Measuring the Accessibility of Domain Name Encryption and its Impact on Internet Filtering

Most online communications rely on DNS to map domain names to their hosting IP address(es). Previous work has shown that DNS-based network interference is widespread due to the unencrypted and unauthenticated nature of the original DNS protocol. In …

How Great is the Great Firewall? Measuring China's DNS Censorship

Abstract: The DNS filtering apparatus of China’s Great Firewall (GFW) has evolved considerably over the past two decades. However, most prior studies of China’s DNS filtering were performed over short time periods, leading to unnoticed changes in the GFW’s behavior. In this study, we introduce GFWatch, a large-scale, longitudinal measurement platform capable of testing hundreds of millions of domains daily, enabling continuous monitoring of the GFW’s DNS filtering behavior. We present the results of running GFWatch over a nine-month period, during which we tested an average of 411M domains per day and detected a total of 311K domains censored by GFW’s DNS filter.

Domain Name Encryption Is Not Enough: Privacy Leakage via IP-based Website Fingerprinting

Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by---the still exposed---IP address …

"Assessing the Privacy Benefits of Domain Name Encryption" presented at Internet Engineering Task Force 110 Meeting

We are grateful to Dr. Mirja Kühlewind and Dr. Dave Plonka for giving us a chance to present our work on Assessing the Privacy Benefits of Domain Name Encryption to the Measurements and Analysis for Protocols Research Group (MAPRG) at IETF 110.

Triplet Censors: Demystifying Great Firewall’s DNS Censorship Behavior

The Great Firewall of China (GFW) has long used DNS packet injection to censor Internet access. In this work, we analyze the DNS injection behavior of the GFW over a period of nine months using the Alexa top 1M domains as a test list. We first focus …

Assessing the Privacy Benefits of Domain Name Encryption

As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled, users leak …

K-resolver: Towards Decentralizing Encrypted DNS Resolution

Centralized DNS over HTTPS/TLS (DoH/DoT) resolution , which has started being deployed by major hosting providers and web browsers, has sparked controversy among Internet activists and privacy advocates due to several privacy concerns. This design …

"K-resolver" presented at NDSS MADWeb 2020

We are happy to have our paper entitled "K-resolver: Towards Decentralizing Encrypted DNS Resolution" accepted at NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2020