Secure and Private Collaboration through DNS
The Domain Name System (DNS) is the jack-of-all-trades in the Internet. Originally devised for finding the IP addresses belonging to a host name, its functionality now includes local service discovery, finding servers providing a particular service, declaring ownership, and distributing certificates, just to name a few.
However, DNS is also fragile as several outages and malfunctions have shown, and does not protect the growing amount of information published and the identity of those interested in it from prying eyes.
If you connect your device to some network, the first few messages sent are likely to be DNS queries uniquely identifying you, making you globally trackable and showing your interests and the services you offer, often exposing the names of your family members, and much more.
In this research venture, we look at ways to improve the resilience and functionality of DNS, while at the same time improving the privacy of the data and the requestors.
We are employing innovative, backward-compatible mechanisms to
- announce and query information privately in Multicast DNS/DNS Service Discovery settings (mDNS, DNS-SD, Bonjour), while maintaining the critical ease of use;
- extend DNS-SD into an enterprise-wide communication mechanism while reducing the choking amount of multicast overhead in larger WLAN/WiFi installations; and
- turn DNS into a reliable protocol, moving away from constant polling toward an event-driven, persistent distributed database.
Andreas Rain, Daniel Kaiser, Marcel Waldvogel: Realistic, Extensible DNS and mDNS Models for INET/OMNeT++. Proceedings of the “OMNeT++ Community Summit 2015”, 2015.
Daniel Kaiser, Andreas Rain, Marcel Waldvogel, Holger Strittmatter: A Multicast-Avoiding Privacy Extension for the Avahi Zeroconf Daemon. NetSys 2015, Gesellschaft für Informatik, 2015.
Marcel Waldvogel, Thomas Zink: Boost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination. NetSys 2015, Gesellschaft für Informatik, 2015.
- Daniel Kaiser, Matthias Fratz, Marcel Waldvogel, Valentin Dietrich, Holger Strittmatter: Stateless DNS. University of Konstanz Technical Report, (KN-2014-DISY-004), 2014.
Daniel Kaiser, Marcel Waldvogel: Adding Privacy to Multicast DNS Service Discovery. Proceedings of IEEE TrustCom 2014 (IEEE EFINS 2014 workshop), 2014.
- Daniel Kaiser, Marcel Waldvogel: Efficient Privacy Preserving Multicast DNS Service Discovery. Workshop on Privacy-Preserving Cyberspace Safety and Security (CSS), 2014.