DNS prefetching and its privacy implications: when good things go bad

Authors:
Srinivas Krishnan;Fabian Monrose
Affiliations:
Department of Computer Science, University of North Carolina at Chapel Hill;Department of Computer Science, University of North Carolina at Chapel Hill
Venue:
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Year:
2010

Citing 15
Cited 4

Wide area traffic: the failure of Poisson modeling

IEEE/ACM Transactions on Networking (TON)
Timing attacks on Web privacy

Proceedings of the 7th ACM conference on Computer and communications security
Evaluation of Item-Based Top-N Recommendation Algorithms

Proceedings of the tenth international conference on Information and knowledge management
DNS performance and the effectiveness of caching

IEEE/ACM Transactions on Networking (TON)
Diversity in DNS performance measures

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Proactive Caching of DNS Records: Addressing a Performance Bottleneck

SAINT '01 Proceedings of the 2001 Symposium on Applications and the Internet (SAINT 2001)
Inferring relative popularity of internet applications by actively querying DNS caches

Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Item-based top-N recommendation algorithms

ACM Transactions on Information Systems (TOIS)
Is your caching resolver polluting the internet?

Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
Piggybacking related domain names to improve DNS performance

Computer Networks: The International Journal of Computer and Telecommunications Networking
A multifaceted approach to understanding the botnet phenomenon

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
DNS Complexity

Queue - DNS
Modeling the effects of delayed haptic and visual feedback in a collaborative virtual environment

ACM Transactions on Computer-Human Interaction (TOCHI)
Peeking through the cloud: DNS-based estimation and its applications

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
A novel DNS accelerator design and implementation

APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services

From throw-away traffic to bots: detecting the rise of DGA-based malware

Security'12 Proceedings of the 21st USENIX conference on Security symposium
Privacy risks in named data networking: what is the cost of performance?

ACM SIGCOMM Computer Communication Review
Large-scale DNS data analysis

Proceedings of the 2012 ACM conference on Computer and communications security
I know the shortened URLs you clicked on Twitter: inference attack using public click analytics and Twitter metadata

Proceedings of the 22nd international conference on World Wide Web

Quantified Score

Hi-index	0.00

Visualization

Abstract

A recent trend in optimizing Internet browsing speed is to optimistically pre-resolve (or prefetch) DNS resolutions. While the practical benefits of doing so are still being debated, this paper attempts to raise awareness that current practices could lead to privacy threats that are ripe for abuse. More specifically, although the adoption of several browser optimizations have already raised security concerns, we examine how prefetching amplifies disclosure attacks to a degree where it is possible to infer the likely search terms issued by clients using a given DNS resolver. The success of these inference attacks relies on the fact that prefetching inserts a significant amount of context into a resolver's cache, allowing an adversary to glean far more detailed insights than when this feature is turned off.