Academic literature on the topic 'Domain Name System over HTTPS'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Domain Name System over HTTPS.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "Domain Name System over HTTPS"
1
M. Banadaki, Yaser. "Detecting Malicious DNS over HTTPS Traffic in Domain Name System using Machine Learning Classifiers." Journal of Computer Sciences and Applications 8, no. 2 (August 20, 2020): 46–55. http://dx.doi.org/10.12691/jcsa-8-2-2.
Full text
2
Singanamalla, Sudheesh, Suphanat Chunhapanya, Jonathan Hoyland, Marek Vavruša, Tanya Verma, Peter Wu, Marwan Fayed, Kurtis Heimerl, Nick Sullivan, and Christopher Wood. "Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS." Proceedings on Privacy Enhancing Technologies 2021, no. 4 (July 23, 2021): 575–92. http://dx.doi.org/10.2478/popets-2021-0085.
Full textAbstract:
Abstract The Internet’s Domain Name System (DNS) responds to client hostname queries with corresponding IP addresses and records. Traditional DNS is unencrypted and leaks user information to on-lookers. Recent efforts to secure DNS using DNS over TLS (DoT) and DNS over HTTPS (DoH) have been gaining traction, ostensibly protecting DNS messages from third parties. However, the small number of available public large-scale DoT and DoH resolvers has reinforced DNS privacy concerns, specifically that DNS operators could use query contents and client IP addresses to link activities with identities. Oblivious DNS over HTTPS (ODoH) safeguards against these problems. In this paper we implement and deploy interoperable instantiations of the protocol, construct a corresponding formal model and analysis, and evaluate the protocols’ performance with wide-scale measurements. Results suggest that ODoH is a practical privacy-enhancing replacement for DNS.
3
Zain ul Abideen, Muhammad, Shahzad Saleem, and Madiha Ejaz. "VPN Traffic Detection in SSL-Protected Channel." Security and Communication Networks 2019 (October 29, 2019): 1–17. http://dx.doi.org/10.1155/2019/7924690.
Full textAbstract:
In recent times, secure communication protocols over web such as HTTPS (Hypertext Transfer Protocol Secure) are being widely used instead of plain web communication protocols like HTTP (Hypertext Transfer Protocol). HTTPS provides end-to-end encryption between the user and service. Nowadays, organizations use network firewalls and/or intrusion detection and prevention systems (IDPS) to analyze the network traffic to detect and protect against attacks and vulnerabilities. Depending on the size of organization, these devices may differ in their capabilities. Simple network intrusion detection system (NIDS) and firewalls generally have no feature to inspect HTTPS or encrypted traffic, so they rely on unencrypted traffic to manage the encrypted payload of the network. Recent and powerful next-generation firewalls have Secure Sockets Layer (SSL) inspection feature which are expensive and may not be suitable for every organizations. A virtual private network (VPN) is a service which hides real traffic by creating SSL-protected channel between the user and server. Every Internet activity is then performed under the established SSL tunnel. The user inside the network with malicious intent or to hide his activity from the network security administration of the organization may use VPN services. Any VPN service may be used by users to bypass the filters or signatures applied on network security devices. These services may be the source of new virus or worm injected inside the network or a gateway to facilitate information leakage. In this paper, we have proposed a novel approach to detect VPN activity inside the network. The proposed system analyzes the communication between user and the server to analyze and extract features from network, transport, and application layer which are not encrypted and classify the incoming traffic as malicious, i.e., VPN traffic or standard traffic. Network traffic is analyzed and classified using DNS (Domain Name System) packets and HTTPS- (Hypertext Transfer Protocol Secure-) based traffic. Once traffic is classified, the connection based on the server’s IP, TCP port connected, domain name, and server name inside the HTTPS connection is analyzed. This helps in verifying legitimate connection and flags the VPN-based traffic. We worked on top five freely available VPN services and analyzed their traffic patterns; the results show successful detection of the VPN activity performed by the user. We analyzed the activity of five users, using some sort of VPN service in their Internet activity, inside the network. Out of total 729 connections made by different users, 329 connections were classified as legitimate activity, marking 400 remaining connections as VPN-based connections. The proposed system is lightweight enough to keep minimal overhead, both in network and resource utilization and requires no specialized hardware.
4
Di Martino, Mariano, Peter Quax, and Wim Lamotte. "Knocking on IPs: Identifying HTTPS Websites for Zero-Rated Traffic." Security and Communication Networks 2020 (August 28, 2020): 1–14. http://dx.doi.org/10.1155/2020/7285786.
Full textAbstract:
Zero-rating is a technique where internet service providers (ISPs) allow consumers to utilize a specific website without charging their internet data plan. Implementing zero-rating requires an accurate website identification method that is also efficient and reliable to be applied on live network traffic. In this paper, we examine existing website identification methods with the objective of applying zero-rating. Furthermore, we demonstrate the ineffectiveness of these methods against modern encryption protocols such as Encrypted SNI and DNS over HTTPS and therefore show that ISPs are not able to maintain the current zero-rating approaches in the forthcoming future. To address this concern, we present “Open-Knock,” a novel approach that is capable of accurately identifying a zero-rated website, thwarts free-riding attacks, and is sustainable on the increasingly encrypted web. In addition, our approach does not require plaintext protocols or preprocessed fingerprints upfront. Finally, our experimental analysis unveils that we are able to convert each IP address to the correct domain name for each website in the Tranco top 6000 websites list with an accuracy of 50.5% and therefore outperform the current state-of-the-art approaches.
5
Dahlberg, Rasmus, Tobias Pulls, Tom Ritter, and Paul Syverson. "Privacy-Preserving & Incrementally-Deployable Support for Certificate Transparency in Tor." Proceedings on Privacy Enhancing Technologies 2021, no. 2 (January 29, 2021): 194–213. http://dx.doi.org/10.2478/popets-2021-0024.
Full textAbstract:
Abstract The security of the web improved greatly throughout the last couple of years. A large majority of the web is now served encrypted as part of HTTPS, and web browsers accordingly moved from positive to negative security indicators that warn the user if a connection is insecure. A secure connection requires that the server presents a valid certificate that binds the domain name in question to a public key. A certificate used to be valid if signed by a trusted Certificate Authority (CA), but web browsers like Google Chrome and Apple’s Safari have additionally started to mandate Certificate Transparency (CT) logging to overcome the weakest-link security of the CA ecosystem. Tor and the Firefox-based Tor Browser have yet to enforce CT. In this paper, we present privacy-preserving and incrementally-deployable designs that add support for CT in Tor. Our designs go beyond the currently deployed CT enforcements that are based on blind trust: if a user that uses Tor Browser is man-in-the-middled over HTTPS, we probabilistically detect and disclose cryptographic evidence of CA and/or CT log misbehavior. The first design increment allows Tor to play a vital role in the overall goal of CT: detect mis-issued certificates and hold CAs accountable. We achieve this by randomly cross-logging a subset of certificates into other CT logs. The final increments hold misbehaving CT logs accountable, initially assuming that some logs are benign and then without any such assumption. Given that the current CT deployment lacks strong mechanisms to verify if log operators play by the rules, exposing misbehavior is important for the web in general and not just Tor. The full design turns Tor into a system for maintaining a probabilistically-verified view of the CT log ecosystem available from Tor’s consensus. Each increment leading up to it preserves privacy due to and how we use Tor.
6
Victors, Jesse, Ming Li, and Xinwen Fu. "The Onion Name System." Proceedings on Privacy Enhancing Technologies 2017, no. 1 (January 1, 2017): 21–41. http://dx.doi.org/10.1515/popets-2017-0003.
Full textAbstract:
Abstract Tor onion services, also known as hidden services, are anonymous servers of unknown location and ownership that can be accessed through any Torenabled client. They have gained popularity over the years, but since their introduction in 2002 still suffer from major usability challenges primarily due to their cryptographically-generated non-memorable addresses. In response to this difficulty, in this work we introduce the Onion Name System (OnioNS), a privacy-enhanced decentralized name resolution service. OnioNS allows Tor users to reference an onion service by a meaningful globally-unique verifiable domain name chosen by the onion service administrator.We construct OnioNS as an optional backwards-compatible plugin for Tor, simplify our design and threat model by embedding OnioNS within the Tor network, and provide mechanisms for authenticated denial-of-existence with minimal networking costs. We introduce a lottery-like system to reduce the threat of land rushes and domain squatting. Finally, we provide a security analysis, integrate our software with the Tor Browser, and conduct performance tests of our prototype.
7
Hoang, Nguyen Phong, Arian Akhavan Niaki, Phillipa Gill, and Michalis Polychronakis. "Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting." Proceedings on Privacy Enhancing Technologies 2021, no. 4 (July 23, 2021): 420–40. http://dx.doi.org/10.2478/popets-2021-0078.
Full textAbstract:
Abstract Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by—the still exposed—IP address information. However, content delivery networks, DNS-based load balancing, co-hosting of different websites on the same server, and IP address churn, all contribute towards making domain–IP mappings unstable, and prevent straightforward IP-based browsing tracking. In this paper, we show that this instability is not a roadblock (assuming a universal DoT/DoH and ECH deployment), by introducing an IP-based website finger-printing technique that allows a network-level observer to identify at scale the website a user visits. Our technique exploits the complex structure of most websites, which load resources from several domains besides their primary one. Using the generated fingerprints of more than 200K websites studied, we could successfully identify 84% of them when observing solely destination IP addresses. The accuracy rate increases to 92% for popular websites, and 95% for popular and sensitive web-sites. We also evaluated the robustness of the generated fingerprints over time, and demonstrate that they are still effective at successfully identifying about 70% of the tested websites after two months. We conclude by discussing strategies for website owners and hosting providers towards hindering IP-based website fingerprinting and maximizing the privacy benefits offered by DoT/DoH and ECH.
8
Hussain, Mohammed Abdulridha, Hai Jin, Zaid Alaa Hussien, Zaid Ameen Abduljabbar, Salah H. Abbdal, and Ayad Ibrahim. "Enc-DNS-HTTP: Utilising DNS Infrastructure to Secure Web Browsing." Security and Communication Networks 2017 (2017): 1–15. http://dx.doi.org/10.1155/2017/9479476.
Full textAbstract:
Online information security is a major concern for both users and companies, since data transferred via the Internet is becoming increasingly sensitive. The World Wide Web uses Hypertext Transfer Protocol (HTTP) to transfer information and Secure Sockets Layer (SSL) to secure the connection between clients and servers. However, Hypertext Transfer Protocol Secure (HTTPS) is vulnerable to attacks that threaten the privacy of information sent between clients and servers. In this paper, we propose Enc-DNS-HTTP for securing client requests, protecting server responses, and withstanding HTTPS attacks. Enc-DNS-HTTP is based on the distribution of a web server public key, which is transferred via a secure communication between client and a Domain Name System (DNS) server. This key is used to encrypt client-server communication. The scheme is implemented in the C programming language and tested on a Linux platform. In comparison with Apache HTTPS, this scheme is shown to have more effective resistance to attacks and improved performance since it does not involve a high number of time-consuming operations.
9
Antic, Djordje, and Mladen Veinovic. "Implementation of DNSSEC-secured name servers for ni.rs zone and best practices." Serbian Journal of Electrical Engineering 13, no. 3 (2016): 369–80. http://dx.doi.org/10.2298/sjee1603369a.
Full textAbstract:
As a backbone of all communications over the Internet, DNS (Domain Name System) is crucial for all entities that need to be visible and provide services outside their internal networks. Public administration is a prime example for various services that have to be provided to citizens. This manuscript presents one possible approach, implemented in the administration of the City of Nis, for improving the robustness and resilience of external domain space, as well as securing it with DNSSEC (DNS Security Extensions).
10
Devos, Koen, Filiep T’jollyn, Peter Desmet, Frederic Piesschaert, and Dimitri Brosens. "Watervogels – Wintering waterbirds in Flanders, Belgium." ZooKeys 915 (February 24, 2020): 127–35. http://dx.doi.org/10.3897/zookeys.915.38265.
Full textAbstract:
"Watervogels – Wintering waterbirds in Flanders, Belgium" is a sampling event dataset published by the Research Institute for Nature and Forest (INBO). It contains more than 94,000 sampling events (site counts), covering over 710,000 species observations (and zero counts when there is no associated occurrence) and 36 million individual birds for the period 1991–2016. The dataset includes information on 167 different species in nearly 1,100 wetland sites. The aim of these bird counts is to gather information on the size, distribution, and long-term trends of wintering waterbird populations in Flanders. These data are also used to assess the importance of individual sites for waterbirds, using quantitative criteria. Furthermore, the waterbird counts contribute to international monitoring programs, such as the International Waterbird Census (coordinated by Wetlands International) and fulfil some of the objectives of the European Bird Directive, the Ramsar Convention, and the Agreement on the Conservation of African-Eurasian Migratory Waterbirds (AEWA). Here the dataset is published as a standardized Darwin Core Archive and includes for each event: a stable event ID, date and location of observation and a short description of the sampling protocol, effort and conditions (in the event core), supplemented with specific information for each occurrence: a stable occurrence ID, the scientific name and higher classification of the observed species, the number of recorded individuals, and a reference to the observer of the record (in the occurrence extension). Issues with the dataset can be reported at https://github.com/inbo/data-publication/issues. The following information is not included in this dataset and available upon request: roost site counts, counts from historical (inactive) locations and counts from before 1991. We have released this dataset to the public domain under a CC0 1.0 Universal (CC0 1.0) Public Domain Dedication (https://creativecommons.org/publicdomain/zero/1.0/). We would appreciate it if you follow the INBO norms for data use (https://www.inbo.be/en/norms-data-use) when using the data. If you have any questions regarding this dataset, do not hesitate to contact us via the contact information provided in the metadata or via opendata@inbo.be.
Dissertations / Theses on the topic "Domain Name System over HTTPS"
1
Biolek, Martin. "Klientská aplikace protokolu DNS s grafickým rozhraním pro účely výuky." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2021. http://www.nusl.cz/ntk/nusl-442404.
Full textAbstract:
The goal of the Master thesis on the topic of the Client application of DNS protocol with graphical interface for teaching purposes is to create a program with the features of sending, receiving DNS, MDNS and LLMNR protocols with optional parameters. Additionally, compare the created application with available tools such as Nslookup, Dig and create examples of application for teaching.
2
Likarish, Peter F. "Early detection of malicious web content with applied machine learning." Diss., University of Iowa, 2011. https://ir.uiowa.edu/etd/4871.
Full textAbstract:
This thesis explores the use of applied machine learning techniques to augment traditional methods of identifying and preventing web-based attacks. Several factors complicate the identification of web-based attacks. The first is the scale of the web. The amount of data on the web and the heterogeneous nature of this data complicate efforts to distinguish between benign sites and attack sites. Second, an attacker may duplicate their attack at multiple, unexpected locations (multiple URLs spread across different domains) with ease. Third, attacks can be hosted nearly anonymously; there is little cost or risk associated with hosting or publishing a web-based attack. In combination, these factors lead one to conclude that, currently, the webs threat landscape is unfavorably tilted towards the attacker.
To counter these advantages this thesis describes our novel solutions to web se- curity problems. The common theme running through our work is the demonstration that we can detect attacks missed by other security tools as well as detecting attacks sooner than other security responses. To illustrate this, we describe the development of BayeShield, a browser-based tool capable of successfully identifying phishing at- tacks in the wild. Progressing from specific to a more general approach, we next focus on the detection of obfuscated scripts (one of the most commonly used tools in web-based attacks). Finally, we present TopSpector, a system we've designed to forecast malicious activity prior to it's occurrence. We demonstrate that by mining Top-Level DNS data we can produce a candidate set of domains that contains up to 65% of domains that will be blacklisted. Furthermore, on average TopSpector flags malicious domains 32 days before they are blacklisted, allowing the security community ample time to investigate these domains before they host malicious activity.
3
Malhotra, Aanchal. "Attacking and securing Network Time Protocol." Thesis, 2019. https://hdl.handle.net/2144/39584.
Full textAbstract:
Network Time Protocol (NTP) is used to synchronize time between computer systems communicating over unreliable, variable-latency, and untrusted network paths. Time is critical for many applications; in particular it is heavily utilized by cryptographic protocols. Despite its importance, the community still lacks visibility into the robustness of the NTP ecosystem itself, the integrity of the timing information transmitted by NTP, and the impact that any error in NTP might have upon the security of other protocols that rely on timing information. In this thesis, we seek to accomplish the following broad goals:
1. Demonstrate that the current design presents a security risk, by showing that network attackers can exploit NTP and then use it to attack other core Internet protocols that rely on time.
2. Improve NTP to make it more robust, and rigorously analyze the security of the improved protocol.
3. Establish formal and precise security requirements that should be satisfied by a network time-synchronization protocol, and prove that these are sufficient for the security of other protocols that rely on time.
We take the following approach to achieve our goals incrementally.
1. We begin by (a) scrutinizing NTP's core protocol (RFC 5905) and (b) statically analyzing code of its reference implementation to identify vulnerabilities in protocol design, ambiguities in specifications, and flaws in reference implementations. We then leverage these observations to show several off- and on-path denial-of-service and time-shifting attacks on NTP clients. We then show cache-flushing and cache-sticking attacks on DNS(SEC) that leverage NTP. We quantify the attack surface using Internet measurements, and suggest simple countermeasures that can improve the security of NTP and DNS(SEC).
2. Next we move beyond identifying attacks and leverage ideas from Universal Composability (UC) security framework to develop a cryptographic model for attacks on NTP's datagram protocol. We use this model to prove the security of a new backwards-compatible protocol that correctly synchronizes time in the face of both off- and on-path network attackers.
3. Next, we propose general security notions for network time-synchronization protocols within the UC framework and formulate ideal functionalities that capture a number of prevalent forms of time measurement within existing systems. We show how they can be realized by real-world protocols (including but not limited to NTP), and how they can be used to assert security of time-reliant applications-specifically, cryptographic certificates with revocation and expiration times. Our security framework allows for a clear and modular treatment of the use of time in security-sensitive systems.
Our work makes the core NTP protocol and its implementations more robust and secure, thus improving the security of applications and protocols that rely on time.
Books on the topic "Domain Name System over HTTPS"
1
Schiller, Dan. Beyond a U.S.-centric Internet? University of Illinois Press, 2017. http://dx.doi.org/10.5406/illinois/9780252038761.003.0013.
Full textAbstract:
This chapter examines the mechanism of the United States's internet control over the Domain Name System (DNS). The mechanism of U.S. internet control over the DNS was formalized after President Bill Clinton directed the Commerce Department to privatize the DNS in 1997. Legal contracts were drawn up, binding the Department to a for-profit corporation called VeriSign and to a private, not-for-profit corporation, the Internet Corporation for Assigned Names and Numbers (ICANN). The chapter considers the Commerce Department's DNS initiative as an example of the geopolitics of today's internet, an extraterritorial projection of U.S. policymaking that was extraordinary for transforming into a venue where other countries mounted a concerted diplomatic challenge to U.S. power. The chapter also discusses the multi-stakeholderism in U.S.-centric internet and Edward Snowden's revelations regarding the National Security Agency's surveillance of global internet traffic.
Book chapters on the topic "Domain Name System over HTTPS"
1
"Networking Fundamentals." In Constructing an Ethical Hacking Knowledge Base for Threat Awareness and Prevention, 106–18. IGI Global, 2019. http://dx.doi.org/10.4018/978-1-5225-7628-0.ch004.
Full textAbstract:
This chapter introduces to basics of computer networking and associated widely used essential networking communication protocols. The chapter provides the comparison of OSI and TCP model along with details of internet layer protocols including internet protocol (IP), IP addressing schemes, internet control messaging protocol (ICMP), etc. Next, the chapter discusses transport layer protocols transmission control protocol (TCP) and user datagram protocol (UDP) in detail. Application layer protocols including dynamic host control protocol (DHCP), secure shell (SSH), file transfer protocol (FTP), trivial FTP (TFTP), simple network management protocol (SNMP), hyper text transfer protocol secure (HTTPS), network time protocol (NTP), domain name system (DNS), and simple mail transfer protocol (SMTP) are also explained in this chapter. One just cannot attack a networking protocol without knowing how it works. Having a solid introduction about computer networking and network protocols is fundamental in the ethical hacking world. This chapter quickly revisits all essential concepts related to computer networking.
2
Riordan, Jaani. "Trade Marks and Passing Off." In The Liability of Internet Intermediaries. Oxford University Press, 2016. http://dx.doi.org/10.1093/oso/9780198719779.003.0007.
Full textAbstract:
This chapter examines the secondary liability of internet intermediaries for trade mark infringement and passing off occurring online. The internet intrinsically relies upon a functioning system of domain names, keyword-based search tools, and advertising. These arenas present ample opportunities for conflict over protected signs. At one extreme are territorial conflicts between legitimate traders who happen to possess parallel rights in different jurisdictions; at the other extreme lie cases of opportunistic squatting on a rivalrous keyword resource, such as a domain name, for commercial gain, or outright counterfeiting. Within the contested space that lies between, the line between honest and unfair competition is becoming increasingly blurred, as traders seek to exploit rivals’ names in keyword advertising, practise aggressive search engine optimisation, and compete for traffic, reputation, and attention. The zone of accepted commercial practices is fluid and extremely nebulous.
3
Keats, Jonathon. "Unparticle." In Virtual Words. Oxford University Press, 2010. http://dx.doi.org/10.1093/oso/9780195398540.003.0007.
Full textAbstract:
“All science is either physics or stamp collecting.” So claimed Ernest Rutherford, the British physicist who discovered the atomic nucleus in 1910, touting the explanatory power of physics over the busywork of classifying elements or planets or animals. One hundred years later, the endless variety of matter postulated by physics—within the nucleus and throughout the universe—has far surpassed the inventories of the periodic table and solar system, leading particle physicists to refer to their domain as a bestiary and one textbook to be aptly titled A Tour of the Subatomic Zoo. There are electrons and protons and neutrons, as well as quarks and positrons and neutrinos. There are also gluons and muons—the unexpected discovery of which, in 1936, led the physicist Isidor Rabi to quip, “Who ordered that?”—and potentially axions and saxions and saxinos. In this menagerie it’s not easy for a new particle, especially a hypothetical one, to get attention. The unparticle, first proposed by American physicist Howard Georgi in 2007, is therefore remarkable for garnering worldwide media attention and spurring more than a hundred scholarly papers, especially considering that there’s no experimental evidence for it, nor is it called for mathematically by any prior theory. What an unparticle is, exactly, remains vague. The strange form of matter first arose on paper when Georgi asked himself what properties a “scale-invariant” particle might have and how it might interact with the observable universe. Scale invariance is a quality of fractals, such as snowflakes and fern leaves, that makes them look essentially the same at any magnification. Georgi’s analogous idea was to imagine particles that would interact with the same force regardless of the distance between them. What he found was that such particles would have no definite mass, which would, for example, exempt them from obeying special relativity. “It’s very difficult to even find the words to describe what unparticles are,” Georgi confessed to the magazine New Scientist in 2008, “because they are so unlike what we are familiar with.” For those unprepared to follow his mathematics, the name evokes their essential foreignness.