Rachael Jones, the Center for Media Law and Policy’s new Research Fellow, is the co-author of an article published this month in the International Journal of Information Security. Congratulations, Rachael!
The article is titled “OnionDNS: a seizure resistant top-level domain.” It addresses the growing issue of Internet domain name seizures, noting the significant due process concerns that flow from this government practice. The authors propose a type of domain system, OnionDNS, that would provide a method of curtailing improper seizures by implementing safeguards in the design of the domain name system. First, the OnionDNS root services exists as a hidden service on the Tor network. Second, the proposed system is designed to protect its users by housing operations entirely outside of the United States, requiring any government seizure to pass through several hurdles—including foreign government cooperation. Thus, OnionDNS would not only curtail improper domain seizures as a tool of censorship, but also impose due process safeguards for domain name registrants.
From the abstract:
The Domain Name System (DNS) provides the critical service of mapping canonical names to IP addresses. Recognizing this, a number of parties have increasingly attempted to perform “domain seizures” on targets by having them delisted from DNS. Such operations often occur without providing due process to the owners of these domains, a practice made potentially worse by recent legislative proposals. We address this problem by creating OnionDNS, an anonymous top-level domain and resolution service for the Internet. Our solution relies on the establishment of a hidden service running DNS within Tor and uses a variety of mechanisms to ensure a high-performance architecture with strong integrity guarantees for resolved records. We then present our anonymous domain registrar and detail the protocol for securely transferring the service to another party. Finally, we also conduct both performance and legal analyses to further demonstrate the robustness of this approach. In so doing, we show that the delisting of domains from DNS can be mitigated in an efficient and secure manner.
The citation for the online version of the article is Scaife, N., Carter, H., Lidsky, L. et al. Int. J. Inf. Secur. (2017), https://doi.org/10.1007/s10207-017-0391-z.