Does domain name encryption increase users’ privacy?

Does domain name encryption increase users' privacy?

Contributors: Trevisan Martino, Soro Francesca, Mellia Marco, Drago Idilio, Morla Ricardo
Year: 2020
Venue: ACM SIGCOMM Computer Communication Review
Abstract:
Knowing domain names associated with traffic allows eavesdroppers to profile users without accessing packet payloads. Encrypting domain names transiting the network is, therefore, a key step to increase network confidentiality. Latest efforts include encrypting the TLS Server Name Indication (eSNI extension) and encrypting DNS traffic, with DNS over HTTPS (DoH) representing a prominent proposal. In this paper, we show that an attacker able to observe users’ traffic relying on plain-text DNS can uncover the domain names of users relying on eSNI or DoH. By relying on large-scale network traces, we show that simplistic features and off-the-shelf machine learning models are sufficient to achieve surprisingly high precision and recall when recovering encrypted domain names. The triviality of the attack calls for further actions to protect privacy, in particular considering transient scenarios in which only a fraction of users will adopt these new privacy-enhancing technologies.
Download: PDF file

This project has received funding from the European Union Horizon 2020 Research and Innovation programme under the ICT theme: ICT-13-2018-2019 - Supporting the emergence of data markets and the data economy.
Grant Agreement No. 871370

Project

Start Date: 01/12/2019
End Date: 30/08/2022
Cost: € 6.208.953,75
UE Funding: € 5.240.830,13
Project Identifier: H2020-871370
Estimated Effort: 723 PM

Project Coordinator

Marco Mellia
Politecnico di Torino - Department of Electronics and Telecommunications (DET)
Email: marco.mellia@polito.it