LLUAD: Low-Latency User-Anonymized DNS
- URL: http://arxiv.org/abs/2509.24174v1
- Date: Mon, 29 Sep 2025 01:43:23 GMT
- Title: LLUAD: Low-Latency User-Anonymized DNS
- Authors: Philip Sjösvärd, Hongyu Jin, Panos Papadimitratos,
- Abstract summary: Domain Name System (DNS) involved in practically all web activity.<n>DNS exposes user web activity in detail.<n>Privacy challenge is honest-but-curious DNS servers/resolvers providing the translation/lookup service.
- Score: 0.764671395172401
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: The Domain Name System (DNS) is involved in practically all web activity, translating easy-to-remember domain names into Internet Protocol (IP) addresses. Due to its central role on the Internet, DNS exposes user web activity in detail. The privacy challenge is honest-but-curious DNS servers/resolvers providing the translation/lookup service. In particular, with the majority of DNS queries handled by public DNS resolvers, the organizations running them can track, collect, and analyze massive user activity data. Existing solutions that encrypt DNS traffic between clients and resolvers are insufficient, as the resolver itself is the privacy threat. While DNS query relays separate duties among multiple entities, to limit the data accessible by each entity, they cannot prevent colluding entities from sharing user traffic logs. To achieve near-zero-trust DNS privacy compatible with the existing DNS infrastructure, we propose LLUAD: it locally stores a Popularity List, the most popular DNS records, on user devices, formed in a privacy-preserving manner based on user interests. In this way, LLUAD can both improve privacy and reduce access times to web content. The Popularity List is proactively retrieved from a (curious) public server that continually updates and refreshes the records based on user popularity votes, while efficiently broadcasting record updates/changes to adhere to aggressive load-balancing schemes (i.e., name servers actively load-balancing user connections by changing record IP addresses). User votes are anonymized using a novel, efficient, and highly scalable client-driven Voting Mix Network - with packet lengths independent of the number of hops, centrally enforced limit on number of votes cast per user, and robustness against poor client participation - to ensure a geographically relevant and correctly/securely instantiated Popularity List.
Related papers
- DNS in the Time of Curiosity: A Tale of Collaborative User Privacy Protection [0.764671395172401]
Public DNS resolvers offer low-latency resolution, high reliability, privacy-preserving policies, and support for encrypted DNS queries.<n> client-resolver traffic encryption, increasingly deployed to protect users from eavesdroppers, does not protect users against curious resolvers.<n>We will discuss key ideas of the proposal, which aims to achieve a high level of privacy without sacrificing performance.
arXiv Detail & Related papers (2025-09-29T01:09:09Z) - ODoQ: Oblivious DNS-over-QUIC [0.03499870393443268]
Domain Name System (DNS) has advanced enhancements aimed at safeguarding DNS data and users' identity from attackers.<n>The recent privacy-focused advancements have enabled the IETF to standardize several protocols.<n>These protocols tend to focus on either strengthening user privacy (like Oblivious DNS and Oblivious DNS-over-HTTPS) or reducing resolution latency.<n>Our proposed protocol -- 'Oblivious DNS-over-QUIC' (ODoQ) -- leverages the benefits of the QUIC protocol and incorporates an intermediary proxy server to protect the client's identity.
arXiv Detail & Related papers (2025-09-14T06:29:08Z) - Overcoming DNSSEC Islands of Security: A TLS and IP-Based Certificate Solution [0.03262230127283452]
We propose a decentralized approach to addressing gaps in DNSSEC's chain of trust.<n>We leverage TLS and IP-based certificates to enable end-to-end authentication between hierarchical levels.
arXiv Detail & Related papers (2025-09-10T08:02:07Z) - Collusion Resistant DNS With Private Information Retrieval [42.34183823376613]
We propose PDNS, a DNS extension leveraging single-server Private Information Retrieval to strengthen privacy guarantees.<n>PDNS achieves acceptable performance (2x faster than DoH over Tor with similar privacy guarantees) and strong privacy guarantees today.
arXiv Detail & Related papers (2025-07-28T13:17:25Z) - Optimizing Cross-Client Domain Coverage for Federated Instruction Tuning of Large Language Models [87.49293964617128]
Federated domain-specific instruction tuning (FedDIT) for large language models (LLMs) aims to enhance performance in specialized domains using distributed private and limited data.<n>We empirically establish that cross-client domain coverage, rather than data heterogeneity, is the pivotal factor.<n>We introduce FedDCA, an algorithm that explicitly maximizes this coverage through diversity-oriented client center selection and retrieval-based augmentation.
arXiv Detail & Related papers (2024-09-30T09:34:31Z) - TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain [8.38094558878305]
Domain Name System (DNS) is vulnerable to some malicious attacks, including DNS cache poisoning.
This paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records.
TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure.
arXiv Detail & Related papers (2023-12-07T08:03:10Z) - Model Barrier: A Compact Un-Transferable Isolation Domain for Model
Intellectual Property Protection [52.08301776698373]
We propose a novel approach called Compact Un-Transferable Isolation Domain (CUTI-domain)
CUTI-domain acts as a barrier to block illegal transfers from authorized to unauthorized domains.
We show that CUTI-domain can be easily implemented as a plug-and-play module with different backbones.
arXiv Detail & Related papers (2023-03-20T13:07:11Z) - ByzSecAgg: A Byzantine-Resistant Secure Aggregation Scheme for Federated Learning Based on Coded Computing and Vector Commitment [61.540831911168226]
ByzSecAgg is an efficient secure aggregation scheme for federated learning.<n>ByzSecAgg is resistant to Byzantine attacks and privacy leakages.
arXiv Detail & Related papers (2023-02-20T11:15:18Z) - Exploiting Graph Structured Cross-Domain Representation for Multi-Domain
Recommendation [71.45854187886088]
Multi-domain recommender systems benefit from cross-domain representation learning and positive knowledge transfer.
We use temporal intra- and inter-domain interactions as contextual information for our method called MAGRec.
We perform experiments on publicly available datasets in different scenarios where MAGRec consistently outperforms state-of-the-art methods.
arXiv Detail & Related papers (2023-02-12T19:51:32Z) - Measuring the Availability and Response Times of Public Encrypted DNS Resolvers [8.13463174491448]
We measure DNS query response times from global vantage points in North America, Europe, and Asia.<n>Our results show that many non-mainstream resolvers have higher response times than mainstream resolvers.<n>In some cases, however, certain non-mainstream resolvers perform at least as well as mainstream resolvers.
arXiv Detail & Related papers (2022-08-09T18:58:11Z) - CMT in TREC-COVID Round 2: Mitigating the Generalization Gaps from Web
to Special Domain Search [89.48123965553098]
This paper presents a search system to alleviate the special domain adaption problem.
The system utilizes the domain-adaptive pretraining and few-shot learning technologies to help neural rankers mitigate the domain discrepancy.
Our system performs the best among the non-manual runs in Round 2 of the TREC-COVID task.
arXiv Detail & Related papers (2020-11-03T09:10:48Z) - Dynamic Fusion Network for Multi-Domain End-to-end Task-Oriented Dialog [70.79442700890843]
We propose a novel Dynamic Fusion Network (DF-Net) which automatically exploit the relevance between the target domain and each domain.
With little training data, we show its transferability by outperforming prior best model by 13.9% on average.
arXiv Detail & Related papers (2020-04-23T08:17:22Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.