DNS over HTTPS traffic analysis and detection
The Domain Name Service (DNS) is a prevalent protocol used in computer communications, used to translate domain names to addresses that can be routed to via de Internet Protocol (IP). One of the main characteristics of DNS is the use of plaintext requests and responses, leaking information even in t...
| Autor: | |
|---|---|
| Formato: | tesis de maestría |
| Fecha de publicación: | 2020 |
| País: | España |
| Recursos: | Universitat Oberta de Catalunya (UOC) |
| Repositorio: | O2, repositorio institucional de la UOC |
| OAI Identifier: | oai:openaccess.uoc.edu:10609/119946 |
| Acesso em linha: | http://hdl.handle.net/10609/119946 |
| Access Level: | acceso abierto |
| Palavra-chave: | DNS machine learning traffic analysis HTTPS aprendizaje automático análisis del tráfico aprenentatge automàtic anàlisi del trànsit Computer security -- TFM Seguretat informàtica -- TFM Seguridad informática -- TFM |
| Resumo: | The Domain Name Service (DNS) is a prevalent protocol used in computer communications, used to translate domain names to addresses that can be routed to via de Internet Protocol (IP). One of the main characteristics of DNS is the use of plaintext requests and responses, leaking information even in traditional secure communications; a client might resolve a server's IP address using plaintext messages, and then cryptographically protect its exchange with the server itself. DNS over HTTPS (DoH) is a protocol specification introduced in the IETF RFC 8484 (2018), which provides a mapping of regular DNS requests and responses over TLS-encapsulated HTTP messages. TLS (Transport Layer Protocol) and HTTP (HyperText Transfer Protocol), known in conjunction as HTTPS, are the two most common methods of communication with web servers, each providing security and structure respectively. DoH, then, provides not only the cryptographic benefits of TLS, but also the masquerading of DoH communications as regular web traffic. Although recent work has aimed to identify the content of DoH communications by using different fingerprinting techniques, distinguishing regular TLS-encapsulated HTTP traffic from DoH remains an unsolved challenge. In this thesis, passive analysis of DoH traffic is presented, as well as a method and implementation for its detection. |
|---|