TY - GEN
T1 - Institutional privacy risks in sharing DNS data
AU - Imana, Basileal
AU - Korolova, Aleksandra
AU - Heidemann, John
N1 - Publisher Copyright:
© 2021 Owner/Author.
PY - 2021/7/24
Y1 - 2021/7/24
N2 - The Domain Name System (DNS) is used in every website visit and e-mail transmission, so privacy is an obvious concern. In DNS, users ask recursive resolvers (or "recursives") to make queries on their behalf. Prior analysis of DNS privacy focused on privacy risks to individual end-users, mainly in traffic between users and recursives. Recursives cache and aggregate traffic for many users, factors that are commonly assumed to protect end-user privacy above the recursive. We document institutional privacy as a new risk posed by DNS data collected at authoritative servers, even after caching and aggregation by DNS recursives. We are the first to demonstrate this risk by looking at leaks of e-mail exchanges which show communications patterns, and leaks from accessing sensitive websites, both of which can harm an institution's public image. We define a methodology to identify queries from institutions and identify leaks. We show the current practices of prefix-preserving anonymization of IP addresses and aggregation above the recursive are not sufficient to protect institutional privacy, suggesting the need for novel approaches. We demonstrate this claim by applying our methodology to real-world traffic from DNS servers that use partial prefix-preserving anonymization. Our work prompts additional privacy considerations for institutions that run their own resolvers and authoritative server operators that log and share DNS data.
AB - The Domain Name System (DNS) is used in every website visit and e-mail transmission, so privacy is an obvious concern. In DNS, users ask recursive resolvers (or "recursives") to make queries on their behalf. Prior analysis of DNS privacy focused on privacy risks to individual end-users, mainly in traffic between users and recursives. Recursives cache and aggregate traffic for many users, factors that are commonly assumed to protect end-user privacy above the recursive. We document institutional privacy as a new risk posed by DNS data collected at authoritative servers, even after caching and aggregation by DNS recursives. We are the first to demonstrate this risk by looking at leaks of e-mail exchanges which show communications patterns, and leaks from accessing sensitive websites, both of which can harm an institution's public image. We define a methodology to identify queries from institutions and identify leaks. We show the current practices of prefix-preserving anonymization of IP addresses and aggregation above the recursive are not sufficient to protect institutional privacy, suggesting the need for novel approaches. We demonstrate this claim by applying our methodology to real-world traffic from DNS servers that use partial prefix-preserving anonymization. Our work prompts additional privacy considerations for institutions that run their own resolvers and authoritative server operators that log and share DNS data.
UR - http://www.scopus.com/inward/record.url?scp=85112237198&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85112237198&partnerID=8YFLogxK
U2 - 10.1145/3472305.3472324
DO - 10.1145/3472305.3472324
M3 - Conference contribution
AN - SCOPUS:85112237198
T3 - ANRW 2021 - Proceedings of the 2021 Applied Networking Research Workshop
SP - 69
EP - 75
BT - ANRW 2021 - Proceedings of the 2021 Applied Networking Research Workshop
PB - Association for Computing Machinery, Inc
T2 - 2021 IRTF Applied Networking Research Workshop, ANRW 2021
Y2 - 24 July 2021 through 30 July 2021
ER -