0

0

NinjaDoH: A Censorship-Resistant Moving Target DoH Server Using Hyperscalers and IPNS

    Published 11/6/2024 by Scott Seidenberger, Marc Beret, Raveen Wijewickrama, Murtuza Jadliwala, Anindya Maiti

    Overview

    • Proposes a censorship-resistant, moving target Domain Name System (DNS) over HTTPS (DoH) server called NinjaDoH
    • Leverages hyperscaler cloud providers and InterPlanetary Name System (IPNS) to dynamically deploy DoH servers
    • Aims to circumvent censorship attempts by frequently changing the server's location and identity

    Adversary model: Overview of the attack scenario.

    1/4

    Adversary model: Overview of the attack scenario.

    Original caption: Figure 1: Overview of the adversary model.

    DNS resolution times, adjusted for ping, by DoH server type.

    1/2

    Server Type Mean Resolution Time (ms) Confidence Interval (95%)
    NinjaDoH 12.68 ms 11.54 ms - 13.81 ms
    Control 7.85 ms 7.38 ms - 8.32 ms
    Public DNS 7.77 ms 7.23 ms - 8.31 ms

    Original caption: TABLE I: Mean ping-adjusted DNS resolution times by DoH server type.

    Plain English Explanation

    NinjaDoH is a system that provides a way for people to access the internet without their internet service provider (ISP) or government being able to block or censor the websites they visit. It does this by using a special type of DNS server called a "DoH" server, which encrypts the requests to hide what websites are being accessed.

    To make it harder for the ISP or government to block the DoH server, NinjaDoH constantly changes where the server is located and what its identity is. It does this by using the power of big cloud computing providers (called "hyperscalers") and a technology called IPNS, which allows the server's location and identity to be dynamically updated.

    By constantly moving the DoH server around and changing its identity, NinjaDoH aims to stay one step ahead of any attempts to censor or block it, providing a more censorship-resistant way for people to access the internet.

    Key Findings

    • NinjaDoH can dynamically deploy DoH servers across multiple hyperscaler cloud providers to create a "moving target" defense against censorship
    • The use of IPNS allows the DoH server's location and identity to be updated frequently, making it harder to block
    • Experiments show NinjaDoH has low overhead and can effectively circumvent censorship attempts compared to a static DoH server

    Technical Explanation

    NinjaDoH is designed to provide a censorship-resistant DoH server by leveraging the scalability and flexibility of hyperscaler cloud providers and the InterPlanetary Name System (IPNS). The key technical elements include:

    Adversary Model: NinjaDoH assumes an adversary who can monitor internet traffic, block IP addresses, and perform domain name-based censorship.

    Architecture: NinjaDoH dynamically deploys DoH servers across multiple hyperscaler cloud providers. The server's location and identity are updated frequently using IPNS to create a "moving target" defense.

    Evaluation: Experiments show NinjaDoH can effectively circumvent censorship attempts, with low overhead compared to a static DoH server.

    Implications for the Field

    The NinjaDoH system demonstrates how cloud computing and decentralized technologies like IPNS can be leveraged to build more censorship-resistant internet infrastructure. This research advances the state of knowledge in areas like moving target defense, censorship circumvention, and the use of emerging technologies for internet freedom.

    Critical Analysis

    The paper acknowledges several limitations of NinjaDoH, such as the potential for increased latency due to the frequent server migrations and the reliance on the availability and trustworthiness of hyperscaler cloud providers and the IPNS network. Additionally, the paper does not address potential legal or ethical concerns around the use of such a system to circumvent censorship.

    Further research could explore ways to minimize latency, ensure robust availability, and address potential misuse of the system. It would also be valuable to investigate the real-world deployment and usage of NinjaDoH to better understand its practical effectiveness and impact.

    Conclusion

    NinjaDoH presents a novel approach to building a censorship-resistant DNS infrastructure by leveraging cloud computing and decentralized technologies. By dynamically deploying and relocating DoH servers, NinjaDoH aims to stay one step ahead of censorship attempts, providing a more resilient way for people to access the open internet. While further research is needed to address potential limitations, this work represents an important step towards enhancing internet freedom and circumventing online censorship.

    Full paper

    Loading...

    Loading PDF viewer...

    Read original: arXiv:2411.02805



    This summary was produced with help from an AI and may contain inaccuracies - check out the links to read the original source documents!

    Total Score

    0

    Follow @aimodelsfyi on 𝕏 →