Institutional Privacy Risks in Sharing DNS Data. Imana, B., Korolova, A., & Heidemann, J. In Proceedings of the Applied Networking Research Workshop, Virtual, July, 2021. ACM.
Institutional Privacy Risks in Sharing DNS Data [link]Paper  doi  abstract   bibtex   
The Domain Name System (DNS) is used in every website visit and e-mail transmission, so privacy is an obvious concern. In DNS, users ask recursive resolvers (or ``recursives'') to make queries on their behalf. Prior analysis of DNS privacy focused on privacy risks to individual end-users, mainly in traffic between users and recursives. Recursives cache and aggregate traffic for many users, factors that are commonly assumed to protect end-user privacy above the recursive. We document \emphinstitutional privacy as a new risk posed by DNS data collected at authoritative servers, even after caching and aggregation by DNS recursives. We are the first to demonstrate this risk by looking at leaks of e-mail exchanges which show communications patterns, and leaks from accessing sensitive websites, both of which can harm an institution's public image. We define a methodology to identify queries from institutions and identify leaks. We show the current practices of prefix-preserving anonymization of IP addresses and aggregation above the recursive are not sufficient to protect institutional privacy, suggesting the need for novel approaches. We demonstrate this claim by applying our methodology to real-world traffic from DNS servers that use partial prefix-preserving anonymization. Our work prompts additional privacy considerations for institutions that run their own resolvers and authoritative server operators that log and share DNS data.
@InProceedings{Imana21c,
        author =        "Basileal Imana and Aleksandra Korolova and John Heidemann",
        title =         "Institutional Privacy Risks in Sharing {DNS} Data",
        booktitle =     "Proceedings of the " # " Applied Networking Research Workshop",
        year =          2021,
	myorganization =	"USC/Information Sciences Institute",
	sortdate = 	"2021-07-26", 
	project = "ant, diiner",
	jsubject = "network_observation",
        month =      jul,
        address =    "Virtual",
        publisher =  "ACM",
        jlocation =   "johnh: pafile",
        keywords =   "dns, privacy, institutional privacy",
	doi = "https://doi.org/10.1145/3472305.3472324",
	url =		"https://ant.isi.edu/%7ejohnh/PAPERS/Imana21c.html",
	pdfurl =	"https://ant.isi.edu/%7ejohnh/PAPERS/Imana21c.pdf",
	videourl = "https://irtf.org/anrw/2021/2-ANRW2021-89.m4v",
	blogurl = "https://ant.isi.edu/blog/?p=1710",
	abstract = "The Domain Name System (DNS) is used in every website visit and e-mail
transmission, so privacy is an obvious concern.  In DNS, users ask
recursive resolvers (or ``recursives'') to make queries on their
behalf.  Prior analysis of DNS privacy focused on privacy risks to
individual end-users, mainly in traffic between users and recursives.
Recursives cache and aggregate traffic for many users, factors that
are commonly assumed to protect end-user privacy above the recursive.
We document \emph{institutional privacy} as a new risk posed by DNS
data collected at authoritative servers, even after caching and
aggregation by DNS recursives.  We are the first to demonstrate this
risk by looking at leaks of e-mail exchanges which show communications
patterns, and leaks from accessing sensitive websites, both of which
can harm an institution's public image.  We define a methodology to
identify queries from institutions and identify leaks.  We show the
current practices of prefix-preserving anonymization of IP addresses
and aggregation above the recursive are not sufficient to protect
institutional privacy, suggesting the need for novel approaches.  We
demonstrate this claim by applying our methodology to real-world
traffic from DNS servers that use partial prefix-preserving
anonymization.  Our work prompts additional privacy considerations for
institutions that run their own resolvers and authoritative server
operators that log and share DNS data.",
}

Downloads: 0