There are a variety of mechanisms that can be used to plug these side channels, including:
message padding, query chaffing, query partitioning or splitting, and message interleaving.
Each of these techniques can increase the amount of entropy of a given query. Message buffering
can also be used to minimize information that is leaked through timing side channels.
Using query traces collected through DNS-OARC, we systematically study the efficacy of these
techniques against Shulman's attacks. We compare the privacy gains against the observed slowdown
induced by these privacy-preserving techniques.
Moreover, Shulman also showed that caching resolvers can be identified through timing side channel
attacks. We discuss several resolver techniques that can be used to deter these attacks
without introducing extra load on the authoritative name servers. Specifically, we study
randomized response delays to clients to mask the presence of caches. With
appropriately computed delays, resolver identification becomes difficult.
Finally, to complement query and resolver privacy, we also study client anonymity. In particular, we seek to
learn to what extent (cleartext) DNS query patterns can be linked to individual users.
Trivial linkability attacks mean that stub servers can learn information about individual
clients, even if encryption (without mutual authentication) is used to protect queries
in transit. Using both supervised and unsupervised machine learning algorithms,
we conducted linkability experiments in a scenario with only two users browsing the web
for a large amount of time (e.g., the course of an entire day). Our results indicate that
query patterns have no discernible impact on client anonymity.
We study three important security properties of the DNS: query privacy, resolver transparency, and client anonymity. In the presence of transport layer or per-record encryption, we find that deterring Shulman's privacy attacks negates many of the benefits of the DNS infrastructure such as caching and hierarchical, recursive resolution for reduced latency and system traffic. With respect to anonymity, we find that client behavior is not noticeably leaked by individual queries. This means that DNS clients do not need to modify individual queries to aid anonymity.
|Talk duration||30 Minutes|