DNS over HTTPS traffic analysis and detection

López Romera, Carlos

Please use this identifier to cite or link to this item: http://hdl.handle.net/10609/118266

Title:	DNS over HTTPS traffic analysis and detection
Author:	López Romera, Carlos
Director:	Garcia-Font, Victor
Tutor:	Hernández Gañán, Carlos
Abstract:	The Domain Name Service (DNS) is a prevalent protocol used in computer communications, used to translate domain names to addresses that can be routed to via de Internet Protocol (IP). One of the main characteristics of DNS is the use of plaintext requests and responses, leaking information even in traditional secure communications; a client might resolve a server's IP address using plaintext messages, and then cryptographically protect its exchange with the server itself. DNS over HTTPS (DoH) is a protocol specification introduced in the IETF RFC 8484 (2018), which provides a mapping of regular DNS requests and responses over TLS-encapsulated HTTP messages. TLS (Transport Layer Protocol) and HTTP (HyperText Transfer Protocol), known in conjunction as HTTPS, are the two most common methods of communication with web servers, each providing security and structure respectively. DoH, then, provides not only the cryptographic benefits of TLS, but also the masquerading of DoH communications as regular web traffic. Although recent work has aimed to identify the content of DoH communications by using different fingerprinting techniques, distinguishing regular TLS-encapsulated HTTP traffic from DoH remains an unsolved challenge. In this thesis, passive analysis of DoH traffic is presented, as well as a method and implementation for its detection.
Keywords:	traffic analysis machine learning HTTPS DNS
Document type:	info:eu-repo/semantics/masterThesis
Issue Date:	2-Jun-2020
Publication license:	http://creativecommons.org/licenses/by-nc-nd/3.0/es/
Appears in Collections:	Trabajos finales de carrera, trabajos de investigación, etc.