Pelissier, S; Anselmi, G; Mishra, AK; Mandalari, AM; Cunche, M; (2025) Enhancing IoT Privacy: Why DNS-over-HTTPS Alone Falls Short? In: Proceedings of the IEEE International Conference on Trust Security and Privacy in Computing and Communications Trustcom. (pp. pp. 1353-1360). IEEE

Preview

Text TrustCom_2024_Encrypted_DNS_IoT.pdf - Accepted Version Download (482kB) | Preview

Abstract

Recent years have seen widespread adoption of consumer Internet of Things (IoT) devices, offering diverse benefits to end-users, from smart homes to healthcare monitoring, but raising serious privacy concerns. To address this, securing efforts, such as encrypting DNS, have been proposedIn this paper, we study the effectiveness of such measures in the specific context of ensuring IoT privacy. We introduce a device identification attack against DNS-over-HTTPS-enabled IoT devices. We conduct more than 25,000 automated experiments across 6 public DNS resolvers and find that the proposed attack can identify devices via DNS-over-HTTPS (DoH) traffic with a 0.98 balanced accuracy. We point out padding as a mitigation technique that reduces identification by a significant 33%. Additionally, we find that half of the evaluated DNS resolvers do not adhere to the relevant specification, substantially compromising user privacy.

Download activity - last month

Export as CSVXMLJSON

Download activity - last 12 months

Export as JSONXMLCSV

Downloads by country - last 12 months

Export as JSONCSVXML

Archive Staff Only

View Item