Your search keyword '"Centre for Distributed Computing, Networking and Security"' showing total 1 results

1. Privacy-Preserving Passive DNS

Author

William J Buchanan, Owen Lo, Sokratis K. Katsikas, Pavlos Papadopoulos, and Nikolaos Pitropakis

Subjects

blockchain, FOS: Computer and information sciences, Web server, Computer Science - Cryptography and Security, Computer Networks and Communications, Computer science, privacy-preserving, 02 engineering and technology, Cyber-security, computer.software_genre, Computer security, lcsh:QA75.5-76.95, Domain (software engineering), private data collection, hyperledger fabric, Centre for Distributed Computing, Networking and Security, 0202 electrical engineering, electronic engineering, information engineering, passive DNS (Domain Name System), Data collection, distributed ledger, End user, Domain Name System, 020206 networking & telecommunications, AI and Technologies, Human-Computer Interaction, Privacy preserving, Identification (information), Ledger, 020201 artificial intelligence & image processing, lcsh:Electronic computers. Computer science, Cryptography and Security (cs.CR), computer

Abstract

The Domain Name System (DNS) was created to resolve the IP addresses of web servers to easily remembered names. When it was initially created, security was not a major concern, nowadays, this lack of inherent security and trust has exposed the global DNS infrastructure to malicious actors. The passive DNS data collection process creates a database containing various DNS data elements, some of which are personal and need to be protected to preserve the privacy of the end users. To this end, we propose the use of distributed ledger technology. We use Hyperledger Fabric to create a permissioned blockchain, which only authorized entities can access. The proposed solution supports queries for storing and retrieving data from the blockchain ledger, allowing the use of the passive DNS database for further analysis, e.g., for the identification of malicious domain names. Additionally, it effectively protects the DNS personal data from unauthorized entities, including the administrators that can act as potential malicious insiders, and allows only the data owners to perform queries over these data. We evaluated our proposed solution by creating a proof-of-concept experimental setup that passively collects DNS data from a network and then uses the distributed ledger technology to store the data in an immutable ledger, thus providing a full historical overview of all the records.

Published

2020