基于隐私保护技术的DNS通信协议

DNS communication protocol with consideration of networking privacy

域名系统(DNS)是互联网基础服务,是互联网访问的重要入口,域名隐私保护是DNS安全的研究热点。提出了一种基于用户数据报协议(UDP)的DNS传输中用户隐私保护的加密方法:DNSDEA(DNS data encryption algorithm)。该方法采用PKI加密体系与DNS协议相融合,不仅解决了域名隐私保护问题,而且与传统DNS体系相兼容,保持了DNS系统的简单、高效的技术特点。与当前的DNS加密方法相比,DNSDEA提高了任务并行的并行化粒度,降低了加密情况下DNS查询的延时。

The domain name system(DNS) is an essential service of the Internet to provide the mapping service for domain names and IP addresses, as one of the most important addressing services of the Internet. It is an open and interconnected platform and an important portal for the Internet access. The domain name privacy protection is one of the hot issues in the DNS security in recent years. The DNS data encryption algorithm(DNSDEA) is proposed to encrypt the DNS queries and responses between the client and the DNS server over the user datagram protocol(UDP) to protect the user privacy. This algorithm solves the problem of the domain name privacy protection, and is compatible with the traditional DNS system. It maintains the simple and efficient technical characteristics of the DNS system. Compared with the current encryption methods, this approach could increase the granularity of the DNS lookup parallel algorithm,reduce the latency and improve the concurrent DNS queries. Finally, from the technical level, some reference suggestions are made for the research of the subsequent communication encryption applications and for the DNS secure resolution performance.