DNSのプライバシー保護を強化するための権威DNSサーバ発見方式の検討

砂原, 悟; 金, 勇; 飯田, 勝吉


Hokkaido University \| Library \| HUSCAP	Advanced Search		言語

	Home
	About HUSCAP
	Open Access Policy

	Browse by Author

Browse
	Communities & Collections

	Scholarly Journals
	Theses
	Doctoral Dissertations Listed by Graduate Schools
	Conference Procs.
	Events

	HUSCAP Senior (in Japanese)

	Societies

	Downloads (country)

For university staff
	How to post your papers to HUSCAP
	Publication of theses
	Helpline about theses publication

Open Archives Compliant

You can search our collection also at:
	Google
	Google Scholar
	CiNii
	IRDB
	OAIster
	NDLTD

Hokkaido University Collection of Scholarly and Academic Papers >
Information Initiative Center >
Peer-reviewed Journal Articles, etc >

DNSのプライバシー保護を強化するための権威DNSサーバ発見方式の検討

Files in This Item:

IA2023-11.pdf

1.86 MB

PDF

View/Open

Please use this identifier to cite or link to this item:http://hdl.handle.net/2115/90932

Title:	DNSのプライバシー保護を強化するための権威DNSサーバ発見方式の検討
Other Titles:	A consideration about a discovering method of privacy-enhanced authoritative DNS servers
Authors:	砂原, 悟¹ Browse this author →KAKEN DB
	金, 勇² Browse this author →KAKEN DB
	飯田, 勝吉³ Browse this author →KAKEN DB
Authors(alt):	SUNAHARA, Satoru¹
	JIN, Yong²
	IIDA, Katsuyoshi³
Keywords:	DNS
	プライバシー保護
	Full-DoH
	暗号通信対応権威DNSサーバ
	サーバ発見
	NSレコード
	DNS
	privacy protection
	Encrypted DNS Authoritative Server
	Servicer Discovery
	Full-DoH
	NS Records
Issue Date:	14-Sep-2023
Publisher:	電子情報通信学会
Journal Title:	電子情報通信学会技術研究報告
Journal Title(alt):	IEICE Technical Report
Volume:	123
Issue:	193
Start Page:	1
End Page:	5
Abstract:	DNSクエリの平文通信にはプライバシーの漏洩リスクが存在する．そのため，クライアント端末からフルサービスリゾルバ間，そしてフルサービスリゾルバから権威DNSサーバ間のDNS通信は全て暗号化による保護が求められる．現在，IETFからフルサービスリゾルバと権威DNSサーバ間の通信を暗号化するための仕様案が発表されているが，この方式は既存の平文通信との互換性を重視しているため，フルサービスリゾルバが暗号化通信に対応した権威DNSサーバを発見するまでは，プライバシーの漏洩リスクが残る．本論文では，各ゾーンの親権威DNSサーバに該当ゾーンの暗号化通信への対応状況を示すダミーのNSレコードを追加することで，互換性とプライバシー保護を両立させる方法を提案する．また，この提案方法の実装と機能確認についても述べる．
Abstract:	Plain-text communication of DNS queries poses a risk of privacy leakage. Therefore, it is imperative to achieve protection through encryption for DNS communication between end terminals and full-service resolvers, as well as between full-service resolvers and authoritative DNS servers. The IETF has published an internet-draft for encrypting communication between full-service resolvers and authoritative DNS servers. However, this approach prioritizes compatibility with existing plain-text communication, which means that the risk of privacy leakage remains until a full-service resolver discovers an author-itative DNS server compatible with encrypted communication. In this paper, we propose a method to achieve the compatibility and privacy protection by adding dummy NS records indicating the status of support for encrypted communication of respective zones to the authoritative DNS servers of each zone. Additionally, we discuss the implementation and functional verification of this proposed method.
Rights:	Copyright ©2023 IEICE
Publisher URI:	https://ken.ieice.org/ken/paper/20230921RCwV/
Type:	article
URI:	http://hdl.handle.net/2115/90932
Appears in Collections:	情報基盤センター (Information Initiative Center) > 雑誌発表論文等 (Peer-reviewed Journal Articles, etc)

Submitter: 飯田勝吉

OAI-PMH ( junii2 , jpcoar_1.0 )

- Hokkaido University