[Busec] busec this week: Haya Shulman (Wed 10am)

Sharon Goldberg goldbe at cs.bu.edu
Sun Oct 26 21:51:59 EDT 2014

At this week's busec seminar, Haya Shulman from TU Darmstat will give a
talk about DNS privacy; the seminar will be at usual Wednesday 10am time
followed by lunch.

See you there!

BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

Pretty Bad Privacy: Pitfalls of DNS Encryption
Haya Shulman. TU Darmstat.
Wednesday October 29, 2014, 10-11:30am
Hariri Seminar Room, MCS180, 111 Cummington St

As awareness for privacy of Domain Name System (DNS) is increasing, a
number of mechanisms for encryption of DNS packets were proposed. We study
the prominent defences, focusing on the privacy guarantees,
interoperability with the DNS infrastructure, and the efficiency overhead.
In particular:

- We explore dependencies in DNS and show techniques that utilise side
channel leaks, due to transitive trust, allowing to infer information about
the target domain in an encrypted DNS packet.

- We examine common DNS servers configurations and show that the proposals
are expected to encounter deployment obstacles with (at least) $38\%$ of
50K-top Alexa domains and (at least) $12\%$ of the top-level domains
(TLDs), and will disrupt the DNS functionality and availability for clients.

- We show that due to the non-interoperability with the caches, the
proposals for end-to-end encryption may have a prohibitive traffic overhead
on the name servers.

Our work indicates that further study may be required to adjust the
proposals to stand up to their security guarantees, and to make them
suitable for the common servers' configurations in the DNS infrastructure.
Our study is based on collection and analysis of the DNS traffic of 50K-top
Alexa domains and 568 TLDs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20141026/4c26cd3f/attachment.html>

More information about the Busec mailing list