A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques
Minzhao Lyu, Hassan Habibi Gharakheili, Vijay Sivaraman
TL;DR
This survey reviews the development, misuse by malware, and inference techniques related to DNS encryption technologies like DoT, DoH, and DoQ, emphasizing current challenges and future research directions.
Contribution
It provides a comprehensive overview of DNS encryption standards, their adoption, security issues, malware exploitation methods, and traffic inference techniques, highlighting research gaps.
Findings
DNS encryption standards have varying adoption and security profiles.
Malware exploits DNS encryption for covert communication and data theft.
Inference techniques can profile normal and malicious encrypted DNS traffic.
Abstract
The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role for Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and hence, can be read and/or hijacked by third parties. To protect user privacy, the networking community has proposed standard encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) for DNS communications, enabling clients to perform secure and private domain name lookups. We survey the DNS encryption literature published since 2016, focusing on its current landscape and how it is misused by malware, and highlighting the existing techniques developed to make inferences from encrypted DNS traffic. First, we provide an overview of various standards developed in the space of DNS encryption and their adoption status,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.