Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

NinjaDoH: A Censorship-Resistant Moving Target DoH Server Using Hyperscalers and IPNS

Scott Seidenberger, Marc Beret, Raveen Wijewickrama, Murtuza Jadliwala, Anindya Maiti

TL;DR

The results broadly support NinjaDoH's efficacy as a robust, moving target DNS solution that can ensure continuous and secure internet access in environments with heavy DNS-based censorship.

Abstract

We introduce NinjaDoH, a novel DNS over HTTPS (DoH) protocol that leverages the InterPlanetary Name System (IPNS), along with public cloud infrastructure, to create a censorship-resistant moving target DoH service. NinjaDoH is specifically designed to evade traditional censorship methods that involve blocking DoH servers by IP addresses or domains by continually altering the server's network identifiers, significantly increasing the complexity of effectively censoring NinjaDoH traffic without disruption of other web traffic. We also present an analysis that quantifies the DNS query latency and financial costs of running our implementation of this protocol as a service. Further tests assess the ability of NinjaDoH to elude detection mechanisms, including both commercial firewall products and advanced machine learning-based detection systems. The results broadly support NinjaDoH's efficacy as a robust, moving target DNS solution that can ensure continuous and secure internet access in environments with heavy DNS-based censorship.

NinjaDoH: A Censorship-Resistant Moving Target DoH Server Using Hyperscalers and IPNS

TL;DR

The results broadly support NinjaDoH's efficacy as a robust, moving target DNS solution that can ensure continuous and secure internet access in environments with heavy DNS-based censorship.

Abstract

We introduce NinjaDoH, a novel DNS over HTTPS (DoH) protocol that leverages the InterPlanetary Name System (IPNS), along with public cloud infrastructure, to create a censorship-resistant moving target DoH service. NinjaDoH is specifically designed to evade traditional censorship methods that involve blocking DoH servers by IP addresses or domains by continually altering the server's network identifiers, significantly increasing the complexity of effectively censoring NinjaDoH traffic without disruption of other web traffic. We also present an analysis that quantifies the DNS query latency and financial costs of running our implementation of this protocol as a service. Further tests assess the ability of NinjaDoH to elude detection mechanisms, including both commercial firewall products and advanced machine learning-based detection systems. The results broadly support NinjaDoH's efficacy as a robust, moving target DNS solution that can ensure continuous and secure internet access in environments with heavy DNS-based censorship.

Paper Structure

This paper contains 16 sections, 1 equation, 8 figures, 4 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Adversary Model
  4. NinjaDoH System Model
  5. System Requirements
  6. The Server
  7. The Client
  8. Evaluation
  9. Baselining Latency
  10. List-based Firewall Evasion
  11. Machine Learning Evasion
  12. Adaptive Adversary Evasion
  13. Scalability of Adversarial ML-based Detection
  14. Costs to Deploy & Integrate
  15. Additional Security Analysis
  16. ...and 1 more sections

Figures (8)

  • Figure 1: Overview of the adversary model.
  • Figure 2: Overview of the NinjaDoH protocol and architecture. The NinjaDoH client maintains an updated IPNS record with the latest server information via IPFS. When the user initiates a DNS request, it is first sent to the client's localhost DNS proxy, which then routes the request to the current IP address of the NinjaDoH server. At a configurable frequency, the server allocates a new IP address and publishes this update to IPNS. The client retrieves the updated IP address via IPNS and uses it for future DNS queries (until next IP update).
  • Figure 3: Mean DNS resolution time with 95% confidence intervals for different DNS servers. The $y$-axis includes a break to show the large discrepancy between standard DNS servers and DNS over Tor.
  • Figure 4: Evaluation model to detect NinjaDoH traffic.
  • Figure 5: Performance of ML models trained with DoH traffic in detecting test DoH vs. NinjaDoH traffic, showing that while regular DoH is accurately detected, NinjaDoH's dynamic IP rotation and query path randomization make detection far more challenging.
  • ...and 3 more figures