DNS over Https (DoH)

DNS over HTTPS (DoH) is a new form of DNS encryption where DNS requests are no longer in plaintext but are sent over Port 443, which is the port meant for HTTPS. The focus of this paper is mainly on determining if fingerprinting can decrypt DoH queries because DoH is built to protect and allow for DNS queries to be confidential and secure meaning not be left in plaintext. If fingerprinting methods can decrypt DoH queries, the whole premise would be invalid since an adversary could easily use fingerprinting to extract the DoH query data and make it just as weak as the current role of DNS queries now. The use of Fingerprinting methods such as ja3 and ja3s allows for the testing of fingerprinting techniques. Determining whether there are clear signs to differentiate web pages hosted on the same server is essential. Under DoH, there is enough obfuscation that differentiating web pages should not be possible. Leading to protecting the confidentiality of the specific web page a client is trying to reach. We are using the fingerprinting methods of ja3 and ja3s because all DoH requests require a TLS handshake, and even under the new TLS standard TLS 1.3, the initial handshake is in plaintext meaning the initial handshake is readable while the other handshakes after are not. The analysis will see if the specific content and web pages are readable rather than just the generic server information detailed during the initial handshake. The study will see how easy or difficult it is to identify each set of requests and compare it to other requests that are made. Using ja3 and ja3s and the results will help determine if minimal fingerprinting methods are valid in identifying and differentiating between certain web pages hosted on the same server. From the analysis, though the connected server information is public, there is no definite way to identify precisely which web page on the server a client is visiting using the MD5 hash. Since DoH only connects the web browser to the server, no specific information regarding the web page and its contents will be available to view.Undergraduat

Web Tracking: Mechanisms, Implications, and Defenses

This articles surveys the existing literature on the methods currently used by web services to track the user online as well as their purposes, implications, and possible user's defenses. A significant majority of reviewed articles and web resources are from years 2012-2014. Privacy seems to be the Achilles' heel of today's web. Web services make continuous efforts to obtain as much information as they can about the things we search, the sites we visit, the people with who we contact, and the products we buy. Tracking is usually performed for commercial purposes. We present 5 main groups of methods used for user tracking, which are based on sessions, client storage, client cache, fingerprinting, or yet other approaches. A special focus is placed on mechanisms that use web caches, operational caches, and fingerprinting, as they are usually very rich in terms of using various creative methodologies. We also show how the users can be identified on the web and associated with their real names, e-mail addresses, phone numbers, or even street addresses. We show why tracking is being used and its possible implications for the users (price discrimination, assessing financial credibility, determining insurance coverage, government surveillance, and identity theft). For each of the tracking methods, we present possible defenses. Apart from describing the methods and tools used for keeping the personal data away from being tracked, we also present several tools that were used for research purposes - their main goal is to discover how and by which entity the users are being tracked on their desktop computers or smartphones, provide this information to the users, and visualize it in an accessible and easy to follow way. Finally, we present the currently proposed future approaches to track the user and show that they can potentially pose significant threats to the users' privacy.Comment: 29 pages, 212 reference

Hosting Industry Centralization and Consolidation

There have been growing concerns about the concentration and centralization of Internet infrastructure. In this work, we scrutinize the hosting industry on the Internet by using active measurements, covering 19 Top-Level Domains (TLDs). We show how the market is heavily concentrated: 1/3 of the domains are hosted by only 5 hosting providers, all US-based companies. For the country-code TLDs (ccTLDs), however, hosting is primarily done by local, national hosting providers and not by the large American cloud and content providers. We show how shared languages (and borders) shape the hosting market -- German hosting companies have a notable presence in Austrian and Swiss markets, given they all share German as official language. While hosting concentration has been relatively high and stable over the past four years, we see that American hosting companies have been continuously increasing their presence in the market related to high traffic, popular domains within ccTLDs -- except for Russia, notably.Comment: to appear in IEEE/IFIP Network Operations and Management Symposium https://noms2022.ieee-noms.org

TorSH: Obfuscating consumer Internet-of-Things traffic with a collaborative smart-home router network

When consumers install Internet-connected smart devices in their homes, metadata arising from the communications between these devices and their cloud-based service providers enables adversaries privy to this traffic to profile users, even when adequate encryption is used. Internet service providers (ISPs) are one potential adversary privy to users’ incom- ing and outgoing Internet traffic and either currently use this insight to assemble and sell consumer advertising profiles or may in the future do so. With existing defenses against such profiling falling short of meeting user preferences and abilities, there is a need for a novel solution that empowers consumers to defend themselves against profiling by ISP-like actors and that is more in tune with their wishes. In this thesis, we present The Onion Router for Smart Homes (TorSH), a network of smart-home routers working collaboratively to defend smart-device traffic from analysis by ISP-like adversaries. We demonstrate that TorSH succeeds in deterring such profiling while preserving smart-device experiences and without encumbering latency-sensitive, non-smart-device experiences like web browsing