Toward Domain Name System privacy enhancement using intent‐based Moving Target Defense framework over software defined networks

Abstract

AbstractMoving Target Defense (MTD) is an active security procedure while intent‐based networking (IBN) is gaining popularity as an evolving networking model. Software defined network (SDN) provides centralized network management through the control plane. In this article, a mechanism for the privacy enhancement of the Domain Name System (DNS) is proposed using intent‐based MTD over SDN. DNS is a critical internet service with a high risk of privacy disclosure as it is related to user preferences. The proposed model privacy enhancement using intent‐based MTD running over SDN (PEIMS) exploits IBN API of ONOS SDN controller along with Openflow flow modification for privacy enhancement. PEIMS core components include MTD application running over the ONOS SDN controller, ONOS intent‐based API, and the DNS server. The notion is the protection of privacy disclosures that occur during DNS queries. PEIMS provides a dynamic port shuffling technique for mapping DNS traffic to minimize the attacker's chances of observing the DNS queries responses. The proposed model was implemented using ONOS controller, ONOS north bound intent‐based API, and Mininet. The proposed model was evaluated in terms of privacy protection, attacker, and defender cost. The results showed promising trends for DNS privacy protection at a low computational cost. The work also quantified the privacy disclosures.