A Comprehensive Study of DNS-over-HTTPS Downgrade Attack


Qing Huang, University of California, Irvine; Deliang Chang, Tsinghua University; Zhou Li, University of California, Irvine


DNS-over-HTTPS (DoH) is one major effort to protect DNS confidentiality and integrity, which has been deployed by most of the popular browsers. However, we found this effort could be tainted by the downgrade attack, which exposes the content of DNS communications to attackers like censors. Specifically, we examined 6 browsers with 4 attack vectors that are relevant to our attack model and found all combinations that lead to successful attacks. The fundamental reason is that all browsers enable Opportunistic Privacy profile by default, which allows DoH fall backs to DNS when DoH is not usable. However, it is still concerning that none of the browsers attempt to notify users when such a change happens and some browsers take a long time to recover to DoH. At the end of the paper, we propose some countermeasures and we call for discussions from the Internet community to revisit the standards and implementations about DoH and usage profiles.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {257160,
author = {Qing Huang and Deliang Chang and Zhou Li},
title = {A Comprehensive Study of {DNS-over-HTTPS} Downgrade Attack},
booktitle = {10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20)},
year = {2020},
url = {https://www.usenix.org/conference/foci20/presentation/huang},
publisher = {USENIX Association},
month = aug

Presentation Video