Abstract
DNSSEC Look-aside Validation (DLV) is examined, highlighting its lax specifications and privacy implications. By performing extensive experiments over datasets of domain names under comprehensive experimental settings, our findings firmly confirm the privacy leakages caused by DLV. We discover that a large number of domains that should not be sent to DLV servers are being leaked. We explore the root causes, and propose two approaches to fix the privacy leakages.
Original language | English |
---|---|
Title of host publication | Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 208-209 |
Number of pages | 2 |
ISBN (Electronic) | 9781538610275 |
DOIs | |
State | Published - 4 Dec 2017 |
Event | 1st IEEE Symposium on Privacy-Aware Computing, PAC 2017 - Washington, United States Duration: 1 Aug 2017 → 3 Aug 2017 |
Publication series
Name | Proceedings - 2017 IEEE Symposium on Privacy-Aware Computing, PAC 2017 |
---|---|
Volume | 2017-January |
Conference
Conference | 1st IEEE Symposium on Privacy-Aware Computing, PAC 2017 |
---|---|
Country/Territory | United States |
City | Washington |
Period | 1/08/17 → 3/08/17 |
Bibliographical note
Funding Information:Supported by NSF grant CNS-1643207 and NRF grant number 2016K1A1A2912757 (Global Research Lab). See [4]. Approved for public release: distribution unlimited 88ABW-2017-2413, dated 17 May 2017.
Funding Information:
2) Privacy-Preserving DLV: The second remedy involves changing the data format provided for both DLV registration and query. On DLV record registration, instead of depositing (domain_name, DNSKEY), we compute $digest = crypto_hash(domain_name) and deposit (domain_name, DNSKEY, $digest) to the DLV server. On DLV query, the resolver only sends the computed hash instead of the domain to the DLV server. Acknowledgement. Supported by NSF grant CNS-1643207 and NRF grant number 2016K1A1A2912757 (Global Research Lab). See [4]. Approved for public release: distribution unlimited 88ABW-2017-2413, dated 17 May 2017. REFERENCES
Publisher Copyright:
© 2017 IEEE.
Keywords
- DNS
- Privacy