Lightweight and Effective Website Fingerprinting over Encrypted DNS

Yong Shao; Kenneth Hernandez; Kia Yang; Eric Chan-Tin; Mohammed Abuhamad

doi:10.1109/SVCC56964.2023.10165086

Lightweight and Effective Website Fingerprinting over Encrypted DNS

Yong Shao, Kenneth Hernandez, Kia Yang, Eric Chan-Tin, Mohammed Abuhamad

Loyola University Chicago

Research output: Contribution to journal › Article › peer-review

Abstract

The DNS over HTTPS (DoH) protocol is implemented to improve the original DNS protocol that uses unencrypted DNS queries and responses. With the DNS traffic, an eavesdropper can easily identify websites that a user is visiting. In order to address this concern of web privacy, encryption is used by performing a DNS lookup over HTTPS. In this paper, we studied whether the encrypted DoH traffic could be exploited to identify websites that a user has visited. This is a different type of website fingerprinting by analyzing encrypted DNS network traffic rather than the network traffic between the client and the web server. DNS typically uses fewer network packets than a website download. Our model and algorithm can accurately predict one out of 10, 000 websites with a 95% accuracy using the first 50 DoH packets. In the open-world environment with 100, 000 websites, our model achieves an F1-score of 93%.

Original language	American English
Journal	Computer Science: Faculty Publications and Other Works
DOIs	https://doi.org/10.1109/SVCC56964.2023.10165086
State	Published - Jun 30 2023

Keywords

Webbrowsing
Website Fingerprinting
DoH
Privacy
DNS

Disciplines

Computer Sciences

Access to Document

10.1109/SVCC56964.2023.10165086License: Unspecified

Lightweight and Effective Website Fingerprinting over Encrypted DFinal published version, 4.66 MBLicense: Unspecified

Cite this

@article{006e173e7cac4fcc94468f85b48ab058,

title = "Lightweight and Effective Website Fingerprinting over Encrypted DNS",

abstract = " The DNS over HTTPS (DoH) protocol is implemented to improve the original DNS protocol that uses unencrypted DNS queries and responses. With the DNS traffic, an eavesdropper can easily identify websites that a user is visiting. In order to address this concern of web privacy, encryption is used by performing a DNS lookup over HTTPS. In this paper, we studied whether the encrypted DoH traffic could be exploited to identify websites that a user has visited. This is a different type of website fingerprinting by analyzing encrypted DNS network traffic rather than the network traffic between the client and the web server. DNS typically uses fewer network packets than a website download. Our model and algorithm can accurately predict one out of 10, 000 websites with a 95% accuracy using the first 50 DoH packets. In the open-world environment with 100, 000 websites, our model achieves an F1-score of 93%.",

keywords = "Webbrowsing, Website Fingerprinting, DoH, Privacy, DNS",

author = "Yong Shao and Kenneth Hernandez and Kia Yang and Eric Chan-Tin and Mohammed Abuhamad",

year = "2023",

month = jun,

day = "30",

doi = "10.1109/SVCC56964.2023.10165086",

language = "American English",

journal = "Computer Science: Faculty Publications and Other Works",

}

TY - JOUR

T1 - Lightweight and Effective Website Fingerprinting over Encrypted DNS

AU - Shao, Yong

AU - Hernandez, Kenneth

AU - Yang, Kia

AU - Chan-Tin, Eric

AU - Abuhamad, Mohammed

PY - 2023/6/30

Y1 - 2023/6/30

N2 - The DNS over HTTPS (DoH) protocol is implemented to improve the original DNS protocol that uses unencrypted DNS queries and responses. With the DNS traffic, an eavesdropper can easily identify websites that a user is visiting. In order to address this concern of web privacy, encryption is used by performing a DNS lookup over HTTPS. In this paper, we studied whether the encrypted DoH traffic could be exploited to identify websites that a user has visited. This is a different type of website fingerprinting by analyzing encrypted DNS network traffic rather than the network traffic between the client and the web server. DNS typically uses fewer network packets than a website download. Our model and algorithm can accurately predict one out of 10, 000 websites with a 95% accuracy using the first 50 DoH packets. In the open-world environment with 100, 000 websites, our model achieves an F1-score of 93%.

AB - The DNS over HTTPS (DoH) protocol is implemented to improve the original DNS protocol that uses unencrypted DNS queries and responses. With the DNS traffic, an eavesdropper can easily identify websites that a user is visiting. In order to address this concern of web privacy, encryption is used by performing a DNS lookup over HTTPS. In this paper, we studied whether the encrypted DoH traffic could be exploited to identify websites that a user has visited. This is a different type of website fingerprinting by analyzing encrypted DNS network traffic rather than the network traffic between the client and the web server. DNS typically uses fewer network packets than a website download. Our model and algorithm can accurately predict one out of 10, 000 websites with a 95% accuracy using the first 50 DoH packets. In the open-world environment with 100, 000 websites, our model achieves an F1-score of 93%.

KW - Webbrowsing

KW - Website Fingerprinting

KW - DoH

KW - Privacy

KW - DNS

UR - https://ecommons.luc.edu/cs_facpubs/356

U2 - 10.1109/SVCC56964.2023.10165086

DO - 10.1109/SVCC56964.2023.10165086

M3 - Article

JO - Computer Science: Faculty Publications and Other Works

JF - Computer Science: Faculty Publications and Other Works

ER -

Lightweight and Effective Website Fingerprinting over Encrypted DNS

Abstract

Keywords

Disciplines

Access to Document

Other files and links

Cite this