research-article

Ports Distribution Management for Privacy Protection inside Local Domain Name System

Authors:

Ilsun YouAuthors Info & Claims

MIST '16: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats

Pages 81 - 87

https://doi.org/10.1145/2995959.2995965

Published: 28 October 2016 Publication History

Abstract

Domain Name System (DNS) had been recognized as an indispensable and fundamental infrastructure of current Internet. However, due to the original design philosophy and easy access principle, one can conveniently wiretap the DNS requests and responses. Such phenomenon is a serious threat for user privacy protection especially when an inside hacking takes place. Motivated by such circumstances, we proposed a ports distribution management solution to relieve the potential information leakage inside local DNS. Users will be able to utilize pre-assigned port numbers instead of default port 53. Selection method of port numbers at the server side and interactive process with corresponding end host are investigated. The necessary implementation steps, including modifications of destination port field, extension option usage, etc., are also discussed. A mathematical model is presented to further evaluate the performance. Both the possible blocking probability and port utilization are illustrated. We expect that this solution will be beneficial not only for the users in security enhancement, but also for the DNS servers in resources optimization.

References

[1]

Gao, H. Y., Yegneswaran, V., Chen, Y., Porras, P., Ghosh, S., Jian, J., and Duan, H. X. 2013. An empirical reexamination of global DNS behavior. In Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM (SIGCOMM '13). ACM, New York, NY, USA, 267--278.

Digital Library

[2]

Callahan, T., Allman, M., and Rabinovich, M. 2013. On modern DNS behavior and properties. SIGCOMM Comput. Commun. Rev. 43, 3 (July 2013), 7--15. DOI=http://doi.acm.org/10.1145/2500098.2500100

Digital Library

[3]

Otto, J. S., Sánchez, M. A., Rula, J. P., and Bustamante, F. E. 2012. Content delivery and the natural evolution of DNS: remote DNS trends, performance issues and alternative solutions. In Proceedings of the 2012 ACM conference on Internet measurement conference (IMC '12). ACM, New York, NY, USA, 523--536. DOI=http://dx.doi.org/10.1145/2398776.2398831

Digital Library

[4]

Gavai, G., Sricharan, K., Gunning, D., Hanley, J., Singhal, M., and Rolleston, R. 2015. Supervised and unsupervised methods to detect insider threat from enterprise social and online activity data. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 6, 4 (December 2015), 47--63.

[5]

Claycomb, W. R. 2015. Detecting insider threats: who is winning the game?. In Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (MIST '15). ACM, New York, NY, USA, 51--51. DOI=http://dx.doi.org/10.1145/2808783.2808794

Digital Library

[6]

Satam, P., Alipour, H., Al-Nashif, Y., and Hariri, S. 2015. Anomaly behavior analysis of DNS protocol. Journal of Internet Services and Information Security. 5, 4 (November 2015), 85--97.

[7]

Hao, S., Feamster, N., and Pandrangi, R. 2011. Monitoring the initial DNS behavior of malicious domains. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference (IMC '11). ACM, New York, NY, USA, 269--278. DOI=http://dx.doi.org/10.1145/2068816.2068842

Digital Library

[8]

Ferguson, A. D., Place, J., and Fonseca, R. 2013. Growth analysis of a large ISP. In Proceedings of the 2013 conference on Internet measurement conference (IMC '13). ACM, New York, NY, USA, 347--352. DOI=http://dx.doi.org/10.1145/2504730.2504769

Digital Library

[9]

Calder, M., Fan, X., Hu, Z., Katz-Bassett, E., Heidemann, J., and Govindan, R. 2013. Mapping the expansion of Google's serving infrastructure. In Proceedings of the 2013 conference on Internet measurement conference (IMC '13). ACM, New York, NY, USA, 313--326. DOI=http://dx.doi.org/10.1145/2504730.2504754

Digital Library

[10]

Giang, N. K., Im, J., Kim, D., Jung, M., and Wolfgang, K. 2015. Integrating the EPCIS and building automation system into the Internet of Things: a lightweight and interoperable approach. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 6, 1 (March 2015), 56--73.

[11]

Van rijswijk-deij, R., Sperotto, A., and Pras, A. 2014. DNSSEC and its potential for DDoS attacks: a comprehensive measurement study. In Proceedings of the 2014 Conference on Internet Measurement Conference (IMC '14). ACM, New York, NY, USA, 449--460. DOI=http://dx.doi.org/10.1145/2663716.2663731

Digital Library

[12]

Ballani, H. and Francis, P. 2008. Mitigating DNS DoS attacks. In Proceedings of the 15th ACM conference on Computer and communications security (CCS '08). ACM, New York, NY, USA, 189--198. DOI=http://dx.doi.org/10.1145/1455770.1455796

Digital Library

[13]

Booth, T. and Andersson, K. 2015. Network security of Internet services: eliminate DDoS reflection amplification attacks. Journal of Internet Services and Information Security. 5, 3 (August 2015), 58--79.

[14]

Chitpranee, R. and Fukuda, K. 2013. Towards passive DNS software fingerprinting. In Proceedings of the 9th Asian Internet Engineering Conference (AINTEC '13). ACM, New York, NY, USA, 9--16. DOI=http://dx.doi.org/10.1145/2534142.2534144

Digital Library

[15]

Khalil, I., Yu, T., and Guan, B. 2016. Discovering malicious domains through passive DNS data graph analysis. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS '16). ACM, New York, NY, USA, 663--674. DOI=http://dx.doi.org/10.1145/2897845.2897877

Digital Library

[16]

Shulman, H. and Ezra, S. 2014. POSTER: On the resilience of DNS infrastructure. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, New York, NY, USA, 1499--1501. DOI=http://dx.doi.org/10.1145/2660267.2662376

Digital Library

[17]

DNS PRIVate Exchange (dprive) Working Group (WG) https://datatracker.ietf.org/wg/dprive/documents/

[18]

Internet Engineering Task Force (IETF) https://www.ietf.org/

[19]

Hands, N. M., Yang, B., and Hansen, R. A. 2015. A study on notnets utilizing DNS. In Proceedings of the 4th Annual ACM Conference on Research in Information Technology (RIIT '15). ACM, New York, NY, USA, 23--28. DOI=http://dx.doi.org/10.1145/2808062.2808070

Digital Library

[20]

Yadav, S., Reddy, A. K. K., Reddy, A. N., and Ranjan, S. 2012. Detecting algorithmically generated domain-flux attacks with DNS traffic analysis. IEEE/ACM Trans. Netw. 20, 5 (October 2012), 1663--1677. DOI=http://dx.doi.org/10.1109/TNET.2012.2184552

Digital Library

[21]

Hao, S., Thomas, M., Paxson, V., Feamster, N., Kreibich, C., Grier, C., and Hollenbeck, S. 2013. Understanding the domain registration behavior of spammers. In Proceedings of the 2013 conference on Internet measurement conference (IMC '13). ACM, New York, NY, USA, 63--76. DOI=http://dx.doi.org/10.1145/2504730.2504753

Digital Library

[22]

Herzberg, A. and Shulman, H. 2014. DNS authentication as a service: preventing amplification attacks. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC '14). ACM, New York, NY, USA, 356--365. DOI=http://dx.doi.org/10.1145/2664243.2664281

Digital Library

[23]

Cotton, M., Eggert, L., Touch, J., Westerlund, M., and Cheshire, S. 2011. Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry. RFC 6335.

[24]

Eastlake, D. and Kaufman, C. 1997. Domain Name System Security Extensions. RFC 2065.

Digital Library

[25]

Eastlake, D. 1999. Domain Name System Security Extensions. RFC 2535.

Digital Library

[26]

Arends, R., Austein, R., Larson, M., Massey, D., and Rose, S. 2005. Protocol Modifications for the DNS Security Extensions. RFC 4035.

[27]

Weiler, S. and Blacka, D. 2013. Clarifications and Implementation Notes for DNS Security (DNSSEC). RFC 6840.

[28]

Damas, J., Graff, M., and Vixie, P. 2013. Extension mechanisms for DNS (EDNS(0)). RFC 6891.

Cited By

Zeng JCao YKe FHuang MZhang GLu W(2018)Performance evaluation of secure multipath retransmission mechanism in next generation heterogeneous communication systemsIET Networks10.1049/iet-net.2017.01167:2(61-67)Online publication date: Mar-2018
https://doi.org/10.1049/iet-net.2017.0116

Index Terms

Ports Distribution Management for Privacy Protection inside Local Domain Name System
1. Security and privacy
  1. Formal methods and theory of security
    1. Formal security models

Recommendations

RFC 5205: Host Identity Protocol (HIP) Domain Name System (DNS) Extensions
A Patient Privacy Protection Scheme for Medical Information System

In medical information systems, there are a lot of confidential information about patient privacy. It is therefore an important problem how to prevent patient's personal privacy information from being disclosed. Although traditional security protection ...
Collaborative privacy management: mobile privacy beyond your own devices
SPME '14: Proceedings of the ACM MobiCom workshop on Security and privacy in mobile environments

As the development of mobile devices and applications, mobile privacy has become a very important issue. Current researches on mobile privacy mainly focus on potential leakages on a particular device. However, leakage of sensitive data on a mobile ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MIST '16: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats

October 2016

126 pages

ISBN:9781450345712

DOI:10.1145/2995959

General Chairs:
Ilsun You
Soonchunhyang University, Republic of Korea
,
Elisa Bertino
Purdue University, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

The Natural Science Foundation of China
The Institute for Information and communications Technology Promotion (IITP) grant funded by the Korea government (MSIP)
The Fundamental Research Funds for the Central Universities
The Project of State Grid Corporation of China

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 28, 2016

Vienna, Austria

Acceptance Rates

MIST '16 Paper Acceptance Rate 8 of 22 submissions, 36%;

Overall Acceptance Rate 21 of 54 submissions, 39%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
137
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zeng JCao YKe FHuang MZhang GLu W(2018)Performance evaluation of secure multipath retransmission mechanism in next generation heterogeneous communication systemsIET Networks10.1049/iet-net.2017.01167:2(61-67)Online publication date: Mar-2018
https://doi.org/10.1049/iet-net.2017.0116

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents