International Journal of Networking and Computing
Online ISSN : 2185-2847
Print ISSN : 2185-2839
ISSN-L : 2185-2839
Special issue on the Eleventh International Symposium on Networking and Computing
Method for Detecting DoH Communications from Non-Encrypted Information at a Middlebox
Yuya TakanashiShigetomo Kimura
Author information
JOURNAL OPEN ACCESS

2024 Volume 14 Issue 2 Pages 157-185

Details
Abstract

DNS over HTTPS (DoH) enhances user privacy by encrypting DNS communications over HTTPS instead of plaintext. When all DNS messages are sent in plaintext, DNS queries can be examined and domain filtering applied if the queried domain name is identified as a phishing site or other such undesirable site. However, if DNS messages are encrypted over HTTPS, it can create many problems for network administrators. This paper proposes a method for detecting DoH communications from only non-encrypted information on a middlebox between user and resolvers by exploiting the fact that users always send a DNS query before they access a new domain. The middlebox can also identify the destination of the detected DoH traffic so that network administrators can recommend users to send DNS messages to a local DoH resolver with domain filtering instead of sending them to an open DoH resolver. In experiments to detect DoH communications during real communication from a web browser we achieved detection accuracy rates reaching 100% under certain parameters when the number of access IP addresses exceeded 350. To confirm the accuracy and generalizability of our experiments, the proposed method was also applied to captured HTTPS traffic data involving different web browsers and different DoH resolvers with an almost identical level of detection accuracy.

Content from these authors
© 2024 International Journal of Networking and Computing
Previous article Next article
feedback
Top