References & Citations
Computer Science > Cryptography and Security
Title: A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques
(Submitted on 3 Jan 2022 (v1), last revised 8 Jul 2022 (this version, v2))
Abstract: The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role for Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and hence, can be read and/or hijacked by third parties. To protect user privacy, the networking community has proposed standard encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) for DNS communications, enabling clients to perform secure and private domain name lookups. We survey the DNS encryption literature published since 2016, focusing on its current landscape and how it is misused by malware, and highlighting the existing techniques developed to make inferences from encrypted DNS traffic. First, we provide an overview of various standards developed in the space of DNS encryption and their adoption status, performance, benefits, and security issues. Second, we highlight ways that various malware families can exploit DNS encryption to their advantage for botnet communications and/or data exfiltration. Third, we discuss existing inference methods for profiling normal patterns and/or detecting malicious encrypted DNS traffic. Several directions are presented to motivate future research in enhancing the performance and security of DNS encryption.
Submission history
From: Minzhao Lyu [view email][v1] Mon, 3 Jan 2022 22:56:33 GMT (1552kb,D)
[v2] Fri, 8 Jul 2022 02:04:34 GMT (2790kb,D)
Link back to: arXiv, form interface, contact.