ОГЛЯД ПИТАННЯ БЕЗПЕЧНОГО ДОСТУПУ ДО РЕСУРСІВ СИСТЕМИ ДОМЕННИХ ІМЕН
DOI:
https://doi.org/10.31649/1999-9941-2024-59-1-40-53Ключові слова:
Хост, Машинне Навчання, інкапсуляція, рекурсивний ресолвер, класифікатори трафіку, Система Доменних ІменАнотація
Анотація. Система доменних імен (DNS) виконує перетворення IP-адреси сервера у доменне ім'я, що дозволяє користувачам отримувати доступ до ресурсів без необхідності запам'ятовувати їх IP-адреси. Цей протокол є невід’ємною частиною сучасного Інтернету. Однак, усі комунікації між клієнтом та сервером відбуваються по незашифрованому каналі, що робить їх вразливими до різних атак, таких як: Spoofing, Eavesdropping, Phishing та інших. Для подолання даної проблеми було розроблено протоколи DNSSEC (DNS Secure), DoT (DNS over TLS) та DNS over HTTPS (DoH). Серед них останній, DoH, найкраще справляється із забезпеченням безпеки DNS-даних. DoH шифрує DNS-трафік між клієнтом та сервером та забезпечує конфіденційність та цілісність даних. Однак це призводить до проблеми у правильному визначенні DoH-трафіку. В даній статті будуть описані засоби дослідження виявлення та аналізу небезпечного DNS-трафіку, що базуються на основі аналізаторів трафіку та методу ML. Запропоную комбіновану методику для подолання загроз та подані порівняльні характеристики протоколів безпеки DNS. Таким чином існує необхідність у застосуванні гібридного методу дослідження шкідливого DNS-трафіку, що базується на комплексному використанні аналізаторів трафіку, машинного навчання та людського досвіду для отримання статистичних даних. Тому ця область досліджень є важливою а також малодослідженою в аспекті безпеки доменних структур. Ціллю даного дослідження є продовження розвитку та вивчення технології DNS за допомогою протоколів шифрування та ідентифікації, а також аналізу шкідливого трафіку з використанням алгоритмів машинного навчання.
Посилання
Трояновська Т. І. Інформаційна технологія доставки контенту у системах комп’ютеризованої підготовки спеціалістів. // Гороховський О. І., Трояновська Т. І., Азаров О. Д. Монографія. Вінниця : ВНТУ, 2016.–160 с.
Комп'ютерні мережі: навч. посібник / Т. І. Коробейнікова, С. М. Захарченко. – Львів: Видавництво Львівської політехніки, 2022. – 228 с.
Технології захисту локальних мереж на основі обладнання CISCO : навч. посібник / Т. І. Коробейнікова, С. М. Захарченко. – Львів: Видавництво Львівської політехніки, 2021. – 188 с.
Трояновська Т. І. Побудова захищених мереж на базі обладнання компанії Cisco. // Захарченко С.М., Трояновська Т. І., Бойко О.В. Навчальний посібник. Вінниця : ВНТУ, 2017. – 133 с.
Комп’ютерні мережі / О. Д. Азаров, С. М. Захарченко, О. В. Кадук, М. М. Орлова, В. П. Тарасенко // Навч. посібник. – Вінниця: ВНТУ, 2013./МОНУ (Лист №1/11 – 8260 від 15.05 2013 р.) - 500 с.
Abu Al-Haija, Q.; Alohaly,M.; Odeh, A. A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach.Sensors 2023, 23, 3489. https://doi.org/10.3390/s23073489.
Коробейнікова Т.І. Інформаційна технологія безпечного доступу до ресурсів DNS на базі ML-тренованих моделей ідентифікації трафіку / Коробейнікова Т.І., Федчук Т. Б. // International periodical scientific journal «SWorldJournal» – 2023. – № 21 (part 1) (September, 2023). – С. 80–91. ISSN: 2663-5712. DOI:10.30888/2663-5712.2023-21-01.
Karel Hynek, Dmyto Vekshin, Jan Luxemburk, Tomas Cejka, Armin Wasicek, “Summary of DNS over HTTPS Abuse”, volume 4, 2016.
Jose, G.-L.; Mary, K.S.; Carol, A.W. Internet Protocol Handbook. In The Domain Name System (DNS) Handbook; DTIC: Fort Belvoir, VA, USA, 1989; Volume 4.
Paul, M. Domain Names–Implementation and Specification; Internet Engineering Task Force; ISI: Marina del Rey, CA, USA, 1987.
Park, J.; Khormali, A.; Mohaisen, M.; Mohaisen, A. Where are you taking me? Behavioral analysis of open DNS resolvers. In Proceedings of the 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, OR, USA, 24–27 June 2019; pp. 493–504.
Cheng, Y.; Liu, Y.; Li, C.; Zhang, Z.; Li, N.; Du, Y. In-Depth Evaluation of the Impact of National-Level DNS Filtering on DNS Resolvers over Space and Time. Electronics 2022, 11, 1276.
Mauro Conti, Nicola Dragoni, and Viktor Lesyk, "A Survey of Man In The Middle Attacks," IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2027 - 2051, March 2016.
Pavur, J.; Moser, D.; Lenders, V.; Martinovic, I. Secrets in the sky: On privacy and infrastructure security in dvb-s satellite broadband. In Proceedings of the 12th Conference on Security and Privacy inWireless and Mobile Networks, Miami, FL, USA, 15–17 May 2019; pp. 277–284.
Ben Wolford, “What is GDPR, the EU’s new data protection law?” https://gdpr.eu/what-is-gdpr.
Böttger, T.; Cuadrado, F.; Antichi, G.; Fernandes, E.L.; Tyson, G.; Castro, I.; Uhlig, S. An Empirical Study of the Cost of DNSover-HTTPS. In Proceedings of the Internet Measurement Conference, Amsterdam, The Netherlands, 21–23 October 2019; pp. 15–21.
Romain Founchereau, “Securing Anywhere Networking. DNS Security for Business Continuity and Resilence”. June 2022.
Romain, F. DNS Security for Business Continuity and Resilience; IDC: Needham, MA, USA, 2022.
DNS Over HTTPS Traffic Analysis and Detection. Carlos López Romera, Carlos Hernández Gañán,Víctor García Font 2nd June, 2020.
Hu, Z.; Zhu, L.; Heidemann, J.; Mankin, A.;Wessels, D.; Hoffman, P.E. Specification for DNS over Transport Layer Security (TLS); Internet Engineering Task Force: Fremont, CA, USA, 2016.
Hoffman, P.E.; McManus, P. DNS Queries over HTTPS (DoH); Internet Engineering Task Force: Fremont, CA, USA, 2018.
K. Borgolte, T. Chattopadhyay, N. Feamster, M. Kshirsagar, J. Holland, A. Hounsel, and P. Schmitt, “How DNS over HTTPS is Reshaping Privacy, Performance, and Policy in the Internet Ecosystem,” Performance, and Policy in the Internet Ecosystem (July 27, 2019), 2019.
Albulayhi, K.; Smadi, A.A.; Sheldon, F.T.; Abercrombie, R.K. IoT Intrusion Detection Taxonomy, Reference Architecture, and Analyses. Sensors 2021, 21, 6432. [CrossRef] [PubMed]
P. E. Hoffman and P. McManus, “DNS Queries over HTTPS (DoH),” RFC 8484, Tech. Rep. 8484, Oct. 2018. P. Mockapetris, “Domain names - implementation and specification,”RFC 1035 (Internet Standard), RFC Editor, pp. 1–55. [Online]. Available:https://www:rfc-editor:org/rfc/rfc1035:txt
E. Brumaghin and C. Grady, “Covert channels and poor decisions:The tale of dnsmessenger,” Mar 2017. [Online]. Available: https:/blog:talosintelligence:com/2017/03/dnsmessenger:html
C. Cimpanu, “Here’s how to enable DoH in each browser, ISPs be damned,” Dec 2020, https://www.zdnet.com/article/dns-over-https-willeventually-roll-out-in-all-major-browsers-despite-isp-opposition/.P. E. Hoffman, “Representing DNS Messages in JSON,” RFC 8427. [Online]. Available: https://rfc-editor:org/rfc/rfc8427:txt
S. García, K. Hynek, D. Vekshin, T. Cejka, and A. Wasicek, “Large scale measurement on the adoption of encrypted DNS,” CoRR, vol. abs/2107.04436, 2021. [Online]. Available: https://arxiv:org/abs/2107:04436
DNS Over HTTPS Traffic Analysis and Detection. Carlos López Romera, Carlos Hernández Gañán,Víctor García Font 2nd June, 2020.
Rebekah Houser, Zhou Li, Chase Cotton, and Haining Wang, "An Investigation on Information Leakage of DNS over TLS," in CoNEXT '19: Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies, 2019.
Bushart Jonas and Christian Rossow, "Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS," CoRR, vol. abs/1907.01317, July 2019.
Marc Juarez, Sandra Siby, Claudia Díaz, Vallina-Rodriguez Narseo, and Carmela Troncoso, "Encrypted DNS --> Privacy? A Traffic Analysis Perspective," in NDSS Symposium, 2020.
K. Bumanglag and H. Kettani, “On the Impact of DNS Over HTTPS Paradigm on Cyber Systems,” in 2020 3rd International Conference on Information and Computer Technologies (ICICT), 2020, pp. 494–499.
K. Hynek and T. Cejka, “Privacy Illusion: Beware of Unpadded DoH,” in 2020 11th IEEE Information Technology, Electronic and Mobile Communication conference (IEMCON), 2020.
P. McManus, Aug 2018. [Online]. Available: https://blog:nightly:mozilla:org/2018/08/28/firefox-nightly-securedns-experimental-results.
T. Böttger, F. Cuadrado, G. Antichi, E. L. a. Fernandes, G. Tyson, I. Castro, and S. Uhlig, “An Empirical Study of the Cost of DNS-over-HTTPS,” in Proceedings of the Internet Measurement Conference, ser. IMC ’19. New York, NY, USA: Association for Computing Machinery, 2019, p.15–21. [Online]. Available: https://doi:org/10:1145/3355369:3355575
A. Hounsel, K. Borgolte, P. Schmitt, J. Holland, and N. Feamster, Comparing the Effects of DNS, DoT, and DoH on Web Performance. New York, NY, USA: Association for Computing Machinery, 2020, p.562–572. [Online]. Available: https://doi:org/10:1145/3366423:3380139
A. Hounsel, P. Schmitt, K. Borgolte, and N. Feamster, “Can Encrypted DNS Be Fast?” in Passive and Active Measurement, O. Hohlfeld, A. Lutu, and D. Levin, Eds. Cham: Springer International Publishing, 2021, pp.444–459
R. Chhabra, P. Murley, D. Kumar, M. Bailey, and G. Wang, “Measuring DNS-over-HTTPS Performance around the World,” in Proceedings of the 21st ACM Internet Measurement Conference, ser. IMC ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 351–365. [Online]. Available: https://doi:org/10:1145/3487552:3487849.
E. S. Mbewe and J. Chavula, “On QoE Impact of DoH and DoT in Africa: Why a User’s DNS Choice Matters,” in Towards new e-Infrastructure and e-Services for Developing Countries, R. Zitouni, A. Phokeer, J. Chavula, A. Elmokashfi, A. Gueye, and N. Benamar, Eds. Cham: Springer International Publishing, 2021, pp. 289–304.
K. Jerabek, O. Rysavy, and I. Burgetova, “Measurement and characterization of DNS over HTTPS traffic,” 2022. [Online]. Available:https://arxiv:org/abs/2204:03975.
Mbewe, Enock & Chavula, Josiah. (2021). On QoE Impact of DoH and DoT in Africa: Why a User’s DNS Choice Matters. 10.1007/978-3-030-70572-5_18.
S. García, K. Hynek, D. Vekshin, T. Cejka, and A. Wasicek, “Large scale measurement on the adoption of encrypted DNS,” CoRR, vol. abs/2107.04436, 2021. [Online]. Available: https://arxiv:org/abs/2107:04436.
C. Deccio and J. Davis, “DNS Privacy in Practice and Preparation,” in Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies, ser. CoNEXT ’19. New York, NY, USA: Association for Computing Machinery, 2019, p. 138–143.
T. Jensen, “Windows Insiders can now test DNS over HTTPS,” May 2020. [Online]. Available: https://techcommunity:microsoft:com/t5/networkingblog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282.
S. Siby, M. Juarez, C. Diaz, N. Vallina-Rodriguez, and C. Troncoso, “Encrypted DNS –> Privacy? A Traffic Analysis Perspective,” Dec 2020.
J. Bushart and C. Rossow, “Padding ain’t enough: Assessing the privacy guarantees of encrypted dns,” arXiv preprint arXiv:1907.01317, 2019.
Q. Huang, D. Chang, and Z. Li, “A Comprehensive Study of DNS-over-HTTPS Downgrade Attack,” in 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20), 2020.
S. Dickinson, D. K. Gillmor, and T. Reddy.K, “Usage Profiles for DNS over TLS and DNS over DTLS,” RFC 8310, Mar. 2018. [Online]. Available: https://www:rfc-editor:org/info/rfc8310.
H. Shulman, “Pretty bad privacy: Pitfalls of DNS encryption,” in Proceedings of the 13th Workshop on Privacy in the Electronic Society, 2014, pp.191–200.
S. Singanamalla, S. Chunhapanya, M. Vavrusa, T. Verma, P. Wu, M. Fayed, K. Heimerl, N. Sullivan, and C. A. Wood, “Oblivious DNS over HTTPS (odoh): A practical privacy enhancement to DNS,” CoRR, vol. abs/2011.10121, 2020. [Online]. Available: https://arxiv:org/abs/2011:10121.
A. Fidler, B. Hubert, J. Livingood, J. Reid, and N. Leymann, “DNS over HTTPS (DoH) Considerations for Operator Networks,” Internet Engineering Task Force, Internet-Draft draft-reid-doh-operator-00, Mar. 2019, work in Progress. [Online]. Available: https://datatracker:ietf:org/doc/html/draft-reid-doh-operator-00.
References
Troyanovsʹka T. I. Informatsiyna tekhnolohiya dostavky kontentu u systemakh kompʺyuteryzovanoyi pidhotovky spetsialistiv. // Horokhovsʹkyy O. I., Troyanovsʹka T. I., Azarov O. D. Monohrafiya. Vinnytsya : VNTU, 2016.–160 s.
Komp'yuterni merezhi: navch. posibnyk / T. I. Korobey̆nikova, S. M. Zakharchenko. – Lʹviv: Vydavnytstvo Lʹvivsʹkoï politekhniky, 2022. – 228 s.
Tekhnolohiï zakhystu lokalʹnykh merezh na osnovi obladnannya CISCO : navch. posibnyk / T. I. Korobey̆nikova, S. M. Zakharchenko. – Lʹviv: Vydavnytstvo Lʹvivsʹkoï politekhniky, 2021. – 188 s.
Troyanovsʹka T. I. Pobudova zakhyshchenykh merezh na bazi obladnannya kompaniyi Cisco. // Zakharchenko S.M., Troyanovsʹka T. I., Boyko O.V. Navchalʹnyy posibnyk. Vinnytsya : VNTU, 2017. – 133 s.
Kompʺyuterni merezhi / O. D. Azarov, S. M. Zakharchenko, O. V. Kaduk, M. M. Orlova, V. P. Tarasenko // Navch. posibnyk. – Vinnytsya: VNTU, 2013./MONU (Lyst №1/11 – 8260 vid 15.05 2013 r.) - 500 s.
Abu Al-Haija, Q.; Alohaly,M.; Odeh, A. A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach.Sensors 2023, 23, 3489. https://doi.org/10.3390/s23073489.
Korobeynikova T.I. Informatsiyna tekhnolohiya bezpechnoho dostupu do resursiv DNS na bazi ML-trenovanykh modeley identyfikatsiyi trafiku / Korobeynikova T.I., Fedchuk T. B. // International periodical scientific journal «SWorldJournal» – 2023. – № 21 (part 1) (September, 2023). – S. 80–91. ISSN: 2663-5712. DOI:10.30888/2663-5712.2023-21-01.
Karel Hynek, Dmyto Vekshin, Jan Luxemburk, Tomas Cejka, Armin Wasicek, “Summary of DNS over HTTPS Abuse”, volume 4, 2016.
Jose, G.-L.; Mary, K.S.; Carol, A.W. Internet Protocol Handbook. In The Domain Name System (DNS) Handbook; DTIC: Fort Belvoir, VA, USA, 1989; Volume 4.
Paul, M. Domain Names–Implementation and Specification; Internet Engineering Task Force; ISI: Marina del Rey, CA, USA, 1987.
Park, J.; Khormali, A.; Mohaisen, M.; Mohaisen, A. Where are you taking me? Behavioral analysis of open DNS resolvers. In Proceedings of the 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, OR, USA, 24–27 June 2019; pp. 493–504.
Cheng, Y.; Liu, Y.; Li, C.; Zhang, Z.; Li, N.; Du, Y. In-Depth Evaluation of the Impact of National-Level DNS Filtering on DNS Resolvers over Space and Time. Electronics 2022, 11, 1276.
Mauro Conti, Nicola Dragoni, and Viktor Lesyk, "A Survey of Man In The Middle Attacks," IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2027 - 2051, March 2016.
Pavur, J.; Moser, D.; Lenders, V.; Martinovic, I. Secrets in the sky: On privacy and infrastructure security in dvb-s satellite broadband. In Proceedings of the 12th Conference on Security and Privacy inWireless and Mobile Networks, Miami, FL, USA, 15–17 May 2019; pp. 277–284.
Ben Wolford, “What is GDPR, the EUʺs new data protection law?” https://gdpr.eu/what-is-gdpr.
Böttger, T.; Cuadrado, F.; Antichi, G.; Fernandes, E.L.; Tyson, G.; Castro, I.; Uhlig, S. An Empirical Study of the Cost of DNSover-HTTPS. In Proceedings of the Internet Measurement Conference, Amsterdam, The Netherlands, 21–23 October 2019; pp. 15–21.
Romain Founchereau, “Securing Anywhere Networking. DNS Security for Business Continuity and Resilence”. June 2022.
Romain, F. DNS Security for Business Continuity and Resilience; IDC: Needham, MA, USA, 2022.
DNS Over HTTPS Traffic Analysis and Detection. Carlos López Romera, Carlos Hernández Gañán,Víctor García Font 2nd June, 2020.
Hu, Z.; Zhu, L.; Heidemann, J.; Mankin, A.;Wessels, D.; Hoffman, P.E. Specification for DNS over Transport Layer Security (TLS); Internet Engineering Task Force: Fremont, CA, USA, 2016.
Hoffman, P.E.; McManus, P. DNS Queries over HTTPS (DoH); Internet Engineering Task Force: Fremont, CA, USA, 2018.
K. Borgolte, T. Chattopadhyay, N. Feamster, M. Kshirsagar, J. Holland, A. Hounsel, and P. Schmitt, “How DNS over HTTPS is Reshaping Privacy, Performance, and Policy in the Internet Ecosystem,” Performance, and Policy in the Internet Ecosystem (July 27, 2019), 2019.
Albulayhi, K.; Smadi, A.A.; Sheldon, F.T.; Abercrombie, R.K. IoT Intrusion Detection Taxonomy, Reference Architecture, and Analyses. Sensors 2021, 21, 6432. [CrossRef] [PubMed]
P. E. Hoffman and P. McManus, “DNS Queries over HTTPS (DoH),” RFC 8484, Tech. Rep. 8484, Oct. 2018. P. Mockapetris, “Domain names - implementation and specification,”RFC 1035 (Internet Standard), RFC Editor, pp. 1–55. [Online]. Available:https://www:rfc-editor:org/rfc/rfc1035:txt
E. Brumaghin and C. Grady, “Covert channels and poor decisions:The tale of dnsmessenger,” Mar 2017. [Online]. Available: https:/blog:talosintelligence:com/2017/03/dnsmessenger:html
C. Cimpanu, “Hereʺs how to enable DoH in each browser, ISPs be damned,” Dec 2020, https://www.zdnet.com/article/dns-over-https-willeventually-roll-out-in-all-major-browsers-despite-isp-opposition/.P. E. Hoffman, “Representing DNS Messages in JSON,” RFC 8427. [Online]. Available: https://rfc-editor:org/rfc/rfc8427:txt
S. García, K. Hynek, D. Vekshin, T. Cejka, and A. Wasicek, “Large scale measurement on the adoption of encrypted DNS,” CoRR, vol. abs/2107.04436, 2021. [Online]. Available: https://arxiv:org/abs/2107:04436
DNS Over HTTPS Traffic Analysis and Detection. Carlos López Romera, Carlos Hernández Gañán,Víctor García Font 2nd June, 2020.
Rebekah Houser, Zhou Li, Chase Cotton, and Haining Wang, "An Investigation on Information Leakage of DNS over TLS," in CoNEXT '19: Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies, 2019.
Bushart Jonas and Christian Rossow, "Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS," CoRR, vol. abs/1907.01317, July 2019.
Marc Juarez, Sandra Siby, Claudia Díaz, Vallina-Rodriguez Narseo, and Carmela Troncoso, "Encrypted DNS --> Privacy? A Traffic Analysis Perspective," in NDSS Symposium, 2020.
K. Bumanglag and H. Kettani, “On the Impact of DNS Over HTTPS Paradigm on Cyber Systems,” in 2020 3rd International Conference on Information and Computer Technologies (ICICT), 2020, pp. 494–499.
K. Hynek and T. Cejka, “Privacy Illusion: Beware of Unpadded DoH,” in 2020 11th IEEE Information Technology, Electronic and Mobile Communication conference (IEMCON), 2020.
P. McManus, Aug 2018. [Online]. Available: https://blog:nightly:mozilla:org/2018/08/28/firefox-nightly-securedns-experimental-results.
T. Böttger, F. Cuadrado, G. Antichi, E. L. a. Fernandes, G. Tyson, I. Castro, and S. Uhlig, “An Empirical Study of the Cost of DNS-over-HTTPS,” in Proceedings of the Internet Measurement Conference, ser. IMC ’19. New York, NY, USA: Association for Computing Machinery, 2019, p.15–21. [Online]. Available: https://doi:org/10:1145/3355369:3355575
Hounsel, K. Borgolte, P. Schmitt, J. Holland, and N. Feamster, Comparing the Effects of DNS, DoT, and DoH on Web Performance. New York, NY, USA: Association for Computing Machinery, 2020, p.562–572. [Online]. Available: https://doi:org/10:1145/3366423:3380139
Hounsel, P. Schmitt, K. Borgolte, and N. Feamster, “Can Encrypted DNS Be Fast?” in Passive and Active Measurement, O. Hohlfeld, A. Lutu, and D. Levin, Eds. Cham: Springer International Publishing, 2021, pp.444–459
R. Chhabra, P. Murley, D. Kumar, M. Bailey, and G. Wang, “Measuring DNS-over-HTTPS Performance around the World,” in Proceedings of the 21st ACM Internet Measurement Conference, ser. IMC ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 351–365. [Online]. Available: https://doi:org/10:1145/3487552:3487849.
E. S. Mbewe and J. Chavula, “On QoE Impact of DoH and DoT in Africa: Why a User’s DNS Choice Matters,” in Towards new e-Infrastructure and e-Services for Developing Countries, R. Zitouni, A. Phokeer, J. Chavula, A. Elmokashfi, A. Gueye, and N. Benamar, Eds. Cham: Springer International Publishing, 2021, pp. 289–304.
K. Jerabek, O. Rysavy, and I. Burgetova, “Measurement and characterization of DNS over HTTPS traffic,” 2022. [Online]. Available:https://arxiv:org/abs/2204:03975.
Mbewe, Enock & Chavula, Josiah. (2021). On QoE Impact of DoH and DoT in Africa: Why a User’s DNS Choice Matters. 10.1007/978-3-030-70572-5_18.
S. García, K. Hynek, D. Vekshin, T. Cejka, and A. Wasicek, “Large scale measurement on the adoption of encrypted DNS,” CoRR, vol. abs/2107.04436, 2021. [Online]. Available: https://arxiv:org/abs/2107:04436.
C. Deccio and J. Davis, “DNS Privacy in Practice and Preparation,” in Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies, ser. CoNEXT ’19. New York, NY, USA: Association for Computing Machinery, 2019, p. 138–143.
T. Jensen, “Windows Insiders can now test DNS over HTTPS,” May 2020. [Online]. Available: https://techcommunity:microsoft:com/t5/networkingblog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282.
S. Siby, M. Juarez, C. Diaz, N. Vallina-Rodriguez, and C. Troncoso, “Encrypted DNS –> Privacy? A Traffic Analysis Perspective,” Dec 2020.
J. Bushart and C. Rossow, “Padding ain’t enough: Assessing the privacy guarantees of encrypted dns,” arXiv preprint arXiv:1907.01317, 2019.
Q. Huang, D. Chang, and Z. Li, “A Comprehensive Study of DNS-over-HTTPS Downgrade Attack,” in 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20), 2020.
S. Dickinson, D. K. Gillmor, and T. Reddy.K, “Usage Profiles for DNS over TLS and DNS over DTLS,” RFC 8310, Mar. 2018. [Online]. Available: https://www:rfc-editor:org/info/rfc8310.
H. Shulman, “Pretty bad privacy: Pitfalls of DNS encryption,” in Proceedings of the 13th Workshop on Privacy in the Electronic Society, 2014, pp.191–200.
S. Singanamalla, S. Chunhapanya, M. Vavrusa, T. Verma, P. Wu, M. Fayed, K. Heimerl, N. Sullivan, and C. A. Wood, “Oblivious DNS over HTTPS (odoh): A practical privacy enhancement to DNS,” CoRR, vol. abs/2011.10121, 2020. [Online]. Available: https://arxiv:org/abs/2011:10121.
Fidler, B. Hubert, J. Livingood, J. Reid, and N. Leymann, “DNS over HTTPS (DoH) Considerations for Operator Networks,” Internet Engineering Task Force, Internet-Draft draft-reid-doh-operator-00, Mar. 2019, work in Progress. [Online]. Available: https://datatracker:ietf:org/doc/html/draft-reid-doh-operator-00.
##submission.downloads##
-
PDF
Завантажень: 55