@article{oai:ipsj.ixsq.nii.ac.jp:00241745,
 author = {Guannan, Hu and Kensuke, Fukuda and Guannan, Hu and Kensuke, Fukuda},
 issue = {12},
 journal = {情報処理学会論文誌},
 month = {Dec},
 note = {Original DNS packets are unencrypted, which leads to information leakage while users visit websites. The adversary could monitor the DNS communication and infer the users' Internet preferences, which may contain private sensitive content, such as health, finance, and religion. Although several encrypted DNS protocols have been proposed - DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ), recent research shows that the adversary could still infer the category of websites even using DoT and DoH. This paper studies the privacy leakage problem of DoQ protocol with two different DNS recursive resolvers (NextDNS and Bind). We investigate 30 categories from Alexa's top websites for binary and multi-classification. As a baseline analysis, we first show the classification performance of the binary classification (i.e., sensitive and non-sensitive). We find that the classification performance of the websites is high both in NextDNS and Bind resolvers for identifying whether the category of websites is sensitive. More particularly, we indicate that discriminative features are mainly related to the inter-arrival time of packets and packet length. For the multi-classification, we notice the performances decrease as the number of categories increases, meaning that the impact of the leakage is limited. Next, we further investigate four possible countermeasures that could affect the classification results: using AdBlocker extension, disabling DNS prefetch, adding random delay in responses, and padding the DNS payload. 1) We show that using AdBlocker and disabling DNS prefetch are less effective in mitigating the attack. 2) We find that mean F1 scores decrease as the delays increase. Specifically, it decreases the classification performance by 22% with NextDNS and 18% with Bind. 3) DNS padding decreases the classification performance by 9%. We further investigate the combination of the two countermeasures: both adding random (0-60ms and 0-100ms) delays and padding the DNS payload with binary and multi-classification of 30 categories. We confirm that the combined method could greatly reduce the classification performance, on average 27% of binary and 22% of multi-classification in Bind. These results indicate that adding random time and padding can protect users' information from the website fingerprinting attack, though the random delay might affect the user experiences.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.32(2024) (online)
DOI　http://dx.doi.org/10.2197/ipsjjip.32.1082
------------------------------, Original DNS packets are unencrypted, which leads to information leakage while users visit websites. The adversary could monitor the DNS communication and infer the users' Internet preferences, which may contain private sensitive content, such as health, finance, and religion. Although several encrypted DNS protocols have been proposed - DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ), recent research shows that the adversary could still infer the category of websites even using DoT and DoH. This paper studies the privacy leakage problem of DoQ protocol with two different DNS recursive resolvers (NextDNS and Bind). We investigate 30 categories from Alexa's top websites for binary and multi-classification. As a baseline analysis, we first show the classification performance of the binary classification (i.e., sensitive and non-sensitive). We find that the classification performance of the websites is high both in NextDNS and Bind resolvers for identifying whether the category of websites is sensitive. More particularly, we indicate that discriminative features are mainly related to the inter-arrival time of packets and packet length. For the multi-classification, we notice the performances decrease as the number of categories increases, meaning that the impact of the leakage is limited. Next, we further investigate four possible countermeasures that could affect the classification results: using AdBlocker extension, disabling DNS prefetch, adding random delay in responses, and padding the DNS payload. 1) We show that using AdBlocker and disabling DNS prefetch are less effective in mitigating the attack. 2) We find that mean F1 scores decrease as the delays increase. Specifically, it decreases the classification performance by 22% with NextDNS and 18% with Bind. 3) DNS padding decreases the classification performance by 9%. We further investigate the combination of the two countermeasures: both adding random (0-60ms and 0-100ms) delays and padding the DNS payload with binary and multi-classification of 30 categories. We confirm that the combined method could greatly reduce the classification performance, on average 27% of binary and 22% of multi-classification in Bind. These results indicate that adding random time and padding can protect users' information from the website fingerprinting attack, though the random delay might affect the user experiences.
------------------------------
This is a preprint of an article intended for publication Journal of
Information Processing(JIP). This preprint should not be cited. This
article should be cited as: Journal of Information Processing Vol.32(2024) (online)
DOI　http://dx.doi.org/10.2197/ipsjjip.32.1082
------------------------------},
 title = {Investigate the Countermeasure to Mitigate the Privacy Leakage in DNS over QUIC},
 volume = {65},
 year = {2024}
}