Efficient Privacy Preserving Multicast DNS Service Discovery

Daniel Kaiser, Marcel Waldvogel (2014): Efficient Privacy Preserving Multicast DNS Service Discovery. In: Workshop on Privacy-Preserving Cyberspace Safety and Security (CSS), 2014.

Abstract

In today’s local networks a significant amount of traffic is caused by Multicast DNS Service Discovery (mDNS-SD), a prevalent technique used for configurationless service distribution and discovery. It allows users to offer and use services like device synchronization, file sharing, and chat, when joining a local network without any manual configuration. While this is very convenient, it requires the public exposure of the offering and requesting identities along with information about the offered and requested services, even when services do not need to be public. Some of the information published by the announcements can be very revealing, including complete lists of family members. Another problem is the huge amount of multicast traffic caused, which is especially relevant for large WiFi networks.
In this paper we present a privacy extension that does not publish private information and reduces the number of packets sent while still not requiring any network configuration except for an initial pairing per pair of users. A key feature of our solution is the ease of upgrading existing systems, a must for widespread deployment and acceptance. We developed an implementation based on the open-source Avahi daemon to show the feasibility of our privacy extension. Our solution grants tunable privacy and reduces multicast traffic without affecting user experience.

BibTeX (Download)

@inproceedings{Kaiser2014Efficient,
title = {Efficient Privacy Preserving Multicast DNS Service Discovery},
author = {Daniel Kaiser and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2014/08/Kaiser2014Efficient.pdf},
year  = {2014},
date = {2014-08-23},
booktitle = {Workshop on Privacy-Preserving Cyberspace Safety and Security (CSS)},
abstract = {In today’s local networks a significant amount of traffic is caused by Multicast DNS Service Discovery (mDNS-SD), a prevalent technique used for configurationless service distribution and discovery. It allows users to offer and use services like device synchronization, file sharing, and chat, when joining a local network without any manual configuration. While this is very convenient, it requires the public exposure of the offering and requesting identities along with information about the offered and requested services, even when services do not need to be public. Some of the information published by the announcements can be very revealing, including complete lists of family members. Another problem is the huge amount of multicast traffic caused, which is especially relevant for large WiFi networks.
In this paper we present a privacy extension that does not publish private information and reduces the number of packets sent while still not requiring any network configuration except for an initial pairing per pair of users. A key feature of our solution is the ease of upgrading existing systems, a must for widespread deployment and acceptance. We developed an implementation based on the open-source Avahi daemon to show the feasibility of our privacy extension. Our solution grants tunable privacy and reduces multicast traffic without affecting user experience.},
keywords = {DNS-SD, Multicast, Privacy, Service Discovery, Zeroconf},
pubstate = {published},
tppubtype = {inproceedings}
}

2 Gedanken zu „Efficient Privacy Preserving Multicast DNS Service Discovery

  1. Andreas Dittrich

    I just stumbled across the latest two papers. They are indeed interesting because they are related to the work I do, although I do not focus on security but on real-time properties of service discovery, especially multicast-based discovery. You can check out the posts on my blog on the topic which contain links to the publications. I’d be happy to discuss possibilities for collaboration in case you are interested.

    • Marcel Waldvogel Autor des Beitrages

      Good point! Thank you for mentioning performance; especially Figure 8 shows one of my favorite claims: rethinking an old protocol for security and privacy often leads to a more efficient solution.

Schreibe einen Kommentar