Back to Search Start Over

Summary of DNS Over HTTPS Abuse

Authors :
Karel Hynek
Dmitrii Vekshin
Jan Luxemburk
Tomas Cejka
Armin Wasicek
Source :
IEEE Access, Vol 10, Pp 54668-54680 (2022)
Publication Year :
2022
Publisher :
IEEE, 2022.

Abstract

The Internet Engineering Task Force adopted the DNS over HTTPS protocol in 2018 to remediate privacy issues regarding the plain text transmission of the DNS protocol. According to our observations and the analysis described in this paper, protecting DNS queries using HTTPS entails security threats. This paper surveys DoH related research works and analyzes malicious and unwanted activities that leverage DNS over HTTPS and can be currently observed in the wild. Additionally, we describe three real-world abuse scenarios observed in the web environment that reveal how service providers intentionally use DNS over HTTPS to violate policies. Last but not least, we identified several research challenges that we consider important for future security research.

Subjects

Subjects :
Detection
DNS over HTTPS
hidden communication
IP flow
malware
network traffic
Electrical engineering. Electronics. Nuclear engineering
TK1-9971

Details

Language :
English
ISSN :
21693536
Volume :
10
Database :
Directory of Open Access Journals
Journal :
IEEE Access
Publication Type :
Academic Journal
Accession number :
edsdoj.99d9104c04074dbbad0bf45b32fce521
Document Type :
article
Full Text :
https://doi.org/10.1109/ACCESS.2022.3175497
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details