Privacy-Preserving and Censorship-Resistant Domain Name Service

This research is supported by the National Science Foundation.

Motivation and Approach

The Domain Name Service (DNS) is the phonebook of the Internet which maps human-friendly domain names to IP addresses. Without DNS, the Internet itself would not function. Despite the decades-long efforts to protect user privacy on the Internet -- privacy remains an open issue for DNS. In general, access to a DNS resolver enables traffic snooping, i.e., realizing who is looking for what. Moreover, DNS is a perfect vehicle for censorship: preventing users to resolve domain names is one of the simplest, and often utilized, way to censor free and open access on the Internet. The key question we aim to answer with this research is: Can we develop a truly privacy-preserving and censorship-resistant DNS?

Existing solutions to the problem are, unfortunately, insufficient. End-to-end encryption only protects a user's privacy from eavesdroppers but not from the DNS server. Oblivious DNS (ODNS) is a recent solution to address such a problem by detaching a user identify from a DNS request. This is achieved by adding a proxy between DNS client and server. Assuming a non-colluding proxy and DNS server, user privacy is enforced. However, non-collusion is hard to enforce and verify in reality. For example, both the proxy and the DNS server can be subjects of a subpoena, at which point privacy is again sacrificed. In addition, ODNS still leaves the door open for censorship. For instance, a DNS server controlled by the censorship enforcer will not respond to the queries for IP addresses of sensitive websites from any user.

The key thesis of this project is that the only way to guarantee full user privacy would be for the DNS server to do its job in the blind, i.e., by resolving domain names without knowing what they are. The latter statement seems counter-intuitive, but in reality several techniques exist which allow such operations. These techniques fall in the branch of Private Information Retrieval (PIR), which is achieved by various cryptographic tools such as homomorphic encryption. PIR protocols have long been considered impractical due to performance bottlenecks. Our preliminary research and performance benchmarks demonstrate that the PIR performance is moving towards the practically usable "territory" in terms of query timescales, traffic overhead, and supported database size. The main goal of this project is to make PIR applicable to DNS by leveraging inherent features of the DNS systems and co-designing novel PIR protocols, thus making the full DNS privacy and censorship resistance a reality.

People

Publications

    To appear.

Software

    To appear.