| Title | : | YODA: Covert Communication Channel over Public DNS Resolvers |
| Speaker | : | Sandip Saha (IITM) |
| Details | : | Tue, 23 Apr, 2024 10:00 AM @ SSB-233 |
| Abstract: | : | IoT and embedded devices heavily rely on the Domain Name System (DNS) to connect with their backend servers. DNS converts domain names into IP addresses. Public DNS resolvers have become more popular as the need for reliable and secure DNS resolution increases, making them an attractive choice for IoT and embedded systems with limited computing power. However, public DNS resolvers also introduce vulnerabilities as they utilize shared public caches. The adversary can use these shared public caches to build covert communication channels to retrieve security-critical information.
To demonstrate this concern, we introduce YODA, a covert communication channel that operates over public DNS resolvers. We show how confidential data can be exfiltrated from compromised systems and transmitted to a remote adversary. Unlike the state-of-the-art, YODA cleverly utilizes DNS queries for well-known domains, ensuring that the adversary's identity remains hidden, which makes it challenging to block YODA through domain name filtering. We demonstrate our attack on popular public DNS resolvers, such as Google, Cloudflare, Quad9, OpenDNS, and LibreDNS, to highlight the potential risks faced by IoT and embedded systems. Web Conference Link : https://meet.google.com/tui-nbnt-yup |
