Most online communications rely on DNS to map domain names to their hosting IP address(es). Previous work has shown that DNS-based network interference is widespread due to the unencrypted and unauthenticated nature of the original DNS protocol. In …
Abstract: The DNS filtering apparatus of China’s Great Firewall (GFW) has evolved considerably over the past two decades. However, most prior studies of China’s DNS filtering were performed over short time periods, leading to unnoticed changes in the GFW’s behavior. In this study, we introduce GFWatch, a large-scale, longitudinal measurement platform capable of testing hundreds of millions of domains daily, enabling continuous monitoring of the GFW’s DNS filtering behavior.
We present the results of running GFWatch over a nine-month period, during which we tested an average of 411M domains per day and detected a total of 311K domains censored by GFW’s DNS filter.
Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by---the still exposed---IP address …
We are grateful to Dr. Mirja Kühlewind and Dr. Dave Plonka for giving us a chance to present our work on Assessing the Privacy Benefits of Domain Name Encryption to the Measurements and Analysis for Protocols Research Group (MAPRG) at IETF 110.
The Great Firewall of China (GFW) has long used DNS packet injection to censor Internet access. In this work, we analyze the DNS injection behavior of the GFW over a period of nine months using the Alexa top 1M domains as a test list. We first focus …
As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled, users leak …
Centralized DNS over HTTPS/TLS (DoH/DoT) resolution , which has started being deployed by major hosting providers and web browsers, has sparked controversy among Internet activists and privacy advocates due to several privacy concerns. This design …
We are happy to have our paper entitled "K-resolver: Towards Decentralizing Encrypted DNS Resolution" accepted at NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2020