DeepAI AI Chat
Log In Sign Up

Privacy Preserving Passive DNS

by   Pavlos Papadopoulos, et al.

The Domain Name System (DNS) was created to resolve the IP addresses of the web servers to easily remembered names. When it was initially created, security was not a major concern; nowadays, this lack of inherent security and trust has exposed the global DNS infrastructure to malicious actors. The passive DNS data collection process creates a database containing various DNS data elements, some of which are personal and need to be protected to preserve the privacy of the end users. To this end, we propose the use of distributed ledger technology. We use Hyperledger Fabric to create a permissioned blockchain, which only authorized entities can access. The proposed solution supports queries for storing and retrieving data from the blockchain ledger, allowing the use of the passive DNS database for further analysis, e.g. for the identification of malicious domain names. Additionally, it effectively protects the DNS personal data from unauthorized entities, including the administrators that can act as potential malicious insiders, and allows only the data owners to perform queries over these data. We evaluated our proposed solution by creating a proof-of-concept experimental setup that passively collects DNS data from a network and then uses the distributed ledger technology to store the data in an immutable ledger, thus providing a full historical overview of all the records.


page 3

page 4

page 6

page 9

page 11

page 12

page 15

page 16


Detecting Malicious Domains Using Statistical Internationalized Domain Name Features in Top Level Domains

The Domain Name System (DNS) is a core Internet service that translates ...

πQLB: A Privacy-preserving with Integrity-assuring Query Language for Blockchain

The increase in the adoption of blockchain technology in different appli...

A Privacy-Preserving Healthcare Framework Using Hyperledger Fabric

Electronic health record (EHR) management systems require the adoption o...

Blockchain Tree as Solution for Distributed Storage of Personal ID Data and Document Access Control

This paper introduces a new method of Blockchain formation for reliable ...

Study on Domain Name System (DNS) Abuse: Technical Report

A safe and secure Domain Name System (DNS) is of paramount importance fo...

Ethereum Name Service: the Good, the Bad, and the Ugly

DNS has always been criticized for its inherent design flaws, making the...

Configurable Per-Query Data Minimization for Privacy-Compliant Web APIs

The purpose of regulatory data minimization obligations is to limit pers...