# Encrypted DNS --> Privacy? A Traffic Analysis Perspective

**Authors:** Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez and, Carmela Troncoso

arXiv: 1906.09682 · 2019-10-08

## TL;DR

This paper investigates whether encrypting DNS traffic with protocols like DoT and DoH effectively prevents traffic analysis-based monitoring and censorship, revealing that such encryption offers limited protection against domain identification and censorship.

## Contribution

The study introduces a novel feature set tailored for DNS traffic analysis and demonstrates that encrypted DNS traffic remains vulnerable to traffic analysis attacks, challenging assumptions about privacy protections.

## Key findings

- Encrypted DNS traffic can be accurately identified with significantly less data than HTTPS.
- Factors like location and resolver reduce attack effectiveness but do not eliminate it.
- Standard padding schemes are ineffective against traffic analysis; Tor offers better defense.

## Abstract

Virtually every connection to an Internet service is preceded by a DNS lookup which is performed without any traffic-level protection, thus enabling manipulation, redirection, surveillance, and censorship. To address these issues, large organizations such as Google and Cloudflare are deploying recently standardized protocols that encrypt DNS traffic between end users and recursive resolvers such as DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). In this paper, we examine whether encrypting DNS traffic can protect users from traffic analysis-based monitoring and censoring. We propose a novel feature set to perform the attacks, as those used to attack HTTPS or Tor traffic are not suitable for DNS' characteristics. We show that traffic analysis enables the identification of domains with high accuracy in closed and open world settings, using 124 times less data than attacks on HTTPS flows. We find that factors such as location, resolver, platform, or client do mitigate the attacks performance but they are far from completely stopping them. Our results indicate that DNS-based censorship is still possible on encrypted DNS traffic. In fact, we demonstrate that the standardized padding schemes are not effective. Yet, Tor -- which does not effectively mitigate traffic analysis attacks on web traffic -- is a good defense against DoH traffic analysis.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1906.09682/full.md

## Figures

27 figures with captions in the complete paper: https://tomesphere.com/paper/1906.09682/full.md

## References

80 references — full list in the complete paper: https://tomesphere.com/paper/1906.09682/full.md

---
Source: https://tomesphere.com/paper/1906.09682