Abstract
The Domain Name System (DNS) was created to resolve the IP addresses of web servers to easily remembered names. When it was initially created, security was not a major concern; nowadays, this lack of inherent security and trust has exposed the global DNS infrastructure to malicious actors. The passive DNS data collection process creates a database containing various DNS data elements, some of which are personal and need to be protected to preserve the privacy of the end users. To this end, we propose the use of distributed ledger technology. We use Hyperledger Fabric to create a permissioned blockchain, which only authorized entities can access. The proposed solution supports queries for storing and retrieving data from the blockchain ledger, allowing the use of the passive DNS database for further analysis, e.g., for the identification of malicious domain names. Additionally, it effectively protects the DNS personal data from unauthorized entities, including the administrators that can act as potential malicious insiders, and allows only the data owners to perform queries over these data. We evaluated our proposed solution by creating a proof-of-concept experimental setup that passively collects DNS data from a network and then uses the distributed ledger technology to store the data in an immutable ledger, thus providing a full historical overview of all the records.
Highlights
The Domain Name System (DNS) translates human-readable domain names to machine-readableIP addresses [1]
We have developed PRESERVE DNS, a privacy-preserving passive DNS data solution, by leveraging distributed ledger technology
In order to demonstrate the workings of PRESERVE DNS, and to evaluate its operation and performance, we developed a proof-of-concept implementation, whose architecture is depicted in Passive DNS data and is controlled by two authorized Organizations with regards to reproducing a Passive DNS infrastructure
Summary
The Domain Name System (DNS) translates human-readable domain names to machine-readableIP addresses [1]. Botnets [2], parking domains [3] and domain squatting [4] are examples of types of malicious DNS use. The DNS infrastructure is outdated and has been created without considering security or privacy. This leads to DNS being targeted by numerous malicious actors that try to exploit its vulnerabilities to get profit from unaware end-users. A number of current privacy issues cannot be fully resolved without a complete redesign of DNS [19]. New solutions are being proposed and developed to further enhance the security of DNS and to preserve the privacy of its end-users. Blockchain DNS solutions promise to resolve existing DNS privacy issues [20,21,22]
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
