Investigations of the security and privacy of the domain name system

Date
2021
Journal Title
Journal ISSN
Volume Title
Publisher
University of Delaware
Abstract
For over thirty years, the domain name system (DNS) has served as one of the Internet's fundamental elements. Designed for scalability and performance, rather than security, the DNS has also been the target for a wide variety of attacks ranging from pranks to nation-state sponsored espionage. As new attacks have appeared, DNS-related security protocols and deployment practices have been developed or modified to support appropriate defenses. Advanced technologies and political events also drive changes in the DNS, contributing to a constant state of flux that creates the need for ongoing evaluations to understand the state-of-the-art of the system and address issues that arise. ☐ This dissertation studies the privacy and security of the DNS from three different aspects. First, this work considers the provisions of protocols designed to support encrypted DNS. It examines the possibility of leveraging DNS-over-TLS traffic to conduct a website fingerprinting attack, and outlines important defenses against such attacks. Second, this dissertation presents efforts to develop a DNS hijacking detection system. Finally, it presents measurements of misconfigurations in the DNS records of domains belonging to e-governments around the globe, and highlights promising approaches to reducing the prevalence of these errors.
Description
Keywords
DNS hijacking, DNS privacy, Domain name system (DNS), Network security
Citation