English
Related papers

Related papers: DSTC: DNS-based Strict TLS Configurations

200 papers

DNS over TLS (DoT) and DNS over HTTPS (DoH) encrypt DNS to guard user privacy by hiding DNS resolutions from passive adversaries. Yet, past attacks have shown that encrypted DNS is still sensitive to traffic analysis. As a consequence, RFC…

Cryptography and Security · Computer Science 2019-07-03 Jonas Bushart , Christian Rossow

Virtually every connection to an Internet service is preceded by a DNS lookup which is performed without any traffic-level protection, thus enabling manipulation, redirection, surveillance, and censorship. To address these issues, large…

Cryptography and Security · Computer Science 2019-10-08 Sandra Siby , Marc Juarez , Claudia Diaz , Narseo Vallina-Rodriguez , Carmela Troncoso

The scarcity of data and the high complexity of Advanced Persistent Threats (APTs) attacks have created challenges in comprehending their behavior and hindered the exploration of effective detection techniques. To create an effective APT…

Cryptography and Security · Computer Science 2025-02-14 Almuthanna Alageel , Sergio Maffeis , Imperial College London

In this paper we propose a protocol that can be used to covertly send a distress signal through a seemingly normal webserver, even if the adversary is monitoring both the network and the user's device. This allows a user to call for help…

Cryptography and Security · Computer Science 2023-10-06 Hayyu Imanda , Kasper Rasmussen

Internet traffic is increasingly encrypted. While this protects the confidentiality and integrity of communication, it prevents network monitoring systems (NMS) and intrusion detection systems (IDSs) from effectively analyzing the now…

Cryptography and Security · Computer Science 2021-04-21 Florian Wilkens , Steffen Haas , Johanna Amann , Mathias Fischer

As of today, TLS is the most commonly used protocol to protect communication content. To provide good security, it is of central importance, that administrators know how to configure their services correctly. For this purpose, services…

Human-Computer Interaction · Computer Science 2018-09-25 Christian Tiefenau , Emanuel von Zezschwitz

Security and Privacy are crucial in modern Internet services. Transport Layer Security (TLS) has largely addressed the issue of security. However, information about the type of service being accessed goes in plain-text in the initial…

Cryptography and Security · Computer Science 2022-07-06 Vinod S. Khandkar , Manjesh K. Hanawal , Sameer G Kulkarni

The threats of caching poisoning attacks largely stimulate the deployment of DNSSEC. Being a strong but demanding cryptographical defense, DNSSEC has its universal adoption predicted to go through a lengthy transition. Thus the DNSSEC…

Cryptography and Security · Computer Science 2016-02-29 Zheng Wang

The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and…

Cryptography and Security · Computer Science 2022-06-02 Markus Dahlmanns , Johannes Lohmöller , Jan Pennekamp , Jörn Bodenhausen , Klaus Wehrle , Martin Henze

Everyone is concerned about the Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms…

Cryptography and Security · Computer Science 2013-05-07 Yossi Gilad , Amir Herzberg , Haya Shulman

The absence of security and privacy measures between DNS recursive resolvers and authoritative nameservers has been exploited by both on-path and off-path attackers. Although numerous security proposals have been introduced in practice and…

Cryptography and Security · Computer Science 2025-06-27 Ali Sadeghi Jahromi , AbdelRahman Abdou , Paul C. van Oorschot

Domain name system communication may provide sensitive information on users' Internet activity. DNS-over-TLS and DNS-over-HTTPS are proposals aiming at increasing the privacy of Internet end users. In this paper we present an overview of…

Networking and Internet Architecture · Computer Science 2022-04-11 Kamil Jerabek , Ondrej Rysavy , Ivana Burgetova

Pushback is a mechanism for defending against Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, but because most such congestion is caused by malicious hosts not obeying traditional…

Cryptography and Security · Computer Science 2012-01-11 Saravanan Kumarasamy , R. Asokan

The DNS infrastructure is infamous for facilitating reflective amplification attacks. Various countermeasures such as server shielding, access control, rate limiting, and protocol restrictions have been implemented. Still, the threat…

Cryptography and Security · Computer Science 2025-10-23 Maynard Koch , Florian Dolzmann , Thomas C. Schmidt , Matthias Wählisch

The use of TLS proxies to intercept encrypted traffic is controversial since the same mechanism can be used for both benevolent purposes, such as protecting against malware, and for malicious purposes, such as identity theft or warrantless…

Cryptography and Security · Computer Science 2015-05-29 Mark O'Neill , Scott Ruoti , Kent Seamons , Daniel Zappala

TLS can resume previous connections via abbreviated resumption handshakes that significantly decrease the delay and save expensive cryptographic operations. For that, cryptographic TLS state from previous connections is reused. TLS version…

Cryptography and Security · Computer Science 2019-02-08 Erik Sy , Moritz Moennich , Tobias Mueller , Hannes Federrath , Mathias Fischer

Low-rate application layer distributed denial of service (LDDoS) attacks are both powerful and stealthy. They force vulnerable webservers to open all available connections to the adversary, denying resources to real users. Mitigation advice…

Networking and Internet Architecture · Computer Science 2019-04-03 Michael Siracusano , Stavros Shiaeles , Bogdan Ghita

TLS 1.3 marks a significant departure from previous versions of the Transport Layer Security protocol (TLS). The new version offers a simplified protocol flow, more secure cryptographic primitives, and new features to improve performance,…

Cryptography and Security · Computer Science 2019-08-07 Ralph Holz , Johanna Amann , Abbas Razaghpanah , Narseo Vallina-Rodriguez

The majority of electronic communication today happens either via email or chat. Thanks to the use of standardised protocols electronic mail (SMTP, IMAP, POP3) and instant chat (XMPP, IRC) servers can be deployed in a decentralised but…

Cryptography and Security · Computer Science 2016-01-26 Ralph Holz , Johanna Amann , Olivier Mehani , Matthias Wachs , Mohamed Ali Kaafar

Recent developments to encrypt the Domain Name System (DNS) have resulted in major browser and operating system vendors deploying encrypted DNS functionality, often enabling various configurations and settings by default. In many cases,…

Cryptography and Security · Computer Science 2023-02-22 Alexandra Nisenoff , Ranya Sharma , Nick Feamster