Table of Contents
Fetching ...

DNS Query Forgery: A Client-Side Defense Against Mobile App Traffic Profiling

Andrea Jimenez-Berenguel, César Gil, Carlos Garcia-Rubio, Jordi Forné, Celeste Campo

TL;DR

This work addresses the privacy risk posed by DNS queries revealing mobile user behavior even when traffic is encrypted. It introduces a client-side data-perturbation approach—DNS query forgery—where false queries are mixed with genuine ones to obfuscate user profiles, formalized as $t=(1-\\rho)q+\\rho r$ and evaluated via $\\mathcal{R}(\\rho)=\\mathop{\\mathrm{D}}((1-\\rho)q+\\rho r\\|p)$. Three false-query strategies are analyzed: uniform sampling, a TrackMeNot-inspired generator, and a KL-divergence–minimizing optimizer, with an optimized method achieving substantial privacy gains at moderate overhead. A synthetic dataset of 1,000 users derived from real mobile app traces is used to quantify privacy-utility trade-offs, showing up to 100% privacy improvement for the majority of users at practical perturbation rates. The paper also proposes a modular, client-side architecture enabling practical deployment without third-party trust, highlighting the approach’s adaptability to dynamic DNS environments and its potential as a zero-trust privacy solution for individuals.

Abstract

Mobile applications continuously generate DNS queries that can reveal sensitive user behavioral patterns even when communications are encrypted. This paper presents a privacy enhancement framework based on query forgery to protect users against profiling attempts that leverage these background communications. We first mathematically model user profiles as probability distributions over interest categories derived from mobile application traffic. We then evaluate three query forgery strategies -- uniform sampling, TrackMeNot-based generation, and an optimized approach that minimizes Kullback-Leibler divergence -- to quantify their effectiveness in obfuscating user profiles. Then we create a synthetic dataset comprising 1,000 user traces constructed from real mobile application traffic and we extract the user profiles based on DNS traffic. Our evaluation reveals that a 50\% privacy improvement is achievable with less than 20\% traffic overhead when using our approach, while achieving 100\% privacy protection requires approximately 40-60\% additional traffic. We further propose a modular system architecture for practical implementation of our protection mechanisms on mobile devices. This work offers a client-side privacy solution that operates without third-party trust requirements, empowering individual users to defend against traffic analysis without compromising application functionality.

DNS Query Forgery: A Client-Side Defense Against Mobile App Traffic Profiling

TL;DR

This work addresses the privacy risk posed by DNS queries revealing mobile user behavior even when traffic is encrypted. It introduces a client-side data-perturbation approach—DNS query forgery—where false queries are mixed with genuine ones to obfuscate user profiles, formalized as and evaluated via . Three false-query strategies are analyzed: uniform sampling, a TrackMeNot-inspired generator, and a KL-divergence–minimizing optimizer, with an optimized method achieving substantial privacy gains at moderate overhead. A synthetic dataset of 1,000 users derived from real mobile app traces is used to quantify privacy-utility trade-offs, showing up to 100% privacy improvement for the majority of users at practical perturbation rates. The paper also proposes a modular, client-side architecture enabling practical deployment without third-party trust, highlighting the approach’s adaptability to dynamic DNS environments and its potential as a zero-trust privacy solution for individuals.

Abstract

Mobile applications continuously generate DNS queries that can reveal sensitive user behavioral patterns even when communications are encrypted. This paper presents a privacy enhancement framework based on query forgery to protect users against profiling attempts that leverage these background communications. We first mathematically model user profiles as probability distributions over interest categories derived from mobile application traffic. We then evaluate three query forgery strategies -- uniform sampling, TrackMeNot-based generation, and an optimized approach that minimizes Kullback-Leibler divergence -- to quantify their effectiveness in obfuscating user profiles. Then we create a synthetic dataset comprising 1,000 user traces constructed from real mobile application traffic and we extract the user profiles based on DNS traffic. Our evaluation reveals that a 50\% privacy improvement is achievable with less than 20\% traffic overhead when using our approach, while achieving 100\% privacy protection requires approximately 40-60\% additional traffic. We further propose a modular system architecture for practical implementation of our protection mechanisms on mobile devices. This work offers a client-side privacy solution that operates without third-party trust requirements, empowering individual users to defend against traffic analysis without compromising application functionality.
Paper Structure (24 sections, 7 equations, 10 figures, 5 tables)

This paper contains 24 sections, 7 equations, 10 figures, 5 tables.

Figures (10)

  • Figure 1: Representation of the secured scenario with the user model, the data-perturbation mechanism and attacker model.
  • Figure 2: Privacy risk $\mathcal{R}(\rho)$ according to the perturbation ratio $\rho$ for the numerical example for the three perturbation strategies. Denoted by a red dashed vertical line, the $\rho_{crit}$ value.
  • Figure 3: Evolution of the real and apparent profile $(q, t)$ for the optimized strategy (oqf) according to different values of the disturbance ratio $\rho = (0, 1/2\rho_{crit}, \rho_{crit})$.
  • Figure 4: DNS queries per minute in the MAppGraph dataset.
  • Figure 5: Histograms illustrating the installation probabilities inter and intra-category which follow a power-law distribution.
  • ...and 5 more figures