Loading...
Thumbnail Image
Publication

MEASURING NETWORK INTERFERENCE AND MITIGATING IT WITH DNS ENCRYPTION

Citations
Altmetric:
Abstract
The Internet has emerged as one of the most important tools of communication. With around 4.5 billion active users as of July 2020, it provides people the opportunity to access a vast treasure trove of information and express their opinions online. How- ever, some countries consider the Internet as a critical communication medium and attempt to deploy network interference strategies. National governments, in particular, are notorious for their attempts to impose restrictions on online communication. Further, certain Internet service providers (ISPs) have been known to throttle specific applications and violate net neutrality principles. Alongside the proliferation of network interference and an increasing awareness of the security and privacy of users over the Internet, we have seen a rise in the usage of network traffic encryption technologies. However, even with encryption enabled, network interference is still possible due to the information leakage of the DNS and TLS protocols. To this end, a rich ecosystem of DNS/TLS improvements has come to light with the purpose of improving user privacy by obfuscating the domains a user visits. These protocols have the potential to render certain forms of censorship ineffective. In this dissertation, I will describe my contributions towards understanding net-work interference, including Internet censorship, as well as the throttling of specific network applications (traffic differentiation). I develop a network measurement platform that enables monitoring of network interference globally on an ongoing basis. I then focus on understanding the DNS censorship behavior of the Great Firewall of China (GFW) by leveraging remote network measurement techniques. Additionally, I investigate the prevalence of traffic differentiation practices and how they impact popular video streaming applications. I demonstrate that network interference is prevalent even with encryption enabled. This has led to the development of DNS and TLS improvements that aim to enhance user privacy and security. I review two recent proposals, namely DNS over HTTPS/TLS (DoH/DoT) and Encrypted Server Name Indication (ESNI), and investigate their potential to mitigate network interference and improve user privacy.
Type
dissertation
Date
2022-05
Publisher
License
License
http://creativecommons.org/licenses/by/4.0/