Summary of DNS Over HTTPS Abuse

Karel Hynek; Dmitrii Vekshin; Jan Luxemburk; Tomas Cejka; Armin Wasicek

doi:10.1109/ACCESS.2022.3175497

IEEE Access (Jan 2022)

Summary of DNS Over HTTPS Abuse

Karel Hynek,
Dmitrii Vekshin,
Jan Luxemburk,
Tomas Cejka,
Armin Wasicek

Affiliations

Karel Hynek: ORCiD; Faculty of Information Technology, Czech Technical University in Prague (CTU), Prague, Czech Republic
Dmitrii Vekshin: ORCiD; Faculty of Information Technology, Czech Technical University in Prague (CTU), Prague, Czech Republic
Jan Luxemburk: ORCiD; Faculty of Information Technology, Czech Technical University in Prague (CTU), Prague, Czech Republic
Tomas Cejka: ORCiD; Faculty of Information Technology, Czech Technical University in Prague (CTU), Prague, Czech Republic
Armin Wasicek: ORCiD; Avast Software s.r.o, Prague, Czech Republic

DOI: https://doi.org/10.1109/ACCESS.2022.3175497
Journal volume & issue: Vol. 10
pp. 54668 – 54680

Abstract

Read online

The Internet Engineering Task Force adopted the DNS over HTTPS protocol in 2018 to remediate privacy issues regarding the plain text transmission of the DNS protocol. According to our observations and the analysis described in this paper, protecting DNS queries using HTTPS entails security threats. This paper surveys DoH related research works and analyzes malicious and unwanted activities that leverage DNS over HTTPS and can be currently observed in the wild. Additionally, we describe three real-world abuse scenarios observed in the web environment that reveal how service providers intentionally use DNS over HTTPS to violate policies. Last but not least, we identified several research challenges that we consider important for future security research.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords