Inline Traffic Analysis Attacks on DNS over HTTPS

Even though end-to-end encryption was introduced to Domain Name System (DNS) communications to ensure user privacy and there is an increase in adoption of DNS over HTTPS (DoH), prior research has demonstrated that encrypted DNS traffic is vulnerable to traffic analysis attacks. However, these attacks were demonstrated under strong assumptions such as handling only closed-set classification or doing only post-event analysis. In this work we demonstrate traffic analysis attacks on DoH without such strong assumptions. We first show the feasibility of website fingerprinting over DoH traffic and present an inline traffic analysis attack that achieve over 90% accuracy using DoH traces of length as short as ten packets. Next, we propose a novel open-set classification method and achieve over 75% accuracy on both closed-set and open-set samples for the open-set scenario. Finally, we demonstrate that the same attack can be performed without any knowledge on the start of the activity.