Privacy Illusion: Beware of Unpadded DoH

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F20%3A10133321" target="_blank" >RIV/63839172:_____/20:10133321 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/68407700:21240/20:00344971

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/9284864" target="_blank" >https://ieeexplore.ieee.org/document/9284864</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/IEMCON51383.2020.9284864" target="_blank" >10.1109/IEMCON51383.2020.9284864</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Privacy Illusion: Beware of Unpadded DoH

Popis výsledku v původním jazyce

DNS over HTTPS (DoH) has been created with ambitions to improve the privacy of users on the internet. Domain names that are being resolved by DoH are transferred via an encrypted channel, ensures nobody should be able to read the content. However, even though the communication is encrypted, we show that it still leaks some private information, which can be misused. Therefore, this paper studies the behavior of the DoH protocol implementation in Firefox and Chrome web-browsers, and the level of detail that can be revealed by observing and analyzing packet-level information. The aim of this paper is to evaluate and highlight discovered privacy weaknesses hidden in DoH. By the trained machine learning classifier, it is possible to infer individual domain names only from the captured encrypted DoH connection. The resulting trained classifier can infer domain name from encrypted DNS traffic with surprisingly high accuracy up to 90% on HTTP 1.1, and up to 70% on HTTP 2 protocol.

Název v anglickém jazyce

Privacy Illusion: Beware of Unpadded DoH

Popis výsledku anglicky

DNS over HTTPS (DoH) has been created with ambitions to improve the privacy of users on the internet. Domain names that are being resolved by DoH are transferred via an encrypted channel, ensures nobody should be able to read the content. However, even though the communication is encrypted, we show that it still leaks some private information, which can be misused. Therefore, this paper studies the behavior of the DoH protocol implementation in Firefox and Chrome web-browsers, and the level of detail that can be revealed by observing and analyzing packet-level information. The aim of this paper is to evaluate and highlight discovered privacy weaknesses hidden in DoH. By the trained machine learning classifier, it is possible to infer individual domain names only from the captured encrypted DoH connection. The resulting trained classifier can infer domain name from encrypted DNS traffic with surprisingly high accuracy up to 90% on HTTP 1.1, and up to 70% on HTTP 2 protocol.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

<a href="/cs/project/EF16_013%2F0001797" target="_blank" >EF16_013/0001797: E-infrastruktura CESNET - modernizace</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON)

ISBN

978-1-72818-416-6

ISSN

2644-3163

e-ISSN

—

Počet stran výsledku

8

Strana od-do

621-628

Název nakladatele

IEEE

Místo vydání

Chicago,USA

Místo konání akce

Vancouver, Canada

Datum konání akce

4. 11. 2020

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—