Journal of the ACM (JACM)
eTVRA, a Threat, Vulnerability and Risk Assessment Method and Tool for eEurope
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Analysis of Privacy Disclosure in DNS Query
MUE '07 Proceedings of the 2007 International Conference on Multimedia and Ubiquitous Engineering
Two-Servers PIR Based DNS Query Scheme with Privacy-Preserving
IPC '07 Proceedings of the The 2007 International Conference on Intelligent Pervasive Computing
A survey of single-database private information retrieval: techniques and applications
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
eTVRA: a threat, vulnerability and risk assessment tool for eEurope
iTrust'06 Proceedings of the 4th international conference on Trust Management
Anonymous connections and onion routing
IEEE Journal on Selected Areas in Communications
Privacy-preserving DNS: analysis of broadcast, range queries and mix-based protection methods
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Hi-index | 0.00 |
The use of the DNS as the underlying technology of new resolution name services can lead to privacy violations. The exchange of data between servers and clients flows without protection. Such an information can be captured by service providers and eventually sold with malicious purposes (i.e., spamming, phishing, etc.). A motivating example is the use of DNS on VoIP services for the translation of traditional telephone numbers into Internet URLs. We analyze in this paper the use of statistical noise for the construction of proper DNS queries. Our objective aims at reducing the risk that sensible data within DNS queries could be inferred by local and remote DNS servers. We evaluate the implementation of a proof-of-concept of our approach. We study the benefits and limitations of our proposal. A first limitation is the possibility of attacks against the integrity and authenticity of our queries by means of, for instance, man-in-the-middle or replay attacks. However, this limitation can be successfully solved combining our proposal together with the use of the DNSSEC (DNS Security extensions). We evaluate the impact of including this complementary countermeasure.