Skip to main content
SpringerLink
Log in
Book cover

International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

DIMVA 2016: Detection of Intrusions and Malware, and Vulnerability Assessment pp 343–353Cite as

Understanding the Privacy Implications of ECS

(Extended Abstract)

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9721))

Abstract

The edns-client-subnet (ECS) is a new extension for the Domain Name System (DNS) that delivers a “faster Internet” with the help of client-specific DNS answers. Under ECS, recursive DNS servers (recursives) provide client network address information to upstream authorities, permitting topologically localized answers for content delivery networks (CDNs). This optimization, however, comes with a privacy penalty that has not yet been studied. Our analysis concludes that ECS makes DNS communications less private: the potential for mass surveillance is greater, and stealthy, highly targeted DNS poisoning attacks become possible.

Despite being an experimental extension, ECS is already deployed, and users are expected to “opt out” on their own. Yet, there are no available client-side tools to do so. We describe a configuration of an experimental recursive tool to reduce the privacy leak from ECS queries in order to immediately allow users to protect their privacy. We recommend the protocol change from “opt out” to “opt in”, given the experimental nature of the extension and its privacy implications.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://youtu.be/U1ehqjGwETc.

References

  1. Antonakakis, M., Dagon, D., Luo, X., Perdisci, R., Lee, W., Bellmor, J.: A centralized monitoring infrastructure for improving DNS security. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 18–37. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  2. Arends, R., Austein, R., Larson, M., Massey, D., Rose, S.: DNS Security Introduction and Requirements. RFC 4033 (Proposed Standard), March 2005. http://www.ietf.org/rfc/rfc4033.txt, updated by RFCs 6014, 6840

  3. Bortzmeyer, S.: DNS Privacy Considerations, April 2014. https://tools.ietf.org/id/draft-bortzmeyer-dnsop-dns-privacy-02.txt

  4. Calder, M., Fan, X., Hu, Z., Katz-Bassett, E., Heidemann, J., Govindan, R.: Mapping the expansion of Google’s serving infrastructure. In: Proceedings of the 2013 Conference on Internet Measurement Conference, IMC 2013, pp. 313–326. ACM, New York (2013). http://doi.acm.org/10.1145/2504730.2504754

  5. Contavalli, C., Gaast, W.V.D., Leach, S., Rodden, D.: Client Subnet in DNS Requests (draft-vandergaast-edns-client-subnet-00) (2011). https://www.ietf.org/archive/id/draft-vandergaast-edns-client-subnet-00.txt

  6. Contavalli, C., Leach, S., Lewis, E., Gaast, W.V.D.: Client subnet in DNS requests (2013)

    Google Scholar 

  7. Contavalli, C., Leach, S., Lewis, E., Gaast, W.V.D.: Client Subnet in DNS Requests (draft-vandergaast-edns-client-subnet-02) (2014). https://datatracker.ietf.org/doc/draft-ietf-dnsop-edns-client-subnet/

  8. Dagon, D., Antonakakis, M., Vixie, P., Jinmei, T., Lee, W.: Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 211–222. ACM (2008)

    Google Scholar 

  9. Electronic Frontier Foundation: Mass Surveillance Technologies (2015). https://www.eff.org/issues/mass-surveillance-technologies

  10. Federrath, H., Fuchs, K.-P., Herrmann, D., Piosecny, C.: Privacy-preserving DNS: analysis of broadcast, range queries and mix-based protection methods. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 665–683. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  11. Google: Introduction to Google Public DNS. https://developers.google.com/speed/public-dns/docs/intro. Accessed 07 Apr 2015

  12. Guha, S., Francis, P.: Identity trail: covert surveillance using DNS. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 153–166. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Kaminsky, D.: Black ops 2008: It’s the end of the cache as we know it. Black Hat USA (2008)

    Google Scholar 

  14. Krishnan, S., Monrose, F.: DNS prefetching and its privacy implications: when good things go bad. In: Proceedings of the 3rd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, p. 10. USENIX Association (2010)

    Google Scholar 

  15. Mockapetris, P.: Domain names - implementation and specification. RFC 1035 (INTERNET STANDARD), November 1987. http://www.ietf.org/rfc/rfc1035.txt

  16. OpenDNS: The OpenDNS Global Network Delivers a Secure Connection Every Time, Everywhere (2010). http://info.opendns.com/rs/opendns/images/TD-Umbrella-Delivery-Platform.pdf

  17. OpenDNS: A Faster Internet (2011). http://www.afasterinternet.com

  18. Otto, J.S., Sánchez, M.A., Rula, J.P., Bustamante, F.E.: Content delivery and the natural evolution of DNS: remote DNS trends, performance issues and alternative solutions. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, pp. 523–536. ACM (2012)

    Google Scholar 

  19. Perdisci, R., Antonakakis, M., Luo, X., Lee, W.: WSEC DNS: protecting recursive DNS resolvers from poisoning attacks. In: IEEE/IFIP International Conference on Dependable Systems & Networks 2009, DSN 2009, pp. 3–12. IEEE (2009)

    Google Scholar 

  20. Stewart, J.: DNS cache poisoning-the next generation (2003)

    Google Scholar 

  21. Streibelt, F., Böttger, J., Chatzis, N., Smaragdakis, G., Feldmann, A.: Exploring EDNS-client-subnet adopters in your free time. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 305–312. ACM (2013)

    Google Scholar 

  22. Zhao, F., Hori, Y., Sakurai, K.: Analysis of privacy disclosure in DNS query. In: International Conference on Multimedia and Ubiquitous Engineering, 2007, MUE 2007, pp. 952–957. IEEE (2007)

    Google Scholar 

Download references

Acknowledgments

This material is based upon work supported in part by the US Department of Commerce under grant no. 2106DEK and Sandia National Laboratories grant no. 2106DMU. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the US Department of Commerce nor Sandia National Laboratories.

Author information

Authors and Affiliations

  1. School of Computer Science, Georgia Institute of Technology, Atlanta, GA, USA

    Panagiotis Kintis, Yacin Nadji & David Dagon

  2. Institute for Internet Security and Privacy, Georgia Institute of Technology, Atlanta, GA, USA

    Michael Farrell

  3. School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA, USA

    Manos Antonakakis

Authors
  1. Panagiotis Kintis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yacin Nadji
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Dagon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michael Farrell
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Manos Antonakakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Panagiotis Kintis .

Editor information

Editors and Affiliations

  1. IMDEA Software Institute, Pozuelo de Alarcón, Madrid, Spain

    Juan Caballero

  2. Mondragon University, Arrasate, Guipúzcoa, Spain

    Urko Zurutuza

  3. Universidad de Zaragoza, Zaragoza, Spain

    Ricardo J. Rodríguez

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Kintis, P., Nadji, Y., Dagon, D., Farrell, M., Antonakakis, M. (2016). Understanding the Privacy Implications of ECS. In: Caballero, J., Zurutuza, U., Rodríguez, R. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2016. Lecture Notes in Computer Science(), vol 9721. Springer, Cham. https://doi.org/10.1007/978-3-319-40667-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-40667-1_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-40666-4

  • Online ISBN: 978-3-319-40667-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation