CNS Core: Medium: Privacy-Preserving and Censorship-Resistant Domain Name System

CNS 核心：中：隐私保护和抗审查域名系统

• 批准号: 2310927
• 负责人: Aleksandar Kuzmanovic
• 金额: $ 75万
• 依托单位: Northwestern University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2310927&HistoricalAwards=false
• 关键词: CNS; Core; Medium; Privacy; Preserving

The Domain Name System (DNS) is the phonebook of the Internet which maps human-friendly domain names to IP addresses. Without DNS, the Internet itself would not function. Despite the decades-long efforts to protect user privacy on the Internet, privacy remains an open issue for DNS. In general, access to a DNS resolver enables traffic snooping, i.e., realizing who is looking for what. Moreover, DNS is a perfect vehicle for censorship: preventing users to resolve domain names is one of the simplest, and often utilized, way to censor free and open access on the Internet. The key question this project aims to answer is whether a truly privacy-preserving and censorship-resistant DNS can be developed.The key thesis of this project is that the only way to guarantee full user privacy would be for the DNS server to do its job in the blind, i.e., by resolving domain names without knowing what they are. The latter statement seems counter-intuitive, but in reality several techniques exist which allow such operations. These techniques fall in the branch of Private Information Retrieval (PIR), which is achieved by various cryptographic tools such as homomorphic encryption. PIR protocols have long been considered impractical due to performance bottlenecks. The preliminary research and performance benchmarks demonstrate that the PIR performance is moving towards the practically usable territory in terms of query timescales, traffic overhead, and supported database size. The main goal of this project is to make PIR applicable to DNS by leveraging inherent features of the DNS systems and co-designing novel PIR protocols, thus making the full DNS privacy and censorship resistance a reality.This project has the potential to make a significant impact by enabling a scalable, incrementally-deployable, privacy-preserving, and censorship-resilient DNS system. The PIs plan to design and disseminate, as open-source, implementations of the system. It is expected that popular browsers will support the proposed privacy-preserving system by showing an icon, similar to the one for HTTPS, for the websites that support the single-server PDNS. The proposed research has societal impacts beyond the computing discipline because results from this project could lead to fundamental enhancements in terms of user privacy on the Internet. Moreover, it can make an important step towards thwarting network-level censorship, thus leading to free and open Internet and society.All the data associated with this project, including measurement data, code, and results, will be made publicly and openly available at http://networks.cs.northwestern.edu/PDNS/. This website will be maintained for the duration of the project, and all the data will remain available for download from the website for at least 5 years after the project is completed.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

域名系统（DNS）是Internet的电话簿，将人类友好的域名映射到IP地址。没有DNS，互联网本身将无法正常运行。尽管为保护互联网上的用户隐私做出了长达数十年的努力，但对于DNS来说，隐私仍然是一个空旷的问题。通常，访问DNS解析器可以实现流量窥探，即意识到谁在寻找什么。此外，DNS是审查制度的理想工具：防止用户解析域名是最简单，经常使用的方法之一，可在Internet上进行审查和开放式访问。该项目旨在回答的关键问题是，可以开发一个真正的隐私保护和持持审查的DNS。该项目的关键论点是，保证充分用户隐私的唯一方法是让DNS服务器在盲人中完成其工作，即解决域名而不知道它们是什么。后一种陈述似乎是违反直觉的，但实际上存在几种允许此类操作的技术。这些技术属于私人信息检索（PIR）的分支，这是由多种密码工具（例如同型加密）实现的。由于性能瓶颈，长期以来，PIR方案一直被认为是不切实际的。初步研究和绩效基准表明，就查询时间标准，交通开销和支持的数据库大小而言，PIR性能正朝着实际上可用的领域发展。该项目的主要目的是通过利用DNS系统的固有特征和共同设计的新型PIR协议使PIR适用于DNS，从而使完整的DNS隐私和审查阻力成为现实。该项目具有通过可扩展，可扩展性可扩展的，隐私，隐私，系统和consorssressressressressressressressressressressressressressress和Coressressressress和Coressressressressress和Coressors的潜力。 PIS计划设计和传播系统的开源实现。预计流行的浏览器将通过显示一个与HTTPS相似的图标来支持所提出的隐私系统，用于支持单服务器PDN的网站。拟议的研究具有超出计算学科的社会影响，因为该项目的结果可能会导致互联网上用户隐私的基本增强。此外，它可以朝着挫败网络级别的审查制度迈出重要的一步，从而导致自由和开放的互联网和社会。与该项目相关的所有数据，包括测量数据，代码和结果，将在http://networks.cs.cs.northwests.northwesternwestern.eduu/pdns/上公开提供。该网站将在项目的期限内维护，所有数据将在项目完成后至少从网站下载至少5年。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的智力优点和更广泛影响的审查标准通过评估来获得支持的。