Design and Implementation of a Lightweight Privacy extension of DNSSEC protocol Tariq Saraj 1 , Muhammad Yousaf 2 1,2 Department of computing Riphah Institute of systems Engineering, RIU Islamabad, Pakistan tariqsaraj@gmail.com, Muhammad.Yousaf@riu.edu.pk Abstract— The intrusive gathering of DNS protocol artifacts can reveal the significant amount of information about an Internet user. The information carried in DNS transaction, if collected through some pervasive monitoring (PM) and analyzed can result in a serious threat to an individual privacy. DNSSEC provides protection for DNS data integrity and also data origin authentication only. In this research activity, a careful study of all existing techniques is made. Currently, there is no solution exists to be deployed to deprive the PM attack. This research work is an extension for DNSSEC against PM. A lightweight mechanism is proposed and implemented over an experimentation setup, intended to provide confidentiality for DNS transactions without disturbing the core functionality of the DNS protocol. Performance of the proposed solution is evaluated by measuring the DNS query request and response time. Further, a comparison is made by comparing query resolution time of proposed solution with the query resolution time of plaintext DNS message exchange by conducting various scenarios. Keywords— Security, Privacy, Attack, Attack surface, monitoring, DNS, IP, Domain, Risk, Threat, Recursive, Cache I. INTRODUCTION Personally identifiable information (PII) also termed as personal information is used to distinguish an individual among the group of people. Access to such information of an individual without any consent can result in contributing to identity theft, blackmailing, and an embarrassment for both the individual and the organization [1]. DNS data is publically available without any restriction, but the metadata contains information about an Internet user if collected through pervasive monitoring during DNS transactions and analyzed can pose a serious threat to that end- user privacy [2]. DNS is considered to be one of the most dangerous protocol from a privacy perspective [3]. Mostly, activities on the Internet is based on DNS [4]. An Internet user when to start an activity on the Internet such as visiting a website, at least, one DNS query is sent to the user's Internet Access Provider (IAP). The IAP then performs several DNS lookups for the purpose of synchronization with the end- user device. These lookups reveals information about an end- user that who is the current provider of Internet access, information about the device the user is currently using, the operating system running on that device, what kind of social network websites that user is connected to, what instant messaging server(s) the user is connected to and so on. A worst-case scenario is that when a user is under covert surveillance by an eavesdropper while retrieving an MX record for a mail server or an A/AAAA record for a domain on regular basis. This can help an attacker in profiling a targeted individual's behavior. If all other protocols become more privacy aware and secured against PM still the DNS/DNSSEC becomes the weakest link to end-user privacy [4] due to its clear-text transaction messaging. It is difficult to provide end-to-end confidentially for DNS/DNSSEC transactions in DNS resolution process due to the reconciling nature of deployed DNS infrastructure [5]. The DNS protocol was designed intended to perform simply the address resolution for a given domain name to an IP address and vice versa [6]. The current DNS protocol is vulnerable to the vulnerabilities as shown in Figure-1 [7]. DNSSEC provides solutions to these vulnerabilities by the two core mechanisms "Data Integrity" and "Data origin Authenticity". As DNS and DNSSEC message exchange in clear-text, the lack of privacy consideration of communicating parties in current standards due to the absence of provisioning communication channel confidentiality. Pervasive Monitoring (PM) can reveal significant information about communicating parties. The IETF defines pervasive monitoring as an attack [1]. The primary focus of this work is to develop a mechanism that provides confidentiality between DNS Client (Stub-Resolver) and Recursive Resolver. It may also later consider a mechanism that provides end-to-end confidentiality. A detailed DNS privacy considerations concerns are discussed in [9]. The next section is composed of the literature survey of existing solutions about privacy concerns due to PM in DNS/DNSSEC. II. EXISTING TECHNIQUES Personal Information is widely described as personally identifiable information (PII) [1]. Any information that can result in distinguishing an individual from other individuals or trace an individual identity is subjected to as PII. The IETF DNS PRIVate Exchange (DPRIVE) working group has developed mechanisms to provide confidentiality to DNS transactions. The concerns raised in [8] IETF document has