Abstract
While DNS tunneling has shown promise as a censorship circumvention technique, it is limited by the plaintext nature of the DNS protocol, which renders it easily detectable to censors. DNS-over-HTTPS (DoH) [16] resolves this detectability obstacle, by encrypting the entire DNS protocol inside HTTPS. DoH tunneling shows promise as a medium for circumvention as its adoption increases in everyday usage, but it may still be vulnerable to flow-based attacks. This paper explores the design space of threshold-based attacks and defences on encrypted DNS tunnels. We identify thresholds separating tunnel traffic from browser-generated DoH traffic using packet size, packet rate, and throughput. We further propose modifications for encrypted DNS tunnels to evade flow-based detection and measure the reduction in usability. Notably, throughput is decreased by at least 27x and page load time is increased by at least 23x. However, despite the cutback in usability, we outline the potential for DNS tunnels to work in conjunction with, and obfuscate the registration traffic of, other anti-censorship tools.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
