Overview of secure access to domain name system resources
Tatiana Korobeynikova, Taras FedchukThe Domain Name System (DNS) is responsible for translating server's IP address into a domain name, enabling an end user to access a resource without having to remember it’s IP address. This protocol is the basis of the modern Internet, but all messages between the client and the server pass through an unprotected communication channel, which makes it vulnerable to various types of attacks (Spoofing, Eavesdropping, Phishing and others). To overcome this problem, DNSSEC (DNS Secure), DoT (DNS over TLS) and DNS over HTTPS (DoH) protocols were developed. The last one was the most effective. DoH encrypts DNS traffic between the client and the server and also guarantees data integrity and confidentiality. This creates a problem in the correct recognition of DoH traffic. The article will describe research tools for detecting and analyzing malicious DNS traffic based on traffic analyzers and machine learning methods. Comprehensive methods for overcoming threats will be proposed and comparative characteristics of DNS security protocols will be presented. Thus, there is a need to apply a hybrid method of investigating malicious DNS traffic based on the combined use of traffic analyzers, machine learning, and human expertise to obtain statistical data. And that is why this topic of research is relevant, insufficiently researched in terms of the security of domain structures. This work is dedicated to the further development and research of DNS technology using encryption protocols and identification and analysis of malicious traffic, based on machine learning algorithms.
References
[1] Gorokhovskyi, O.I., Troyanovska, T.I.,& Azarov, O.D. (2016). Information technology of content delivery in systems of computerized training of specialists. Vinnytsia: VNTU.
[2] Korobeynikova, T.I., & Zakharchenko, S.M. (Eds.). (2022). Computer networks. Lviv: Publishing House of Lviv Polytechnic.
[3] Korobeynikova, T.I., & Zakharchenko, S.M. (Eds.). (2021). Local network protection technologies based on CISCO equipment. Lviv: Publishing House of Lviv Polytechnic.
[4] Zakharchenko, S.M., Troyanovska, T.I., & Boyko, O.V. (Eds.). (2017). Fundamentals of building secure networks based on Cisco equipment. Vinnytsia: VNTU.
[5] Azarov, O.D., Zakharchenko, S.M., Kaduk, O.V., Orlova, M.M., & Tarasenko, V.P. (Eds.). (2020). Computer networks. Vinnytsia: VNTU.
[6] Abu Al-Haija, Q., Alohaly, M., & Odeh, A. (2023). A lightweight double-stage scheme to identify malicious DNS over HTTPS traffic using a hybrid learning approach. Sensors, 23(7), article number 3489. doi: 10.3390/s23073489.
[7] Korobeynikova, T.I., & Fedchuk, T.B. (2023). Information technology for secure access to DNS resources based on ML-trained traffic identification models. International Periodical Scientific Journal “SWorldJournal”, 21(1), 80-91. doi: 10.30888/2663-5712.2023-21-01-015.
[8] Hynek, K., Vekshin, D., Luxemburk, J., Cejka, T., & Wasicek, A. (2022). Summary of DNS over HTTPS abuse. IEEE Access, 10, 54668-54680.
[9] Jose, G.-L., Mary, K.S., & Carol, A.W. (Eds.) (1989). Internet protocol handbook. Volume 4: The domain name system (DNS) handbook. Philadelphia: Network Information Systems Center.
[10] Mockapetris, P.V. (1987). RFC1035: Domain names – implementation and specification. Vancouver: RFC Editor. doi: 10.17487/RFC1035
[11] Park, J., Khormali, A., Mohaisen, M., & Mohaisen, A. (2019). Where are you taking me? Behavioral analysis of open DNS resolvers. In Proceedings of the 2019 49th annual IEEE/IFIP international conference on dependable systems and networks (DSN) (pp. 493-504). Portland: IEEE.
[12] Cheng, Y., Liu, Y., Li, C., Zhang, Z., Li, N., & Du, Y. (2022). In-depth evaluation of the impact of nationallevel DNS filtering on DNS resolvers over space and time. Electronics, 11, article number 1276. doi: 10.3390/electronics11081276.
[13] Conti, M., Dragoni, N., & Lesyk, V. (2016). A survey of man in the middle attacks. IEEE Communications Surveys & Tutorials, 18(3), 2027-2051. doi: 10.1109/COMST.2016.2548426.
[14] Pavur, J., Moser, D., Lenders, V., & Martinovic, I. (2019). Secrets in the sky: On privacy and infrastructure security in dvb-s satellite broadband. In Proceedings of the 12th conference on security and privacy inwireless and mobile networks (pp. 277-284). Miami: Publication History. doi: 10.1145/3317549.3323418.
[15] Wolford, B. (n.d.). What is GDPR, the EU’s new data protection law? Retrieved from https://gdpr.eu/what-is-gdpr.
[16] Böttger, T., Cuadrado, F., Antichi, G., Fernandes, E.L., Tyson, G., Castro, I., & Uhlig, S. (2019). An empirical study of the cost of DNSover-HTTPS. In Proceedings of the internet measurement conference (pp. 15-21). Amsterdam: Publication History. doi: 10.1145/3355369.3355575.
[17] Founchereau, R. (2022). Securing anywhere networking. DNS security for business continuity and resilence. Needham: IDC.
[18] Founchereau, R. (2022). Securing anywhere networking. DNS security for business continuity and resilence. Needham: IDC.
[19] Romera, C.L. (2020). DNS over HTTPS traffic analysis and detection (2nd ed.). Catalonia: Universitat Oberta de Catalunya.
[20] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., & Hoffman, P.E. (2016). Specification for DNS over transport layer security (TLS). Fremont: Internet Engineering Task Force.
[21] Hoffman, P.E., & McManus, P. (2018). DNS Queries over HTTPS (DoH). Fremont: Internet Engineering Task Force.
[22] Borgolte, K., Chattopadhyay, T., Feamster, N., Kshirsagar, M., Holland, J., Hounsel, A., & Schmitt, P. (2019). How DNS over HTTPS is reshaping privacy, performance, and policy in the internet ecosystem. In TPRC47: The 47th research conference on communication, information and internet policy 2019. New York: SSRN. doi: 10.2139/ssrn.3427563.
[23] Albulayhi, K., Smadi, A.A., Sheldon, F.T., & Abercrombie, R.K. (2021). IoT intrusion detection taxonomy, reference architecture, and analyses. Sensors, 21, article number 6432. doi: 10.3390/s21196432.
[24] Hoffman, P.E., & McManus, P. (2018). DNS Queries over HTTPS (DoH). Fremont: Internet Engineering Task Force.
[25] Brumaghin, E., & Grady, C. (2017). Covert channels and poor decisions:The tale of DNSmessenger. Retrieved from https://blogs.cisco.com/security/talos/covert-channels-and-poor-decisions-the-tale-of-dnsmessenger.
[26] Cimpanu, C. (2020). Here’s how to enable DoH in each browser, ISPs be damned. Retrieved from https://www.zdnet.com/article/dns-over-https-willeventually-roll-out-in-all-major-browsers-despite-ispopposition.
[27] García, S., Hynek, K., Vekshin, D., Cejka, T., & Wasicek, A. (2021). Large scale measurement on the adoption of encrypted DNS. Retrieved from https://arxiv:org/abs/2107:04436.
[28] Romera, C.L. (2020). DNS over HTTPS traffic analysis and detection (2nd ed.). Catalonia: Universitat Oberta de Catalunya.
[29] Houser, R., Li, Z., Cotton, C., & Wang, H. (2019). An investigation on information leakage of DNS over TLS. In CoNEXT '19: Proceedings of the 15th international conference on emerging networking experiments and technologies (pp.123-137). Amsterdam: Publication History. doi: /10.1145/3359989.3365429.
[30] Bushart, J., & Rossow, C. (2019). Padding ain't enough: Assessing the privacy guarantees of encrypted DNS. Retrieved from https://arxiv.org/abs/1907.01317.
[31] Juarez, M., Siby, S., Díaz, C., Narseo, V.-R., & Troncoso, C. (2020). Encrypted DNS –> Privacy? A traffic analysis perspective. In Network and Distributed Systems Security (NDSS) Symposium 2020. San Diego: NDSS.
[32] Bumanglag, K., & Kettani, H. (2020). On the impact of DNS over HTTPS paradigm on cyber systems. In 2020 3rd international conference on information and computer technologies (ICICT) (pp. 494-499). San Jose: IEEE. doi: 10.1109/ICICT50521.2020.00085.
[33] Hynek, K., & Cejka, T. (2020). Privacy illusion: Beware of unpadded DoH. In 2020 11th IEEE information technology, electronic and mobile communication conference (IEMCON) (pp. 0621-0628). Vancouver: IEEE. doi: 10.1109/IEMCON51383.2020.9284864.
[34] McManus, P. (2018). Firefox. Retrieved from https://blog.nightly.mozilla.org/2018/08/28/firefoxnightly-securedns-experimental-results.
[35] Böttger, T., Cuadrado, F., Antichi, G., Fernandes, E.L., Tyson, G., Castro, I., & Uhlig, S. (2019). An empirical study of the cost of DNS-over-HTTPS. In Proceedings of the internet measurement conference (pp. 15-21). New York: Association for Computing Machinery. doi: 10:1145/3355369:3355575.
[36] Hounsel, A., Borgolte, K., Schmitt, P., Holland, J., & Feamster, N. (2020). Comparing the effects of DNS, DoT, and DoH on web performance. In WWW '20: Proceedings of the web conference 2020 (pp. 562-572). New York: Association for Computing Machinery. doi: /10:1145/3366423:3380139.
[37] Hounsel, A., Schmitt, P., Borgolte, K., & Feamster, N. (2021). Can encrypted DNS be fast? In O. Hohlfeld, A. Lutu & D. Levin (Eds.), Passive and active measurement (pp. 444-459). Cham: Springer. doI: 10.1007/978-3-030-72582-2_26.
[38] Chhabra, R., Murley, P., Kumar, D., Bailey, M., & Wang, G. (2021). Measuring DNS-over-HTTPS performance around the world. In Proceedings of the 21st ACM internet measurement conference (pp. 351-365). New York: Association for Computing Machinery. doi: 10:1145/3487552:3487849.
[39] Mbewe, E.S., & Chavula, J. (2021). On QoE impact of DoH and DoT in Africa: Why a user’s DNS choice matters. In R. Zitouni, A. Phokeer, J. Chavula, A. Elmokashfi, A. Gueye & N. Benamar (Eds.), Towards new e-infrastructure and e-services for developing countries (pp. 289-304). Cham: Springer. doi: 10.1007/978-3-030-70572-5_18.
[40] Jerabek, K., Rysavy, O., & Burgetova, I. (2022). Measurement and characterization of DNS over HTTPS traffic. Retrieved from https://arxiv.org/abs/2204.03975.
[41] Mbewe, E.S., & Chavula, J. (2021). On QoE impact of DoH and DoT in Africa: Why a user’s DNS choice matters. In R. Zitouni, A. Phokeer, J. Chavula, A. Elmokashfi, A. Gueye & N. Benamar (Eds.), Towards new e-infrastructure and e-services for developing countries (pp. 289-304). Cham: Springer. doi: 10.1007/978-3-030-70572-5_18.
[42] García, S., Hynek, K., Vekshin, D., Cejka, T., & Wasicek, A. Large scale measurement on the adoption of encrypted DNS. Retrieved from https://arxiv:org/abs/2107:04436.
[43] Deccio, C., & Davis, J. (2019). DNS privacy in practice and preparation. In Proceedings of the 15th international conference on emerging networking experiments and technologies (pp. 138-143). New York: Association for Computing Machinery. doi: 10.1145/3359989.3365435.
[44] Jensen, T. (2020). Windows insiders can now test DNS over HTTPS. Retrieved from https://techcommunity:microsoft:com/t5/networkingblog/windows-insiders-can-now-test-dns-over-https/bap/1381282.
[45] Juarez, M., Siby, S., Díaz, C., Narseo, V.-R., & Troncoso, C. (2020). Encrypted DNS –> Privacy? A traffic analysis perspective. In Network and Distributed Systems Security (NDSS) Symposium 2020. San Diego: NDSS.
[46] Bushart, J., & Rossow, C. (2019). Padding ain't enough: Assessing the privacy guarantees of encrypted DNS. Retrieved from https://arxiv.org/abs/1907.01317.
[47] Huang, Q., Chang, D., & Li, Z. (2020). A comprehensive study of DNS-over-HTTPS downgrade attack. In 10th USENIX workshop on free and open communications on the internet (FOCI 20) (pp. 17-24). Berkeley: USENIX.
[48] Dickinson, S., Gillmor, D.K., & Reddy, T. (2018). Usage profiles for DNS over TLS and DNS over DTLS. Retrieved from https://www:rfc-editor:org/info/rfc8310.
[49] Shulman, H. (2014). Pretty bad privacy: Pitfalls of DNS encryption. In Proceedings of the 13th workshop on privacy in the electronic society (pp. 191-200). New York: Association for Computing Machinery. doi: 10.1145/2665943.2665959.
[50] Singanamalla, S., Chunhapanya, S., Vavrusa, M., Verma, T., Wu, P., Fayed, M., Heimerl, K., Sullivan, N., & Wood, C.A. (2020). Oblivious DNS over HTTPS (odoh): A practical privacy enhancement to DNS. Retrieved from https://arxiv:org/abs/2011:10121.
[51] Fidler, A., Hubert, B., Livingood, J., Reid, J., & Leymann, N. (2019). DNS over HTTPS (DoH) considerations for operator networks. Retrieved from https://datatracker.ietf.org/doc/pdf/draft-reid-doh-operator-00.pdf.