ОГЛЯД ПИТАННЯ БЕЗПЕЧНОГО ДОСТУПУ ДО РЕСУРСІВ СИСТЕМИ ДОМЕННИХ ІМЕН

Tetiana Korobeinikova; Taras Fedchuk

doi:10.31649/1999-9941-2024-59-1-40-53

Authors

Tetiana Korobeinikova National university “Lvivska Politechnika”
Taras Fedchuk National university “Lvivska Politechnika”

DOI:

https://doi.org/10.31649/1999-9941-2024-59-1-40-53

Keywords:

recursive resolver

Abstract

Abstract. The Domain Name System (DNS) is responsible for translating server's IP address into a domain name, enabling an end user to access a resource without having to remember it’s IP address. This protocol is the basis of the modern Internet, but all messages between the client and the server pass through an unprotected communication channel, which makes it vulnerable to various types of attacks (Spoofing, Eavesdropping, Phishing and others). To overcome this problem, DNSSEC (DNS Secure), DoT (DNS over TLS) and DNS over HTTPS (DoH) protocols were developed. The last one was the most effective. DoH encrypts DNS traffic between the client and the server and also guarantees data integrity and confidentiality. This creates a problem in the correct recognition of DoH traffic. The article will describe research tools for detecting and analyzing malicious DNS traffic based on traffic analyzers and machine learning methods. Comprehensive methods for overcoming threats will be proposed and comparative characteristics of DNS security protocols will be presented. Thus, there is a need to apply a hybrid method of investigating malicious DNS traffic based on the combined use of traffic analyzers, machine learning, and human expertise to obtain statistical data. And that is why this topic of research is relevant, insufficiently researched in terms of the security of domain structures. This work is dedicated to the further development and research of DNS technology using encryption protocols and identification and analysis of malicious traffic, based on machine learning algorithms.

Author Biographies

Tetiana Korobeinikova , National university “Lvivska Politechnika”

PhD, associate professor of information technology security department, National university “Lvivska Politechnika”

Taras Fedchuk , National university “Lvivska Politechnika”

graduate student of information technology security department, National university “Lvivska Politechnika”

References

Трояновська Т. І. Інформаційна технологія доставки контенту у системах комп’ютеризованої підготовки спеціалістів. // Гороховський О. І., Трояновська Т. І., Азаров О. Д. Монографія. Вінниця : ВНТУ, 2016.–160 с.

Комп'ютерні мережі: навч. посібник / Т. І. Коробейнікова, С. М. Захарченко. – Львів: Видавництво Львівської політехніки, 2022. – 228 с.

Технології захисту локальних мереж на основі обладнання CISCO : навч. посібник / Т. І. Коробейнікова, С. М. Захарченко. – Львів: Видавництво Львівської політехніки, 2021. – 188 с.

Трояновська Т. І. Побудова захищених мереж на базі обладнання компанії Cisco. // Захарченко С.М., Трояновська Т. І., Бойко О.В. Навчальний посібник. Вінниця : ВНТУ, 2017. – 133 с.

Комп’ютерні мережі / О. Д. Азаров, С. М. Захарченко, О. В. Кадук, М. М. Орлова, В. П. Тарасенко // Навч. посібник. – Вінниця: ВНТУ, 2013./МОНУ (Лист №1/11 – 8260 від 15.05 2013 р.) - 500 с.

Abu Al-Haija, Q.; Alohaly,M.; Odeh, A. A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach.Sensors 2023, 23, 3489. https://doi.org/10.3390/s23073489.

Коробейнікова Т.І. Інформаційна технологія безпечного доступу до ресурсів DNS на базі ML-тренованих моделей ідентифікації трафіку / Коробейнікова Т.І., Федчук Т. Б. // International periodical scientific journal «SWorldJournal» – 2023. – № 21 (part 1) (September, 2023). – С. 80–91. ISSN: 2663-5712. DOI:10.30888/2663-5712.2023-21-01.

Karel Hynek, Dmyto Vekshin, Jan Luxemburk, Tomas Cejka, Armin Wasicek, “Summary of DNS over HTTPS Abuse”, volume 4, 2016.

Jose, G.-L.; Mary, K.S.; Carol, A.W. Internet Protocol Handbook. In The Domain Name System (DNS) Handbook; DTIC: Fort Belvoir, VA, USA, 1989; Volume 4.

Paul, M. Domain Names–Implementation and Specification; Internet Engineering Task Force; ISI: Marina del Rey, CA, USA, 1987.

Park, J.; Khormali, A.; Mohaisen, M.; Mohaisen, A. Where are you taking me? Behavioral analysis of open DNS resolvers. In Proceedings of the 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, OR, USA, 24–27 June 2019; pp. 493–504.

Cheng, Y.; Liu, Y.; Li, C.; Zhang, Z.; Li, N.; Du, Y. In-Depth Evaluation of the Impact of National-Level DNS Filtering on DNS Resolvers over Space and Time. Electronics 2022, 11, 1276.

Mauro Conti, Nicola Dragoni, and Viktor Lesyk, "A Survey of Man In The Middle Attacks," IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2027 - 2051, March 2016.

Pavur, J.; Moser, D.; Lenders, V.; Martinovic, I. Secrets in the sky: On privacy and infrastructure security in dvb-s satellite broadband. In Proceedings of the 12th Conference on Security and Privacy inWireless and Mobile Networks, Miami, FL, USA, 15–17 May 2019; pp. 277–284.

Ben Wolford, “What is GDPR, the EU’s new data protection law?” https://gdpr.eu/what-is-gdpr.

Böttger, T.; Cuadrado, F.; Antichi, G.; Fernandes, E.L.; Tyson, G.; Castro, I.; Uhlig, S. An Empirical Study of the Cost of DNSover-HTTPS. In Proceedings of the Internet Measurement Conference, Amsterdam, The Netherlands, 21–23 October 2019; pp. 15–21.

Romain Founchereau, “Securing Anywhere Networking. DNS Security for Business Continuity and Resilence”. June 2022.

Romain, F. DNS Security for Business Continuity and Resilience; IDC: Needham, MA, USA, 2022.

DNS Over HTTPS Traffic Analysis and Detection. Carlos López Romera, Carlos Hernández Gañán,Víctor García Font 2nd June, 2020.

Hu, Z.; Zhu, L.; Heidemann, J.; Mankin, A.;Wessels, D.; Hoffman, P.E. Specification for DNS over Transport Layer Security (TLS); Internet Engineering Task Force: Fremont, CA, USA, 2016.

Hoffman, P.E.; McManus, P. DNS Queries over HTTPS (DoH); Internet Engineering Task Force: Fremont, CA, USA, 2018.

K. Borgolte, T. Chattopadhyay, N. Feamster, M. Kshirsagar, J. Holland, A. Hounsel, and P. Schmitt, “How DNS over HTTPS is Reshaping Privacy, Performance, and Policy in the Internet Ecosystem,” Performance, and Policy in the Internet Ecosystem (July 27, 2019), 2019.

Albulayhi, K.; Smadi, A.A.; Sheldon, F.T.; Abercrombie, R.K. IoT Intrusion Detection Taxonomy, Reference Architecture, and Analyses. Sensors 2021, 21, 6432. [CrossRef] [PubMed]

P. E. Hoffman and P. McManus, “DNS Queries over HTTPS (DoH),” RFC 8484, Tech. Rep. 8484, Oct. 2018. P. Mockapetris, “Domain names - implementation and specification,”RFC 1035 (Internet Standard), RFC Editor, pp. 1–55. [Online]. Available:https://www:rfc-editor:org/rfc/rfc1035:txt

E. Brumaghin and C. Grady, “Covert channels and poor decisions:The tale of dnsmessenger,” Mar 2017. [Online]. Available: https:/blog:talosintelligence:com/2017/03/dnsmessenger:html

C. Cimpanu, “Here’s how to enable DoH in each browser, ISPs be damned,” Dec 2020, https://www.zdnet.com/article/dns-over-https-willeventually-roll-out-in-all-major-browsers-despite-isp-opposition/.P. E. Hoffman, “Representing DNS Messages in JSON,” RFC 8427. [Online]. Available: https://rfc-editor:org/rfc/rfc8427:txt

S. García, K. Hynek, D. Vekshin, T. Cejka, and A. Wasicek, “Large scale measurement on the adoption of encrypted DNS,” CoRR, vol. abs/2107.04436, 2021. [Online]. Available: https://arxiv:org/abs/2107:04436

DNS Over HTTPS Traffic Analysis and Detection. Carlos López Romera, Carlos Hernández Gañán,Víctor García Font 2nd June, 2020.

Rebekah Houser, Zhou Li, Chase Cotton, and Haining Wang, "An Investigation on Information Leakage of DNS over TLS," in CoNEXT '19: Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies, 2019.

Bushart Jonas and Christian Rossow, "Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS," CoRR, vol. abs/1907.01317, July 2019.

Marc Juarez, Sandra Siby, Claudia Díaz, Vallina-Rodriguez Narseo, and Carmela Troncoso, "Encrypted DNS --> Privacy? A Traffic Analysis Perspective," in NDSS Symposium, 2020.

K. Bumanglag and H. Kettani, “On the Impact of DNS Over HTTPS Paradigm on Cyber Systems,” in 2020 3rd International Conference on Information and Computer Technologies (ICICT), 2020, pp. 494–499.

K. Hynek and T. Cejka, “Privacy Illusion: Beware of Unpadded DoH,” in 2020 11th IEEE Information Technology, Electronic and Mobile Communication conference (IEMCON), 2020.

P. McManus, Aug 2018. [Online]. Available: https://blog:nightly:mozilla:org/2018/08/28/firefox-nightly-securedns-experimental-results.

T. Böttger, F. Cuadrado, G. Antichi, E. L. a. Fernandes, G. Tyson, I. Castro, and S. Uhlig, “An Empirical Study of the Cost of DNS-over-HTTPS,” in Proceedings of the Internet Measurement Conference, ser. IMC ’19. New York, NY, USA: Association for Computing Machinery, 2019, p.15–21. [Online]. Available: https://doi:org/10:1145/3355369:3355575

A. Hounsel, K. Borgolte, P. Schmitt, J. Holland, and N. Feamster, Comparing the Effects of DNS, DoT, and DoH on Web Performance. New York, NY, USA: Association for Computing Machinery, 2020, p.562–572. [Online]. Available: https://doi:org/10:1145/3366423:3380139

A. Hounsel, P. Schmitt, K. Borgolte, and N. Feamster, “Can Encrypted DNS Be Fast?” in Passive and Active Measurement, O. Hohlfeld, A. Lutu, and D. Levin, Eds. Cham: Springer International Publishing, 2021, pp.444–459

R. Chhabra, P. Murley, D. Kumar, M. Bailey, and G. Wang, “Measuring DNS-over-HTTPS Performance around the World,” in Proceedings of the 21st ACM Internet Measurement Conference, ser. IMC ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 351–365. [Online]. Available: https://doi:org/10:1145/3487552:3487849.

E. S. Mbewe and J. Chavula, “On QoE Impact of DoH and DoT in Africa: Why a User’s DNS Choice Matters,” in Towards new e-Infrastructure and e-Services for Developing Countries, R. Zitouni, A. Phokeer, J. Chavula, A. Elmokashfi, A. Gueye, and N. Benamar, Eds. Cham: Springer International Publishing, 2021, pp. 289–304.

K. Jerabek, O. Rysavy, and I. Burgetova, “Measurement and characterization of DNS over HTTPS traffic,” 2022. [Online]. Available:https://arxiv:org/abs/2204:03975.

Mbewe, Enock & Chavula, Josiah. (2021). On QoE Impact of DoH and DoT in Africa: Why a User’s DNS Choice Matters. 10.1007/978-3-030-70572-5_18.

S. García, K. Hynek, D. Vekshin, T. Cejka, and A. Wasicek, “Large scale measurement on the adoption of encrypted DNS,” CoRR, vol. abs/2107.04436, 2021. [Online]. Available: https://arxiv:org/abs/2107:04436.

C. Deccio and J. Davis, “DNS Privacy in Practice and Preparation,” in Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies, ser. CoNEXT ’19. New York, NY, USA: Association for Computing Machinery, 2019, p. 138–143.

T. Jensen, “Windows Insiders can now test DNS over HTTPS,” May 2020. [Online]. Available: https://techcommunity:microsoft:com/t5/networkingblog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282.

S. Siby, M. Juarez, C. Diaz, N. Vallina-Rodriguez, and C. Troncoso, “Encrypted DNS –> Privacy? A Traffic Analysis Perspective,” Dec 2020.

J. Bushart and C. Rossow, “Padding ain’t enough: Assessing the privacy guarantees of encrypted dns,” arXiv preprint arXiv:1907.01317, 2019.

Q. Huang, D. Chang, and Z. Li, “A Comprehensive Study of DNS-over-HTTPS Downgrade Attack,” in 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20), 2020.

S. Dickinson, D. K. Gillmor, and T. Reddy.K, “Usage Profiles for DNS over TLS and DNS over DTLS,” RFC 8310, Mar. 2018. [Online]. Available: https://www:rfc-editor:org/info/rfc8310.

H. Shulman, “Pretty bad privacy: Pitfalls of DNS encryption,” in Proceedings of the 13th Workshop on Privacy in the Electronic Society, 2014, pp.191–200.

S. Singanamalla, S. Chunhapanya, M. Vavrusa, T. Verma, P. Wu, M. Fayed, K. Heimerl, N. Sullivan, and C. A. Wood, “Oblivious DNS over HTTPS (odoh): A practical privacy enhancement to DNS,” CoRR, vol. abs/2011.10121, 2020. [Online]. Available: https://arxiv:org/abs/2011:10121.

A. Fidler, B. Hubert, J. Livingood, J. Reid, and N. Leymann, “DNS over HTTPS (DoH) Considerations for Operator Networks,” Internet Engineering Task Force, Internet-Draft draft-reid-doh-operator-00, Mar. 2019, work in Progress. [Online]. Available: https://datatracker:ietf:org/doc/html/draft-reid-doh-operator-00.

References

Troyanovsʹka T. I. Informatsiyna tekhnolohiya dostavky kontentu u systemakh kompʺyuteryzovanoyi pidhotovky spetsialistiv. // Horokhovsʹkyy O. I., Troyanovsʹka T. I., Azarov O. D. Monohrafiya. Vinnytsya : VNTU, 2016.–160 s.

Komp'yuterni merezhi: navch. posibnyk / T. I. Korobey̆nikova, S. M. Zakharchenko. – Lʹviv: Vydavnytstvo Lʹvivsʹkoï politekhniky, 2022. – 228 s.

Tekhnolohiï zakhystu lokalʹnykh merezh na osnovi obladnannya CISCO : navch. posibnyk / T. I. Korobey̆nikova, S. M. Zakharchenko. – Lʹviv: Vydavnytstvo Lʹvivsʹkoï politekhniky, 2021. – 188 s.

Troyanovsʹka T. I. Pobudova zakhyshchenykh merezh na bazi obladnannya kompaniyi Cisco. // Zakharchenko S.M., Troyanovsʹka T. I., Boyko O.V. Navchalʹnyy posibnyk. Vinnytsya : VNTU, 2017. – 133 s.

Kompʺyuterni merezhi / O. D. Azarov, S. M. Zakharchenko, O. V. Kaduk, M. M. Orlova, V. P. Tarasenko // Navch. posibnyk. – Vinnytsya: VNTU, 2013./MONU (Lyst №1/11 – 8260 vid 15.05 2013 r.) - 500 s.