多媒體網路安全實驗室
Two-Servers PIR Based DNS Query Scheme
with Privacy-Preserving
Date：2010.8.25
Reporter:Chien-Wen Huang
出處: 2007 International Conference on Intelligent Pervasive Computing
多媒體網路安全實驗室
Outline
1
Introduction
2
DNS Query
3
DNS Privacy Threats Analysis
4
Private Information Retrieval (PIR)
35
Discussion on PIR and DNS Queries
46
Concluding Remarks
2
多媒體網路安全實驗室
Introduction
DNS stakeholders need to be aware of the
current limitations of the protocol and
corresponding implementations.
Range Query
 aims to simultaneously decrease the privacy
disclosure at DNS servers.
Current DNS query methods—by divulging both
sources and targets or queries.
3
多媒體網路安全實驗室
DNS Query
make correspondence between
IP address and readable names
Client
.(root)
DNS Server
Query
Answer
.tw
.edu.tw
4
多媒體網路安全實驗室
DNS Privacy Threats Analysis
Eavesdropping and MITM
 Eavesdropping
- the attacker configures the respective network
interface in promiscuous mode.
 MITM (Man in the Middle)
- attack to intercept communication between a client
and a server.
5
多媒體網路安全實驗室
Unscrupulous Service Providers
- some DNS servers are interested in aggregate
statistically significant properties of his clients.
 EX: some hotels want to collect the information from
their customers about what kind of website.
6
多媒體網路安全實驗室
Private Information Retrieval (PIR)
Single-DBServer PIR Scheme
Can not guess!!
i  {1,..., m}
{1,2,..i.., m}
x=x1,x2 , . . .,xm  {0,1}n {x1 ,..xi ,.., xm }
User
Sever
7
多媒體網路安全實驗室
Two-DBServer PIR Scheme
8
多媒體網路安全實驗室
Discussion on PIR and DNS Queries
General Notations and Definitions
 DSer: DNS servers
 U: a client user
 H: host name
 n: a privacy requirement for the user
 Q{H i }in1 : a range/group of queries (host names)
 IP{IPi }in1: a range/group of IP addresses
 Pi : probability of guessing
 Ai : answer from the DNS server
9
多媒體網路安全實驗室
 X ij : a single bit from IPi
 Lave : average length of hostname
 IPave : average length of IP address
  (H ) : randomization generation function.
(to hide the hostname H)
 DBLclient :a database/library in the U’s cache storing
lots of hostnames.
10
多媒體網路安全實驗室
DNS Queries with Single-DBServer PIR
Server-to-Server Query
DNS Client
Client-to-Server Query
Query : Q{H i }in1
Query : Q{H i }in1
Answer : IP{IPi }in1
Answer : IP{IPi }in1
Client PC with DBLclient
11
多媒體網路安全實驗室
DNS Queries with Two-DBServer PIR and Its
Design
12
多媒體網路安全實驗室
Comparison of Two Schemes
13
多媒體網路安全實驗室
Concluding Remarks
DNS query is unfortunately ignored by the
majority of Internet users.
 Finding simple and unobtrusive ways of
making average users aware of both the need
for effective DNS query and the need to protect
their privacy .
14
多媒體網路安全實驗室
Title:Analysis of Existing PrivacyPreserving Protocols in Domain Name
System.
Authority: IEICE TRANSACTIONS on
Information and Systems Vol.E93-D No.5
pp.1031-1043, May 2010.
15
多媒體網路安全實驗室