CNS Core: Medium: Privacy-Preserving and Censorship-Resistant Domain Name System

CNS 核心：中：隐私保护和抗审查域名系统

• 批准号: 2310927
• 负责人: Aleksandar Kuzmanovic
• 金额: $ 75万
• 依托单位: Northwestern University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2310927&HistoricalAwards=false
• 关键词: CNS; Core; Medium; Privacy; Preserving

The Domain Name System (DNS) is the phonebook of the Internet which maps human-friendly domain names to IP addresses. Without DNS, the Internet itself would not function. Despite the decades-long efforts to protect user privacy on the Internet, privacy remains an open issue for DNS. In general, access to a DNS resolver enables traffic snooping, i.e., realizing who is looking for what. Moreover, DNS is a perfect vehicle for censorship: preventing users to resolve domain names is one of the simplest, and often utilized, way to censor free and open access on the Internet. The key question this project aims to answer is whether a truly privacy-preserving and censorship-resistant DNS can be developed.The key thesis of this project is that the only way to guarantee full user privacy would be for the DNS server to do its job in the blind, i.e., by resolving domain names without knowing what they are. The latter statement seems counter-intuitive, but in reality several techniques exist which allow such operations. These techniques fall in the branch of Private Information Retrieval (PIR), which is achieved by various cryptographic tools such as homomorphic encryption. PIR protocols have long been considered impractical due to performance bottlenecks. The preliminary research and performance benchmarks demonstrate that the PIR performance is moving towards the practically usable territory in terms of query timescales, traffic overhead, and supported database size. The main goal of this project is to make PIR applicable to DNS by leveraging inherent features of the DNS systems and co-designing novel PIR protocols, thus making the full DNS privacy and censorship resistance a reality.This project has the potential to make a significant impact by enabling a scalable, incrementally-deployable, privacy-preserving, and censorship-resilient DNS system. The PIs plan to design and disseminate, as open-source, implementations of the system. It is expected that popular browsers will support the proposed privacy-preserving system by showing an icon, similar to the one for HTTPS, for the websites that support the single-server PDNS. The proposed research has societal impacts beyond the computing discipline because results from this project could lead to fundamental enhancements in terms of user privacy on the Internet. Moreover, it can make an important step towards thwarting network-level censorship, thus leading to free and open Internet and society.All the data associated with this project, including measurement data, code, and results, will be made publicly and openly available at http://networks.cs.northwestern.edu/PDNS/. This website will be maintained for the duration of the project, and all the data will remain available for download from the website for at least 5 years after the project is completed.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

域名系统（DNS）是互联网的电话簿，它将人性化的域名映射到IP地址。如果没有DNS，互联网本身将无法运行。尽管数十年来一直在努力保护互联网上的用户隐私，但隐私仍然是DNS的一个悬而未决的问题。通常，对DNS解析器的访问使得能够进行流量监听，即，意识到谁在找什么此外，DNS是审查的完美工具：阻止用户解析域名是审查互联网上免费和开放访问的最简单，也是经常使用的方法之一。这个项目的关键问题是，是否可以开发一个真正的隐私保护和审查抵抗DNS。这个项目的关键论点是，保证完全用户隐私的唯一方法是DNS服务器在盲人中完成其工作，即，通过解析域名而不知道它们是什么。后一种说法似乎违反直觉，但实际上存在几种允许这种操作的技术。这些技术属于私有信息检索（PIR）的分支，其通过诸如同态加密的各种密码工具来实现。由于性能瓶颈，PIR协议长期以来被认为是不切实际的。初步的研究和性能基准测试表明，PIR的性能正在走向实际可用的领土方面的查询时间尺度，流量开销，和支持的数据库大小。该项目的主要目标是通过利用DNS系统的固有特性和共同设计新颖的PIR协议，使PIR适用于DNS，从而实现完全的DNS隐私和审查抵抗。该项目有可能通过实现可扩展的，可增量部署的，隐私保护的和审查弹性的DNS系统产生重大影响。参与者计划设计和传播该系统的开放源码实施。预计流行的浏览器将通过显示支持单服务器PDNS的网站的图标（类似于HTTPS的图标）来支持所提出的隐私保护系统。拟议的研究具有超越计算学科的社会影响，因为该项目的结果可能导致互联网上用户隐私的根本增强。此外，它还可以在阻止网络审查方面迈出重要一步，从而实现自由开放的互联网和社会。与该项目相关的所有数据，包括测量数据、代码和结果，都将在http://networks.cs.northwestern.edu/PDNS/上公开发布。该网站将在项目期间维护，所有数据将在项目完成后至少5年内仍可从网站下载。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。