Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting

Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting

Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by—the still exposed—IP address information. However, content delivery networks, DNS-b...

Full description

Bibliographic Details
Main Authors: Hoang Nguyen Phong, Niaki Arian Akhavan, Gill Phillipa, Polychronakis Michalis
Format: Article
Language:English
Published: Sciendo 2021-10-01
Series:Proceedings on Privacy Enhancing Technologies
Subjects:
domain name encryption
dot
doh
encrypted client hello
website fingerprinting
Online Access:https://doi.org/10.2478/popets-2021-0078
Description
Summary:Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by—the still exposed—IP address information. However, content delivery networks, DNS-based load balancing, co-hosting of different websites on the same server, and IP address churn, all contribute towards making domain–IP mappings unstable, and prevent straightforward IP-based browsing tracking.
ISSN:2299-0984

Similar Items