University of Twente Student Theses


Detection of HTTPS encrypted DNS traffic

Nijeboer, F.J. (2020) Detection of HTTPS encrypted DNS traffic.

[img] PDF
Abstract:The Domain Name System (DNS) is one of the cornerstones of the Internet. However, DNS requests are performed without encryption, resulting in privacy and security issues such as the possibility for eavesdropping and spoofing the DNS response. These are tackled by DNS protocol extensions such as DNS over HTTPS (DoH) that provide encryption over HTTPS for DNS queries. DoH has been around since 2018 and since then some browsers such as Firefox and Chrome have been experimenting with it. This research provides an analysis of the privacy that is provided by DNS over HTTPS. In this research, Firefox is used to connect to a set of DoH resolvers over multiple test sessions. Then, the captured traffic is analyzed based on temporal features and packet sizes to detect DoH traffic. This research uncovers a technique to filter DoH queries from other HTTPS traffic using packet size related features. Furthermore, an initial step is shown that enables outside listeners to determine queried websites based on patterns in DoH packet sizes. Lastly, this research also provides suggestions for improving DoH by adding padding to the queries to possibly enhance privacy benefits provided by DoH.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science BSc (56964)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page