Elsevier

Information Sciences

Volume 479, April 2019, Pages 593-606
Information Sciences

Smart collaborative distribution for privacy enhancement in moving target defense

https://doi.org/10.1016/j.ins.2018.06.002Get rights and content

Abstract

The Moving Target Defense (MTD) has been widely discussed in many communities to upgrade the network reliability, survivability, dependability, etc. However, utilizing MTD in privacy protection still needs more investigations. In this paper, we propose a smart collaborative distribution scheme to enhance the privacy based on MTD guidelines. A target application scenario is the Domain Name System (DNS) that is experiencing serious and complex privacy issues. The preliminary and potential risks are firstly analyzed based on DNS attack approaches, DNS server locations and the vulnerability of user privacy. Then, the details of our scheme are illustrated through port number assignment patterns, main procedures of dynamic port hopping and the implementation method. To quantitatively evaluate the performance, an analytical model was established from theoretical perspectives. The relationships between multiple parameters and overall system capacity are explored as well. The validation results demonstrate that the smart collaborative distribution is able to improve the privacy without affecting the basic DNS functionality.

Introduction

The privacy issue has been widely recognized as one of the most critical issues in computer networks. The Internet not only brings the pervasive and free entrances for users, but also provides convenient and inexpensive opportunities for attackers. Nowadays, many information leakage incidents, i.e. typical privacy issues, have been reported and discussed frequently all over the world [31]. A possible reason is more data will trigger more potential safety hazard. When the volume of content is continually extended, the original leakage ratio should be drastically reduced to maintain the balance. Although the researchers attempt to find a tradeoff solution between personal information protection and effective network usage, it is still a tough problem with lots of uncertainty. Traditional definitions have clearly delimitated the range of this field, however, such partition is gradually blurred since more novel paradigms (cloud computing, fog computing, edge computing) are emerging. Our society has been warned that the appropriate schemes are urgently needed [15].

The Moving Target Defense (MTD) [22], [32], as a set of promising mechanisms, has been noticed by academic experts and industrial practitioners. Here, we only choose two representative cases from the layered network architecture. For the bottom layers, the primitive practice could be traced back to pulling and plugging the wired cable to different slots in Local Area Network (LAN). The advantage is that the physical isolation can be enabled. However, such manual port hopping will be complicated when the network scale is large. To improve the scalability, Virtual LAN (VLAN) and Virtual Extensible LAN (VxLAN) are proposed to achieve the similar functionalities. Multiple subnets can be established and reconstructed based on service requirements. Both manual and automatic port hopping are supported to accomplish the logical isolation. For the upper layers, a tentative implementation was using fixed destination port number and random source port number in Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and other transport protocols. Although the original design intention may not be for privacy enhancement, it indeed inspired many creative followers. The applications of Peer to Peer (P2P), Virtual Private Network (VPN), social network, etc., utilize dynamic port hopping scheme to avoid the blocking and control of the Internet Service Provider (ISP), which protects the user privacy indirectly. Since current Domain Name System (DNS) [7], [17] is qualified to leverage the benefits of MTD as well, we would like to focus on this specific field.

The DNS is well known as a high level proxy between users and machines to swap the Uniform Resource Locator (URL) for Internet Protocol (IP) addresses. The former and latter are familiar to the human and computers, respectively. When the requests generated by the users are correctly received, iterative or recursive DNS lookup will be initiated immediately. Generally, The DNS servers in LAN should record several frequently-used or famous URLs to avoid unnecessary inquiring. If no appropriate DNS items are matched, the requests will be transmitted to the other DNS servers directly (will be detailed in Section 2). Finally, zero, one or more IP addresses might be returned based on the inquiring results. Even though the extensive usages of such procedures are acceptable, many significant problems are still calling for better solutions [6], [16]. For instance, port 53 has been occupied by TCP and UDP for DNS packets transmission, which provides an open window for attackers to monitor such fixed target. By utilizing the characteristics of MTD, such embarrassed situation can be relieved.

The motivation of this paper is to propose a smart collaborative distribution scheme to enhance the privacy when DNS lookup is executed. The target is to achieve dynamic port allocation and hopping during the relevant DNS workflow. Several significant questions should be fully considered during the operation process: How does the DNS maintain the wiretap difficulty based on affordable cost? What are the core elements of new procedure design? How does the administrator of DNS investigate the overall performance of the novel scheme via mathematical perspective? We will attempt to answer them in the following Sections.

The contribution of this paper is classified into two parts: (1) A smart collaborative distribution scheme is proposed based on MTD and the essential of implementation is also discussed. (2) A comprehensive system model is presented based on Markov theory and mathematical analysis is introduced to evaluate the results quantitatively.

The structure of this paper is: In Section 2, the preliminary and potential risks are provided. The characteristics of multiple DNS attack approaches are summarized and primary locations of DNS servers are presented. Then, four different privacy leakage cases are analyzed. In Section 3, the design details of the smart collaborative distribution are introduced. Current assignment schemes of port number are reviewed. Two algorithms are proposed based on the requirements of the end host and DNS server. The implementation results are abstracted from prototype system. Relevant modifications inside DNS packets are also illustrated. In Section 4, the analytical model is established to quantitatively validate the performance. Different scenarios are selected to analyze the relationships among multiple parameters. In Sections 5 and 6, the related work and conclusions are given, respectively.

Section snippets

Preliminary and potential risks

From the perspective of the network, with the high speed development of social software, lots of random, unreadable and ephemeral URLs are created and propagated, which inevitably lead to longer latency for DNS lookup process. Massive DNS requests sent by mobile terminals, fix terminals, Internet of Thing (IoT) devices, etc. will further increase the burdens. Although there are 13 root servers and plentiful mirror servers, the scalability and dependability of the DNS should be reconsidered to

The smart collaborative distribution

The foundation will be introduced to illustrate the preparation work of dynamic port hopping. Then, relevant steps and explanations are provided from end host's and DNS server's point of view.

Mathematical model and analysis

Although the details (assignments, algorithms, implementation, etc.) of the smart collaborative distribution have been provided, several interesting questions (optimal timing for ports retrieve, appropriate duration for ports occupation, logical size for ports pool, etc.) are still unanswered. Therefore, the analytical model should be proposed to explore the better performance of the system.

Related work

In order to find the appropriate integration from privacy perspective, the latest progresses in MTD and DNS are carefully selected and compared. Based on the characteristics, each of them is separated into multiple categories during the discussions.

Conclusions

Motivated by MTD applications in many related areas, we proposed a smart collaborative distribution scheme for privacy enhancement. Specifically, the DNS scenarios are focused due to the following reasons. Massive DNS lookup requests were sent by various electronic equipment inside the Internet. Such situation not only triggered enormous pressures for the DNS infrastructure, but also seriously led to privacy challenges. Therefore, the target of our solution is to achieve dynamic port hopping by

Acknowledgments

We would like to thank all the reviewers and editors for their invaluable comments and efforts on this article. This work was supported by the Fundamental Research Funds for the Central Universities under grant no. 2017JBM012 and The Soonchunhyang University Research Fund.

References (50)

  • M.T. Adili et al.

    A cost-effective security management for clouds: a game-theoretic deception mechanism

  • R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, Protocol Modifications for the DNS Security Extensions. RFC...
  • A. Aydeger et al.

    Mitigating crossfire attacks using SDN-based moving target defense

  • M. Azab et al.

    MIGRATE: towards a lightweight moving-target defense against cloud side-channels

  • A. Borgwart et al.

    Detection and forensics of domains hijacking

  • M. Calder et al.

    Mapping the expansion of Google's serving infrastructure

  • T. Callahan et al.

    On modern DNS behavior and properties

    SIGCOMM Comput. Commun. Rev.

    (2013)
  • M. Carvalho et al.

    Moving-Target Defenses for Computer Networks

    IEEE Secur. Privacy

    (2014)
  • R. Chitpranee et al.

    Towards passive DNS software fingerprinting

  • M. Cotton, L. Eggert, J. Touch, M. Westerlund, and S. Cheshire, Internet Assigned Numbers Authority (IANA) Procedures...
  • J. Damas, M. Graff, and P. Vixie, Extension Mechanisms for DNS (EDNS(0)). RFC 6891,...
  • G. Di Bella et al.

    A secret sharing scheme for anonymous DNS queries

  • D. Eastlake, Domain Name System Security Extensions. RFC 2535,...
  • D. Eastlake and C. Kaufman, Domain Name System Security Extensions. RFC 2065,...
  • A. Ekert et al.

    The ultimate physical limits of privacy

    Nature

    (2014)
  • A.D. Ferguson et al.

    Growth analysis of a large ISP

  • H. Gao et al.

    An empirical reexamination of global DNS behavior

  • N.M. Hands et al.

    A study on botnets utilizing DNS

  • S. Hao et al.

    Understanding the domain registration behavior of spammers

  • A. Herzberg et al.

    DNS authentication as a service: preventing amplification attacks

  • C. Hesselman et al.

    Increasing DNS security and stability through a control plane for top-level domain operators

    IEEE Commun. Mag.

    (2017)
  • V. Heydari et al.

    Scalable anti-censorship framework using moving target defense for web servers

    IEEE Trans. Inf. Forensics Secur.

    (2017)
  • J.H. Jafarian et al.

    An effective address mutation approach for disrupting reconnaissance attacks

    IEEE Trans. Inf. Forensics Secur.

    (2015)
  • M.H. Jalalzai et al.

    DNS security challenges and best practices to deploy secure DNS with digital signatures

  • Q. Jia et al.

    MOTAG: moving target defense against internet denial of service attacks

  • Cited by (84)

    • DP-RBADABOUND: A differentially private randomized block-coordinate adaptive gradient algorithm for training deep neural networks

      2023, Expert Systems with Applications
      Citation Excerpt :

      To deploy deep learning models in applications, there exists two major challenges: The first challenge is that the faster training algorithms need to be devised because the computational power of the devices and servers is limited. The second challenge is that data privacy needs to be protected in many applications (Alwarafy et al., 2021; Song et al., 2019). Because the data of devices needs to be sent to centralized servers, then the sensitive information such as health records and personal images may be leaked in the training process of deep learning models.

    • Three-layer hybrid intrusion detection model for smart home malicious attacks

      2021, Computers and Electrical Engineering
      Citation Excerpt :

      The DoS attack and the DDoS attack have gradually become the most serious ones due to the heavy damage they cause. Through these attacks, attackers can turn smart home devices into a botnet, then launch devastating attacks to disrupt the normal operation of various network infrastructures, resulting in network congestion and paralysis [7]. Therefore, ensuring the safety of smart home is the necessary premise for its application and promotion.

    View all citing articles on Scopus
    View full text