Haya Shulman (Technische Universität Darmstadt)
As awareness for privacy of Domain Name System (DNS) is increasing, a number of mechanisms for encryption of DNS packets were proposed. We study the prominent defences, focusing on the privacy guarantees, interoperability with the DNS infrastructure, and the efficiency overhead. In particular:
- We explore dependencies in DNS and show techniques that utilise DNS specific side channel leaks allowing to infer information about the target domain in an encrypted DNS packet.
- We examine common DNS servers configurations and show that the proposals are expected to encounter deployment obstacles with (at least) $38\%$ of 50K-top Alexa domains and (at least) $12\%$ of the top-level domains (TLDs), and will disrupt the DNS functionality and availability for clients. We also show the implication of these configurations on adoption of DNSSEC.
- We show that due to the non-interoperability with the caches, the proposals for end-to-end encryption may have a prohibitive traffic overhead on the name servers.
Our work indicates that further study may be required to adjust the proposals to stand up to their security guarantees, and to make them suitable for the common servers' configurations in the DNS infrastructure.
Haya Shulman is a Claude Shannon network and systems security research group leader at Technische Universität Darmstadt. Before that she was a postdoctoral researcher also at Technische Universität Darmstadt. Haya conducted her Ph.D. at the Department of Computer Science, Bar-Ilan University, Israel, in the network and cyber security group headed by Prof. Dr. Amir Herzberg. In 2011 and 2013 she received the ‘Checkpoint Institute for Information Security (CPIIS)’ awards, in 2013 she received the Feder prize for her research in communication technologies and an ICANN research fellowship. In 2014 Haya was awarded the Bar-Ilan university Rector prize for her achievements in research, and in 2015 she was awarded an IETF/IRTF Applied Networking Research Prize.