Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS

DNS over TLS (DoT) and DNS over HTTPS (DoH) encrypt DNS to guard user privacy by hiding DNS resolutions from passive adversaries. Yet, past attacks have shown that encrypted DNS is still sensitive to traffic analysis. As a consequence, RFC 8467 proposes to pad messages prior to encryption, which heavily reduces the characteristics of encrypted traffic. In this paper, we show that padding alone is insufficient to counter DNS traffic analysis. We propose a novel traffic analysis method that combines size and timing information to infer the websites a user visits purely based on encrypted and padded DNS traces. To this end, we model DNS sequences that capture the complexity of websites that usually trigger dozens of DNS resolutions instead of just a single DNS transaction. A closed world evaluation based on the Alexa top-10k websites reveals that attackers can deanonymize at least half of the test traces in 80.2% of all websites, and even correctly label all traces for 32.0% of the websites. Our findings undermine the privacy goals of state-of-the-art message padding strategies in DoT/DoH. We conclude by showing that successful mitigations to such attacks have to remove the entropy of inter-arrival timings between query responses.

[1]  Paul Vixie,et al.  Extension Mechanisms for DNS (EDNS0) , 1999, RFC.

[2]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[3]  Kai Wang,et al.  Website Fingerprinting Attack Method Based on DNS Resolution Sequence , 2018, Advances in Intelligent Systems and Computing.

[4]  Hannes Federrath,et al.  Evaluating the Security of a DNS Query Obfuscation Scheme for Private Web Surfing , 2014, SEC.

[5]  Tirumaleswar Reddy,et al.  DNS over Datagram Transport Layer Security (DTLS) , 2017, RFC.

[6]  Fred J. Damerau,et al.  A technique for computer detection and correction of spelling errors , 1964, CACM.

[7]  Scott Kitterman,et al.  Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1 , 2014, RFC.

[8]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[9]  Paul E. Hoffman,et al.  DNS Queries over HTTPS (DoH) , 2018, RFC.

[10]  Wes Hardaker,et al.  The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance , 2015, RFC.

[11]  Hannes Federrath,et al.  Behavior-based tracking: Exploiting characteristic patterns in DNS traffic , 2013, Comput. Secur..

[12]  Carmela Troncoso,et al.  DNS Privacy not so private: the traffic analysis perspective , 2018 .

[13]  Tao Wang,et al.  Effective Attacks and Provable Defenses for Website Fingerprinting , 2014, USENIX Security Symposium.

[14]  Haya Shulman Pretty Bad Privacy: Pitfalls of DNS Encryption , 2014, WPES.

[15]  Carmela Troncoso,et al.  Encrypted DNS -> Privacy? A Traffic Analysis Perspective , 2019, NDSS.

[16]  Pavel Celeda,et al.  HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting , 2016, EURASIP J. Inf. Secur..

[17]  Mohsen Imani,et al.  Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning , 2018, CCS.

[18]  Mike Perry,et al.  Toward an Efficient Website Fingerprinting Defense , 2015, ESORICS.

[19]  Wouter Joosen,et al.  Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation , 2018, NDSS.

[20]  Alexander Mayrhofer,et al.  Padding Policies for Extension Mechanisms for DNS (EDNS(0)) , 2018, RFC.

[21]  Klaus Wehrle,et al.  Website Fingerprinting at Internet Scale , 2016, NDSS.

[22]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[23]  Tao Wang,et al.  Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks , 2017, USENIX Security Symposium.

[24]  Alexander Mayrhofer,et al.  The EDNS(0) Padding Option , 2016, RFC.

[25]  George Danezis,et al.  k-fingerprinting: A Robust Scalable Website Fingerprinting Technique , 2015, USENIX Security Symposium.

[26]  Paul E. Hoffman,et al.  The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA , 2012, RFC.

[27]  Nick Feamster,et al.  The Effect of DNS on Tor's Anonymity , 2016, NDSS.

[28]  Chase Cotton,et al.  An investigation on information leakage of DNS over TLS , 2019, CoNEXT.

[29]  Michael Graff,et al.  Extension Mechanisms for DNS (EDNS(0)) , 2013, Request for Comments.

[30]  Christian Huitema,et al.  Specification of DNS over Dedicated QUIC Connections , 2019 .

[31]  Adrian Perrig,et al.  A Paged Domain Name System for Query Privacy , 2017, CANS.

[32]  Eric Rescorla,et al.  Encrypted Server Name Indication for TLS 1.3 , 2000 .

[33]  Murray S. Kucherawy,et al.  DomainKeys Identified Mail (DKIM) Signatures , 2011, RFC.

[34]  Paul E. Hoffman,et al.  Specification for DNS over Transport Layer Security (TLS) , 2016, RFC.

[35]  Vitaly Shmatikov,et al.  Beauty and the Burst: Remote Identification of Encrypted Video Streams , 2017, USENIX Security Symposium.

[36]  Kouichi Sakurai,et al.  Analysis of Privacy Disclosure in DNS Query , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[37]  Vladimir I. Levenshtein,et al.  Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[38]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[39]  Pavel Celeda,et al.  Network-Based HTTPS Client Identification Using SSL/TLS Fingerprinting , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[40]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[41]  Marius Kloft,et al.  Tracked Without a Trace: Linking Sessions of Users by Unsupervised Learning of Patterns in Their DNS Traffic , 2016, AISec@CCS.