Leakage Of.Onion At The Dns Root: Measurements, Causes, And Countermeasures

Keywords

DNS; privacy; security; Tor

Abstract

The Tor hidden services, one of the features of the Tor anonymity network, are widely used for providing anonymity to services within the Tor network. Tor uses the.onion pseudo-top-level domain for naming convention and to route requests to these hidden services. The.onion namespace is not delegated to the global domain name system (DNS), and Tor is designed in such a way that all.onion queries are routed within the Tor network. However, and despite the careful design of Tor, numerous.onion requests are still today observed in the global DNS infrastructure, thus calling for further investigation. In this paper, we present the state of.onion requests received at the global DNS and as viewed from two large DNS traces: a continuous period of observation at the A and J DNS root nodes over a longitudinal period of time and a synthesis of Day In The Life of the Internet data repository that gathers a synchronized DNS capture of two days per year over multiple years. We found that.onion leakage in the DNS infrastructure to be both prevalent and persistent. Our characterization of the leakage shows various features, including high volumes of leakage that are diverse, geographically distributed, and targeting various types of hidden services. Furthermore, we found that various spikes in the.onion request volumes can be correlated with various global events, including geopolitical events. We attribute the leakage to various causes that are plausible based on various assessments, and provide various remedies with varying benefits.

Publication Date

10-1-2017

Publication Title

IEEE/ACM Transactions on Networking

Volume

25

Issue

5

Number of Pages

3059-3072

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/TNET.2017.2717965

Socpus ID

85023161129 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85023161129

This document is currently not available here.

Share

COinS