8
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Holes in the Geofence: Privacy Vulnerabilities in "Smart" DNS Services

      Preprint

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Smart DNS (SDNS) services advertise access to "geofenced" content (typically, video streaming sites such as Netflix or Hulu) that is normally inaccessible unless the client is within a prescribed geographic region. SDNS is simple to use and involves no software installation. Instead, it requires only that users modify their DNS settings to point to an SDNS resolver. The SDNS resolver "smartly" identifies geofenced domains and, in lieu of their proper DNS resolutions, returns IP addresses of proxy servers located within the geofence. These servers then transparently proxy traffic between the users and their intended destinations, allowing for the bypass of these geographic restrictions. This paper presents the first academic study of SDNS services. We identify a number of serious and pervasive privacy vulnerabilities that expose information about the users of these systems. These include architectural weaknesses that enable content providers to identify which requesting clients use SDNS. Worse, we identify flaws in the design of some SDNS services that allow {\em any} arbitrary third party to enumerate these services' users (by IP address), even if said users are currently offline. We present mitigation strategies to these attacks that have been adopted by at least one SDNS provider in response to our findings.

          Related collections

          Author and article information

          Journal
          14 December 2020
          Article
          2012.07944
          1eab6dc4-968d-45ef-8110-6f7c3308511f

          http://creativecommons.org/licenses/by/4.0/

          History
          Custom metadata
          To appear at: Rahel A. Fainchtein, Adam A. Aviv, Micah Sherr, Stephen Ribaudo, and Armaan Khullar. Holes in the Geofence: Privacy Vulnerabilities in "Smart" DNS Services. Proceedings on Privacy Enhancing Technologies (PoPETS), July 2021
          cs.CR cs.NI

          Security & Cryptology,Networking & Internet architecture
          Security & Cryptology, Networking & Internet architecture

          Comments

          Comment on this article