Archivio Istituzionale della RicercaAs our digital presence expands, safeguarding private data and preserving online privacy becomes paramount. Thus, motivating the development of secure DNS systems, such as DNS over TLS or HTTPS. The vulnerability of these protocols against privacy attacks has led to the development of the Oblivious DNS-over-HTTPS (ODoH) protocol. Nevertheless, the extent of ODoH's effectiveness in protecting clients' privacy is still unknown. This study investigates ODoH resiliency against website fingerprinting attacks in the open-world setting. We deploy an ODoH testbed on GENI for data collection and employ deep learning techniques such as ensemble learning for data analysis. Our findings reveal that a passive adversary can identify targeted websites using ODoH traces with an accuracy of 94\%. Additionally, we analyze the impact of various factors, including clients' locations, available resolvers, and time stability, on the attack's success. Finally, we prototype a mitigation strategy and demonstrate its effectiveness in safeguarding clients privacy.
Privacy Analysis of Oblivious DNS over HTTPS: A Website Fingerprinting Study / Amir Salari, Mohammad; Kumar, Abhinav; Rinaudi, Federico; Tourani, Reza; Sacco, Alessio; Esposito, Flavio. - ELETTRONICO. - (2025), pp. 415-428. (Intervento presentato al convegno 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks tenutosi a Naples (ITA) nel June 23-26, 2025) [10.1109/DSN64029.2025.00048].
Privacy Analysis of Oblivious DNS over HTTPS: A Website Fingerprinting Study
Federico Rinaudi;Alessio Sacco;
2025
Abstract
As our digital presence expands, safeguarding private data and preserving online privacy becomes paramount. Thus, motivating the development of secure DNS systems, such as DNS over TLS or HTTPS. The vulnerability of these protocols against privacy attacks has led to the development of the Oblivious DNS-over-HTTPS (ODoH) protocol. Nevertheless, the extent of ODoH's effectiveness in protecting clients' privacy is still unknown. This study investigates ODoH resiliency against website fingerprinting attacks in the open-world setting. We deploy an ODoH testbed on GENI for data collection and employ deep learning techniques such as ensemble learning for data analysis. Our findings reveal that a passive adversary can identify targeted websites using ODoH traces with an accuracy of 94\%. Additionally, we analyze the impact of various factors, including clients' locations, available resolvers, and time stability, on the attack's success. Finally, we prototype a mitigation strategy and demonstrate its effectiveness in safeguarding clients privacy.
| File | Dimensione | Formato | |
|---|---|---|---|
|
ODoH__DSN_.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
1.26 MB
Formato
Adobe PDF
|
1.26 MB | Adobe PDF | Visualizza/Apri |
|
Privacy_Analysis_of_Oblivious_DNS_over_HTTPS_a_Website_Fingerprinting_Study.pdf
accesso riservato
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
1.59 MB
Formato
Adobe PDF
|
1.59 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/3001664