Secrets Best Not Shared: DNS Privacy Enhancements for the Constrained IoT

Publikation: Beitrag in Buch/Konferenzbericht/Sammelband/GutachtenBeitrag in KonferenzbandBeigetragenBegutachtung

Beitragende

Abstract

Several attacks aim at identifying DNS traffic for disrupting or compromising Internet services. Prior defense focused on the obfuscation of DNS requests by using DNS over TLS, HTTPS, or QUIC to counter such attacks. These protocols conflict with the constrained hardware resources of mass IoT devices. In this paper, we target IETF protocols tailored for the constrained IoT and empirically analyze the potentials of hiding DNS traffic. To this end, we create a dataset that includes the DNS resolution process for accessing 58,768 data objects derived from the HTTP Archive. For each object, we consider 296 different deployment scenarios of resolving host names, including DNS over the constrained application layer protocol CoAP and an onion routing flavor. Also, we compare to DNS over HTTPS. After validating the applicability of six machine learning classifiers to distinguish DNS and data traffic, we continue our further analysis with the overall best performing Random Forest. Applying a header field analysis based on permutation importances we identify header fields that leak the most information to Random Forest. We find that DNS over CoAP with equalized packet lengths by block-wise transfer and without leaking header fields by header compression can reduce the accuracy of identifying DNS frames by Random Forest to 86%. Compressing the DNS message format to fit the constrained use case, reduces accuracy even further to 77%. Our proposal outperforms DNS over HTTPS, for which the classifier identifies DNS frames with 100% accuracy. We make our dataset publicly available.

Details

OriginalspracheEnglisch
TitelProc. of the 11th IEEE European Symposium on Security and Privacy (EuroS&P)
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers (IEEE)
Seiten1476--1495
PublikationsstatusAngenommen/Im Druck - Apr. 2026
Peer-Review-StatusJa

Konferenz

Titel11th IEEE European Symposium on Security and Privacy
KurztitelEuroS&P 2026
Veranstaltungsnummer11
Dauer6 - 10 Juli 2026
Webseite
BekanntheitsgradInternationale Veranstaltung
OrtCulturgest Lisboa
StadtLisbon
LandPortugal

Schlagworte

Forschungsprofillinien der TU Dresden

DFG-Fachsystematik nach Fachkollegium

Fächergruppen, Lehr- und Forschungsbereiche, Fachgebiete nach Destatis

Ziele für nachhaltige Entwicklung