ABSTRACT
Security and privacy of the Internet Domain Name System (DNS) have been longstanding concerns. Recently, there is a trend to protect DNS traffic using Transport Layer Security (TLS). However, at least two major issues remain: (1) how do clients authenticate DNS-over-TLS endpoints in a scalable and extensible manner; and (2) how can clients trust endpoints to behave as expected? In this paper, we propose a novel Private DNS-over-TLS (PDoT) architecture. PDoT includes a DNS Recursive Resolver (RecRes) that operates within a Trusted Execution Environment (TEE). Using Remote Attestation, DNS clients can authenticate, and receive strong assurance of trustworthiness of PDoT RecRes. We provide an open-source proof-of-concept implementation of PDoT and use it to experimentally demonstrate that its latency and throughput match that of the popular Unbound DNS-over-TLS resolver.
- 2009. Introduction to DNSCurve. https://dnscurve.org/index.html [Online] Accessed: 2019-05-29.Google Scholar
- Fritz Alder, N Asokan, Arseny Kurnikov, Andrew Paverd, and Michael Steiner. 2019. S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX. In ACM Cloud Computing Security Workshop (CCSW '19).Google ScholarDigital Library
- R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. 2005. DNS Security Introduction and Requirements. Technical Report. Google ScholarCross Ref
- ARM. 2009. ARM Security Technology - Building a Secure System using TrustZone Technology. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html [Online] Accessed: 2019-05-29.Google Scholar
- S. Bortzmeyer. 2016. DNS Query Name Minimisation to Improve Privacy. Technical Report. Google ScholarCross Ref
- S Bortzmeyer. 2018. Encryption and authentication of the DNS resolver-to-authoritative communication. https://tools.ietf.org/html/draft-bortzmeyer-dprive-resolver-to-auth-01Google Scholar
- Sergio Castillo-Perez and Joaquin Garcia-Alfaro. 2008. Anonymous Resolution of DNS Queries. Springer, Berlin, Heidelberg, 987--1000. Google ScholarDigital Library
- V.G. Cerf. 1991. Guidelines for Internet Measurement Activities. Technical Report. Google ScholarDigital Library
- Cloudflare. -. DNS over TLS - Cloudflare Resolver. https://1.1.1.1/dns/ [Online] Accessed: 2019-05-29.Google Scholar
- Manuel Costa, Lawrence Esswood, Olga Ohrimenko, Felix Schuster, and Sameer Wagh. 2017. The pyramid scheme: Oblivious RAM for trusted processors. arXiv preprint arXiv:1712.07882 (2017).Google Scholar
- Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation., 857--874 pages. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/costanGoogle Scholar
- cs.nic. -. Knot Resolver. https://www.knot-resolver.cz/ [Online] Accessed: 2019-05-29.Google Scholar
- T. Dierks and E. Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. Technical Report. Google ScholarCross Ref
- Huayi Duan, Cong Wang, Xingliang Yuan, Yajin Zhou, Qian Wang, and Kui Ren. 2017. LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed. (Jun 2017). arXiv:1706.06261 http://arxiv.org/abs/1706.06261Google Scholar
- Annie Edmundson, Paul Schmitt, and Nick Feamster. 2018. ODNS: Oblivious DNS. https://odns.cs.princeton.edu/ [Online] Accessed: 2019-05-29.Google Scholar
- Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann, and Christopher Piosecny. 2011. Privacy-Preserving DNS: Analysis of Broadcast, Range Queries and Mix-Based Protection Methods. Springer, Berlin, Heidelberg, 665--683. Google ScholarCross Ref
- David Goltzsche, Signe Rusch, Manuel Nieke, Sebastien Vaucher, Nico Weichbrodt, Valerio Schiavoni, Pierre-Louis Aublin, Paolo Cosa, Christof Fetzer, Pascal Felber, Peter Pietzuch, and Rudiger Kapitza. 2018. EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution. In 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '18). IEEE, 386--397. Google ScholarCross Ref
- Google. 2018. DNS over TLS support in Android P Developer Preview. https://security.googleblog.com/2018/04/dns-over-tls-support-in-android-p.html [Online] Accessed: 2019-05-29.Google Scholar
- Zi Hu, Liang Zhu, John Heidemann, Allison Mankin, Duane Wessels, and P Hoffman. 2016. Specification for DNS over Transport Layer Security (TLS). Google ScholarCross Ref
- Thomas Knauth, Michael Steiner, Somnath Chakrabarti, Li Lei, Cedric Xing, and Mona Vij. 2018. Integrating Remote Attestation with Transport Layer Security. (Jan 2018). arXiv:1801.05863 http://arxiv.org/abs/1801.05863Google Scholar
- SPROUT Lab. 2019. PDoT Source Code. https://github.com/sprout-uci/PDoTGoogle Scholar
- NLnet Labs. -. Stubby. https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby [Online] Accessed: 2019-05-29.Google Scholar
- NLnet Labs. -. Unbound. https://nlnetlabs.nl/projects/unbound/about/ [Online] Accessed: 2019-05-29.Google Scholar
- Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. LastLevel Cache Side-Channel Attacks are Practical. In 2015 IEEE Symposium on Security and Privacy. IEEE, 605--622. Google ScholarDigital Library
- Y. Lu and G. Tsudik. 2010. Towards Plugging Privacy Leaks in the Domain Name System. In 2010 IEEE Tenth International Conference on Peer-to-Peer Computing (P2P). IEEE, 1--10. Google ScholarCross Ref
- Majestic. 2012. Majestic Million. https://blog.majestic.com/development/majestic-million-csv-daily/Google Scholar
- Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP '13). ACM Press, New York, New York, USA, 1--1. Google ScholarDigital Library
- Microsoft. 2017. Introducing Azure confidential computing. https://azure.microsoft.com/en-us/blog/introducing-azure-confidential-computing/ [Online] Accessed: 2019-05-29.Google Scholar
- P.V. Mockapetris. 1987. Domain names - implementation and specification. Technical Report. Google ScholarDigital Library
- DNSCrypt Project. -. DNSCrypt. https://dnscrypt.info/ [Online] Accessed: 2019-05-29.Google Scholar
- Sajin Sasy, Sergey Gorbunov, and Christopher W Fletcher. 2017. ZeroTrace: Oblivious Memory Primitives from Intel SGX. IACR Cryptology ePrint Archive 2017 (2017), 549.Google Scholar
- Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In NDSS Symposium. https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/t-sgx-eradicating-controlled-channel-attacks-against-enclave-programs/Google Scholar
- Haya Shulman and Haya. 2014. Pretty Bad Privacy: Pitfalls of DNS Encryption. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES '14). ACM Press, New York, New York, USA, 191--200. Google ScholarDigital Library
- Sandeep Tamrakar, Jian Liu, Andrew Paverd, Jan-Erik Ekberg, Benny Pinkas, and N. Asokan. 2017. The Circle Game: Scalable Private Membership Test Using Trusted Hardware. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '17). Google ScholarDigital Library
- Bohdan Trach, Alfred Krohmer, Franz Gregor, Sergei Arnautov, Pramod Bhatotia, and Christof Fetzer. 2018. ShieldBox: Secure Middleboxes using Shielded Execution. In Proceedings of the Symposium on SDN Research (SOSR '18). ACM Press, New York, New York, USA, 1--14. Google ScholarDigital Library
- Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy. IEEE, 640--656. Google ScholarDigital Library
- Fangming Zhao, Yoshiaki Hori, and Kouichi Sakurai. 2007. Analysis of Privacy Disclosure in DNS Query. In 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE '07). IEEE, 952--957. Google ScholarDigital Library
- Fangming Zhao, Yoshiaki Hori, and Kouichi Sakurai. 2007. Two-Servers PIR Based DNS Query Scheme with Privacy-Preserving. In The 2007 International Conference on Intelligent Pervasive Computing (IPC '07). IEEE, 299--302. Google ScholarCross Ref
- Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin, and Nikita Somaiya. 2015. Connection-Oriented DNS to Improve Privacy and Security. In 2015 IEEE Symposium on Security and Privacy. IEEE, 171--186. Google ScholarDigital Library
Index Terms
- PDoT: private DNS-over-TLS with TEE support
Recommendations
PDoT: Private DNS-over-TLS with TEE Support
Special Issue on ACSAC'19: Part 2Security and privacy of the Internet Domain Name System (DNS) have been longstanding concerns. Recently, there is a trend to protect DNS traffic using Transport Layer Security (TLS). However, at least two major issues remain: (1) How do clients ...
Securing DNS: Extending DNS Servers with a DNSSEC Validator
DNS Security Extensions (DNSSEC) is a proposed standard for securely authenticating information in the Domain Name System. DNSSEC validators check the digital signatures on DNS data. However, designing a validator worth the operational costs is a ...
Measurement for encrypted open resolvers: Applications and security
AbstractEncrypted DNS has been proposed to mitigate the vulnerability of traditional DNS to surveillance and tampering. Some encrypted DNS protocols, like DNS over HTTPS (DoH) and DNS over TLS (DoT), have been promoted by the community and ...
Comments