CNS Core: Medium: Privacy-Preserving and Censorship-Resistant Domain Name System

CNS 核心：中：隐私保护和抗审查域名系统

• 批准号: 2310927
• 负责人: Aleksandar Kuzmanovic
• 金额: $ 75万
• 依托单位: Northwestern University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2310927&HistoricalAwards=false
• 关键词: CNS; Core; Medium; Privacy; Preserving

The Domain Name System (DNS) is the phonebook of the Internet which maps human-friendly domain names to IP addresses. Without DNS, the Internet itself would not function. Despite the decades-long efforts to protect user privacy on the Internet, privacy remains an open issue for DNS. In general, access to a DNS resolver enables traffic snooping, i.e., realizing who is looking for what. Moreover, DNS is a perfect vehicle for censorship: preventing users to resolve domain names is one of the simplest, and often utilized, way to censor free and open access on the Internet. The key question this project aims to answer is whether a truly privacy-preserving and censorship-resistant DNS can be developed.The key thesis of this project is that the only way to guarantee full user privacy would be for the DNS server to do its job in the blind, i.e., by resolving domain names without knowing what they are. The latter statement seems counter-intuitive, but in reality several techniques exist which allow such operations. These techniques fall in the branch of Private Information Retrieval (PIR), which is achieved by various cryptographic tools such as homomorphic encryption. PIR protocols have long been considered impractical due to performance bottlenecks. The preliminary research and performance benchmarks demonstrate that the PIR performance is moving towards the practically usable territory in terms of query timescales, traffic overhead, and supported database size. The main goal of this project is to make PIR applicable to DNS by leveraging inherent features of the DNS systems and co-designing novel PIR protocols, thus making the full DNS privacy and censorship resistance a reality.This project has the potential to make a significant impact by enabling a scalable, incrementally-deployable, privacy-preserving, and censorship-resilient DNS system. The PIs plan to design and disseminate, as open-source, implementations of the system. It is expected that popular browsers will support the proposed privacy-preserving system by showing an icon, similar to the one for HTTPS, for the websites that support the single-server PDNS. The proposed research has societal impacts beyond the computing discipline because results from this project could lead to fundamental enhancements in terms of user privacy on the Internet. Moreover, it can make an important step towards thwarting network-level censorship, thus leading to free and open Internet and society.All the data associated with this project, including measurement data, code, and results, will be made publicly and openly available at http://networks.cs.northwestern.edu/PDNS/. This website will be maintained for the duration of the project, and all the data will remain available for download from the website for at least 5 years after the project is completed.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

域名系统 (DNS) 是互联网的电话簿，它将人类友好的域名映射到 IP 地址。如果没有 DNS，互联网本身就无法运行。尽管数十年来一直在努力保护互联网上的用户隐私，但隐私仍然是 DNS 的一个悬而未决的问题。一般来说，访问 DNS 解析器可以实现流量窥探，即了解谁在寻找什么。此外，DNS 是一个完美的审查工具：阻止用户解析域名是审查互联网上自由和开放访问的最简单且经常使用的方法之一。该项目旨在回答的关键问题是是否可以开发出真正保护隐私和抗审查的 DNS。该项目的关键论点是，保证完全用户隐私的唯一方法是 DNS 服务器完成其工作盲目地，即在不知道域名是什么的情况下解析域名。后一种说法似乎违反直觉，但实际上存在多种允许此类操作的技术。这些技术属于隐私信息检索（PIR）的分支，它是通过同态加密等各种加密工具来实现的。由于性能瓶颈，PIR 协议长期以来被认为不切实际。初步研究和性能基准测试表明，PIR 性能在查询时间尺度、流量开销和支持的数据库大小方面正在接近实际可用的范围。该项目的主要目标是通过利用 DNS 系统的固有特征并共同设计新颖的 PIR 协议，使 PIR 适用于 DNS，从而使完整的 DNS 隐私和审查抵抗成为现实。该项目有潜力做出重大贡献通过启用可扩展、可增量部署、隐私保护和审查弹性的 DNS 系统来产生影响。 PI 计划以开源方式设计和传播该系统的实现。预计流行的浏览器将通过为支持单服务器 PDNS 的网站显示一个类似于 HTTPS 的图标来支持所提议的隐私保护系统。拟议的研究具有超出计算学科的社会影响，因为该项目的结果可能会导致互联网用户隐私方面的根本增强。此外，它可以朝着阻止网络级审查迈出重要一步，从而实现自由开放的互联网和社会。与该项目相关的所有数据，包括测量数据、代码和结果，都将在以下位置公开公开： http://networks.cs.northwestern.edu/PDNS/。该网站将在项目期间持续维护，所有数据在项目完成后至少5年内仍可从网站下载。该奖项体现了NSF的法定使命，经评估认为值得支持利用基金会的智力优势和更广泛的影响审查标准。