Never Query Alone: A distributed strategy to protect Internet users from DNS fingerprinting attacks

The Domain Name System (DNS) plays an essential role in everyday Internet activities. However, unauthorized access to DNS-generated traffic also poses some serious privacy concerns. For instance, DNS traffic traces can be processed by third parties to identify an Internet user by means of behavioral analysis (i.e., a technique that employs machine learning classifiers to link multiple pieces of traffic belonging to the same person). In general, the more sessions an attacker can link, the more he or she will learn about the interests of an individual, and the more likely that the identity of this user will be revealed. The development of such methods of user identification has been the focus of several pieces of research, and currently, there are several strategies to obtain behavioral fingerprints from DNS traces. However, only a few works have proposed countermeasures to protect users against this privacy threat on the Internet. Furthermore, new technologies such as DNS-over-TLS, DNS-over-HTTPS, or DNS over QUIC can potentially render available countermeasures ineffective. This paper proposes Never Query Alone (NQA), a strategy that allows a set of nodes to modify their DNS query patterns to mitigate the risk of being tracked by DNS resolvers. In NQA, users forward their DNS queries through their neighbors in such a way that the identification accuracy achieved by the attackers is proportionally reduced as the number of participant nodes is increased. A second strategy, called NQA-SA, is also proposed. NQA-SA decreases the accuracy of the attackers to nearly 1%, independently of the number of participant nodes. Both proposed countermeasures reduce the accuracy of the classifiers at the cost of increasing the delay of the DNS query resolution process. Thus, a trade-off between privacy and delay arises, which is theoretically studied in this work by means of queueing analysis. Experimental results with real networks demonstrate that the proposed countermeasures can significantly degrade the accuracy of commonly used machine learning classifiers, thus increasing the privacy protection of individuals on the Internet.