UC Irvine

DNS-over-HTTPS (DoH) is one major effort to protect DNS confidentiality and integrity, which has been deployed by most of the popular browsers. However, we found this effort could be tainted by the downgrade attack, which exposes the content of DNS communications to attackers like censors. Specifically, we examined 6 browsers with 4 attack vectors that are relevant to our attack model and found all combinations that lead to successful attacks. The fundamental reason is that all browsers enable Opportunistic Privacy profile by default, which allows DoH fall backs to DNS when DoH is not usable. However, it is still concerning that none of the browsers attempt to notify users when such a change happens and some browsers take a long time to recover to DoH. At the end of the paper, we propose some countermeasures and we call for discussions from the Internet community to revisit the standards and implementations about DoH and usage profiles.