GGrantIndex
← Search

CNS Core: Medium: Privacy-Preserving and Censorship-Resistant Domain Name System

$750,000FY2023CSENSF

Northwestern University, Evanston IL

Investigators

Abstract

The Domain Name System (DNS) is the phonebook of the Internet which maps human-friendly domain names to IP addresses. Without DNS, the Internet itself would not function. Despite the decades-long efforts to protect user privacy on the Internet, privacy remains an open issue for DNS. In general, access to a DNS resolver enables traffic snooping, i.e., realizing who is looking for what. Moreover, DNS is a perfect vehicle for censorship: preventing users to resolve domain names is one of the simplest, and often utilized, way to censor free and open access on the Internet. The key question this project aims to answer is whether a truly privacy-preserving and censorship-resistant DNS can be developed. The key thesis of this project is that the only way to guarantee full user privacy would be for the DNS server to do its job in the blind, i.e., by resolving domain names without knowing what they are. The latter statement seems counter-intuitive, but in reality several techniques exist which allow such operations. These techniques fall in the branch of Private Information Retrieval (PIR), which is achieved by various cryptographic tools such as homomorphic encryption. PIR protocols have long been considered impractical due to performance bottlenecks. The preliminary research and performance benchmarks demonstrate that the PIR performance is moving towards the practically usable territory in terms of query timescales, traffic overhead, and supported database size. The main goal of this project is to make PIR applicable to DNS by leveraging inherent features of the DNS systems and co-designing novel PIR protocols, thus making the full DNS privacy and censorship resistance a reality. This project has the potential to make a significant impact by enabling a scalable, incrementally-deployable, privacy-preserving, and censorship-resilient DNS system. The PIs plan to design and disseminate, as open-source, implementations of the system. It is expected that popular browsers will support the proposed privacy-preserving system by showing an icon, similar to the one for HTTPS, for the websites that support the single-server PDNS. The proposed research has societal impacts beyond the computing discipline because results from this project could lead to fundamental enhancements in terms of user privacy on the Internet. Moreover, it can make an important step towards thwarting network-level censorship, thus leading to free and open Internet and society. All the data associated with this project, including measurement data, code, and results, will be made publicly and openly available at http://networks.cs.northwestern.edu/PDNS/. This website will be maintained for the duration of the project, and all the data will remain available for download from the website for at least 5 years after the project is completed. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →