Leveraging eBPF to preserve user privacy for DNS, DoT, and DoH queries

Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-01 DOI:10.1145/3407023.3407041

Sean Rivera, V. Gurbani, S. Lagraa, Antonio Ken Iannillo, R. State

{"title":"Leveraging eBPF to preserve user privacy for DNS, DoT, and DoH queries","authors":"Sean Rivera, V. Gurbani, S. Lagraa, Antonio Ken Iannillo, R. State","doi":"10.1145/3407023.3407041","DOIUrl":null,"url":null,"abstract":"The Domain Name System (DNS), a fundamental protocol that controls how users interact with the Internet, inadequately provides protection for user privacy. Recently, there have been advancements in the field of DNS privacy and security in the form of the DNS over TLS (DoT) and DNS over HTTPS (DoH) protocols. The advent of these protocols and recent advancements in large-scale data processing have drastically altered the threat model for DNS privacy. Users can no longer rely on traditional methods, and must instead take active steps to ensure their privacy. In this paper, we demonstrate how the extended Berkeley Packet Filter (eBPF) can assist users in maintaining their privacy by leveraging eBPF to provide privacy across standard DNS, DoH, and DoT communications. Further, we develop a method that allows users to enforce application-specific DNS servers. Our method provides users with control over their DNS network traffic and privacy without requiring changes to their applications while adding low overhead.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3407023.3407041","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

The Domain Name System (DNS), a fundamental protocol that controls how users interact with the Internet, inadequately provides protection for user privacy. Recently, there have been advancements in the field of DNS privacy and security in the form of the DNS over TLS (DoT) and DNS over HTTPS (DoH) protocols. The advent of these protocols and recent advancements in large-scale data processing have drastically altered the threat model for DNS privacy. Users can no longer rely on traditional methods, and must instead take active steps to ensure their privacy. In this paper, we demonstrate how the extended Berkeley Packet Filter (eBPF) can assist users in maintaining their privacy by leveraging eBPF to provide privacy across standard DNS, DoH, and DoT communications. Further, we develop a method that allows users to enforce application-specific DNS servers. Our method provides users with control over their DNS network traffic and privacy without requiring changes to their applications while adding low overhead.

查看原文本刊更多论文

利用eBPF保护DNS、DoT和DoH查询的用户隐私

域名系统(DNS)是控制用户如何与互联网交互的基本协议，但它未能充分保护用户隐私。近年来，在DNS保密性和安全性方面取得了一些进展，主要有DNS over TLS (DoT)和DNS over HTTPS (DoH)协议。这些协议的出现和最近大规模数据处理的进步已经彻底改变了DNS隐私的威胁模型。用户不能再依赖传统的方法，而是必须采取积极措施来确保他们的隐私。在本文中，我们演示了扩展的伯克利包过滤器(eBPF)如何通过利用eBPF在标准DNS、DoH和DoT通信中提供隐私来帮助用户维护他们的隐私。此外，我们开发了一种方法，允许用户强制执行特定于应用程序的DNS服务器。我们的方法为用户提供了对其DNS网络流量和隐私的控制，而无需更改其应用程序，同时增加了低开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 15th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量