

slide-9
SLIDE 9

Privacy techniques

Coverage of techniques

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 9 / 14

slide-10
SLIDE 10

Combining techniques

Combining previous techniques and resolver types/locations together. Techniques not available to the user: Oblivious DNS DNSCurve Do not use the ISP’s resolver Regulation No support for techniques IP-address to user relation

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 10 / 14

slide-11
SLIDE 11

Combining techniques

Who do you trust with your data?

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 11 / 14

slide-12
SLIDE 12

Combining techniques

Decouple data over different servers And share the forwarding resolver with trusted friends...

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 12 / 14

slide-13
SLIDE 13

Conclusion

Conclusion Work done Importance of caching Recursive resolver selection (ECS, logging) Discussion & future work: TLS SNI DNS padding Overlay networks (Tor) Multiple public resolvers

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 13 / 14

slide-14
SLIDE 14

Acknowledgements

Supervisors Ralph Dolmans, NLnet Labs Martin Hoffmann, NLnet Labs

J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 14 / 14