Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS Privacy: Problem and solutions

Published byAngelina Wheeler Modified over 6 years ago

Similar presentations

Presentation on theme: "DNS Privacy: Problem and solutions"— Presentation transcript:

1 DNS Privacy: Problem and solutions
A presentation by Dmitry Belyavsky, TCI EE DNS Forum / UADOM Kyiv, December 1, 2016

2 Age of privacy Internet has changed the world What is privacy now?
Personal data Metadata (Whom did you contact to?) Cookies, web-counters… Nation-wide eavesdroppers Protecting privacy Safe protocols: HTTPS, IMAPS, SFTP, SSH… All but DNS! Company Logo

3 Problem with DNS DNS – very old protocol Is DNS Data sensitive?
DNSSec does not protect data exchange from monitoring Send as little data as possible! Encrypt it! Company Logo

4 Normal resolving process
Company Logo

5 DNS Privacy: history Initiated by Stephane Bortzmeyer (2013)
IETF working group dprive (2014) Threat model: RFC 7626 (2015) QNAME minimization: RFC 7816 (2016) EDNS(0) Padding Option: RFC 7830 (2016) DNS over TLS: RFC 7858 (2016) Company Logo

6 DNS Privacy: Threat model
Described in RFC 7626 DNS data is public, Your DNS request is NOT Public QNAME Source IP DNS and data routing may differ DNS requests are not encrypted Up to 70% of users can be recognized by their queries. Company Logo

7 DNS Privacy: QNAME minimization
Described in RFC 7816 (Experimental) If you want to access l5.l4.l3.example.com, root DNS servers can answer about .com .com – about example.com No extra privacy leaks May increase or reduce number of requests Problems with some CDNs – to be fixed Supported in Knot Resolver 1.0+ Unbound Company Logo

8 DNS Privacy: DNS over (D)TLS
Described in RFC 7858 TCP: DNS over TLS UDP: DNS over DTLS Port 853 Implemented in Unbound server Getdns – client Go library Company Logo

9 DNS Privacy + DNSSEC Whom do we trust? TLS Hello extension
Trusted certs Opportunistic security TLS Hello extension Request: DNSSEC Chain Ext Response: Server DANE records Specification: Company Logo

10 DNS Privacy: How to test
Servers: Sinodun, DNS-OARC Stub resolvers: GetDNS Stubby Company Logo

11 Related technologies: DNSCrypt
No RFC, Protects communication between client and resolver 443 port, both TCP/UDP Implemented in many routers and Yandex.browser (port 15353) Company Logo

12 DNS Privacy: conclusions
There are all the necessary standards It’s time to switch them on Company Logo

13 Q&A Questions? Drop ‘em at:

Download ppt "DNS Privacy: Problem and solutions"

Similar presentations

Review iClickers. Ch 1: The Importance of DNS Security.

Review iClickers. Ch 1: The Importance of DNS Security.
DNS Alphabet Soup. IPv6 Increases packet size Both transport and question/answer sections Preference: goes first Fragmentation done by end points (ICMPv6!)

DNS Alphabet Soup. IPv6 Increases packet size Both transport and question/answer sections Preference: goes first Fragmentation done by end points (ICMPv6!)
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.
1 Application Layer Lecture 6 Imran Ahmed University of Management & Technology.

1 Application Layer Lecture 6 Imran Ahmed University of Management & Technology.
The complete picture Linux Network Management. End to End Connection Being able to describe the end to end connection sequence is a useful thing Very.

The complete picture Linux Network Management. End to End Connection Being able to describe the end to end connection sequence is a useful thing Very.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
ECE-6612 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: Klaus 3362.

ECE Prof. John A. Copeland fax Office: Klaus 3362.
Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) Network Security Fall 2014 Dr. Faisal Kakar

Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) Network Security Fall Dr. Faisal Kakar
DNS Privacy Overview Allison Mankin & Shumon Huque, Verisign Labs DNS-OARC Fall Workshop October 3, 2015.

DNS Privacy Overview Allison Mankin & Shumon Huque, Verisign Labs DNS-OARC Fall Workshop October 3, 2015.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou

Protocols COM211 Communications and Networks CDA College Olga Pelekanou
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.

1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.
THE LARGEST NAME SERVICE ACTING AS A PHONE BOOK FOR THE INTERNET The Domain Name System click here to next page 1.

THE LARGEST NAME SERVICE ACTING AS A PHONE BOOK FOR THE INTERNET The Domain Name System click here to next page 1.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.

Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
1 91.413 Data Communications I & 91.561 Computer Security I Faculty currently includes: G. Chen, Costello, Elbirt, Liu, D. Martin, Wang.

Data Communications I & Computer Security I Faculty currently includes: G. Chen, Costello, Elbirt, Liu, D. Martin, Wang.
TLS: avoiding dangers A presentation by Dmitry Belyavsky, TCI Business Internet Conference Kiev, Ukraine, December 2013.

TLS: avoiding dangers A presentation by Dmitry Belyavsky, TCI Business Internet Conference Kiev, Ukraine, December 2013.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos 110512.

Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos

Similar presentations

Ads by Google