Enc-DNS-HTTP: Utilising DNS Infrastructure to Secure Web Browsing

,


Introduction
Digital information and electronic services are delivered to users through the Internet.Information and services are often sensitive, particularly in applications such as online banking, which requires secure transactions [1].Services are provided through a web server, and the user contacts the server by using an Internet browser such as Internet Explorer (IE) or Google Chrome.The client and server communicate using Hypertext Transfer Protocol (HTTP).
Modern web security relies on a combination of Secure Sockets Layer/Transport Layer Security (SSL/TLS) with HTTP, and this is known as Hypertext Transfer Protocol Secure (HTTPS).However, almost all browsers and servers apply SSL/TLS to secure information transactions [2].
SSL uses server certificates to publish the public keys of server; each of these certificates is signed by a trusted third party, known as the Certificate Authority (CA).SSL protocol consists of two phases, the handshake phase and the data transfer phase, and the details of these are discussed further in Section 2. The handshake phase includes the sharing of both the server certificate and a symmetric algorithm key.Handshake messages are sent in plain text until the server successfully transmits the certificate to the client.In this context, data transfer is protected by a symmetric cipher.
These plain text messages in the handshake phase are particularly targeted by attackers, threatening HTTPS security.Attackers exploit a loophole by impersonating the web server and stealing user information; this approach capitalises on the user's habit of typing a Uniform Resource Locator (URL) without specifying HTTPS.Attackers deceive the client by making it appear that the web server is using HTTP without security.Such attacks are known as Man-in-the-Middle (MITM) sniffing and stripping attacks.

Security and Communication Networks
In simple terms, a web server is identified by the web browser using Internet Protocol (IP).The browser obtains the server's IP address from a Domain Name System (DNS) server by sending a DNS query, which contains the domain name (DN).The DNS server replies with the server IP, and the browser program then sends an HTTPS request with the destination IP set to this server IP.In the interests of safety, HTTPS secures client-server communication by encrypting HTTP.However, attackers can take advantage of the unsecured DNS communication by spoofing these DNS messages and replacing the server IP with the attacker's IP.The web browser then sends an HTTPS message to the attacker's IP as the destination server.If the attacker deploys a website to answer the client request, then the attack is undetected.Such attacks are known as DNS spoofing or phishing [2].
The main contributions of this paper to network security are as follows: (i) We address the question of how to protect the privacy of the user while browsing the Internet.To this end, we present the Enc-DNS-HTTP scheme which protects a user surfing the Internet from attacks by encrypting both DNS and HTTP messages using asymmetric and symmetric cipher algorithms.
(ii) The proposed scheme can resist MITM disclosure sniffing and stripping attacks against the communication between the client and the web server.
(iii) The proposed scheme prevents an attacker from modifying the real web server IP through a DNS attack.
(iv) The scheme is applicable to and compatible with current Internet hardware infrastructure.Within this context, DNS and HTTP messages are maintained without affecting functionality.
(v) In terms of computational cost, the scheme is shown to outperform HTTPS for high performance value.
The remainder of this paper is structured as follows: Section 2 provides preliminary and contextual information; Section 3 defines the problem addressed in this work; Section 4 describes prior work related to this issue; Section 5 explains the proposed scheme; Section 6 presents the implementation of the Enc-DNS-HTTP scheme in detail; Section 7 presents the experiments carried out to verify this scheme; Section 8 presents the results of experiment and a discussion; Section 9 explains the security analysis carried out; and the final section presents the conclusion.The Browser Authority (BA) is the creator of the clientside browser program, which has both private and public keys.The public key is distributed to the client by the browser.

Exchanged Messages
(i) Msg represents a random message.For example, a term that  sends as a Msg to WS is denoted as follows: → WS: Msg.
(ii) The term that  sends as a Msg to WS called  and containing  is denoted as follows: → WS:  () .
(2) For simplicity, we distinguish asymmetric encryption and decryption as we would symmetric encryption and decryption, in which each uses a separate key.

HTTPS.
Internet privacy is provided by securing the HTTP connections between web browsers and web servers; this is known as HTTPS.

HTTP.
HTTP is used to access data on the World Wide Web (WWW) and is used as the protocol for data communication.HTTP transactions use the services of Transmission Control Protocol (TCP) on port 80, where the primary HTTP messages are requested and responses are received between client and server.HTTP does not support security, and is a stateless protocol [3].

SSL/TLS.
The SSL protocol and its successor, the TLS protocol, are standardised protocol suites which were introduced by Netscape in 1995 to provide secure communication between a client and server over an insecure network.SSL/ TLS protects information transmission using a symmetric cipher with a key, whose key component is shared by an asymmetric cipher.Server authentication is accomplished via digital certificate by applying X.509 technology [4,5].SSL/TLS achieves confidentiality by using encryption; it ensures integrity through the use of a message authentication code, which is a hash function with a key, and authentication by a digital certificate.A client can validate a server certificate using the CA's public key, which is possessed by the client and typically preinstalled into the web browser [6].
SSL/TLS is composed of two layers: the upper layer, which contains the Handshake protocol for establishing a session and the Alert protocol for communicating error messages and application protocols; and the lower layer, which includes the Record protocol for exchanging messages using current connection parameters, obtained from the upper layer [5,7].
The simplest scenario for establishing a session using SSL is shown in Table 1, where messages (M1) and (M2) define the first phase of SSL/TLS.The first phase is cipher suite negotiation, which sets and shares the symmetric cipher key parameters RN  and RN WS .Message (M3) is the server certificate that contains the server public key.
The second phase is symmetric cipher key construction, which is initiated by (M4).Messages (M5) and (M7) communicate that all further messages will now be encrypted by using the key and the symmetric cipher previously agreed upon.The final phase is secure transmission, assuming that the nodes manage to decrypt the finished messages.The Record protocol continues after the final phase until the session is terminated or destroyed [8][9][10].

DNS.
DNS is a distributed database that translates DNs into IP addresses.The TCP/IP suite uses an IP address to route packets; however, the host name is more appropriate for human readability [11,12].
As DNs must be globally unique, a hierarchical name space is used as the DN space; this is designed in the form of a tree structure, with the root at the top.Each node in the tree has a label, which is a string of characters, although the root label is an empty string.However, DN is a sequence of labels separated by dots from the node up to the root.
The DN space is distributed across numerous computers known as DNS servers.The division of DN space is based on the domain, which is a subtree of the DN space, and is sometimes known as the zone.The name of the domain is the name of the node at the top of the subtree [3].
DNS servers store domain information in a data structure known as a Resource Record (RR).Each RR has an associated name, class, and type.A Resource Record Set (RRset) describes a situation in which multiple RRs are associated with the same name; in this case, the domain has more than one IP [11].
DNS is designed as a client-server application.Within the client-side application of DNS, a resolver receives the DN from the browser and sends a mapped request query to the DNS server.The two types of DNS messages are described below [3]: (i) DNS query: the resolver creates a DNS query that contains an identifier (ID).The ID differs for each message and port number.The Question section of the DNS query is filled with the DN.
(ii) DNS response: the server creates a DNS response; this contains the same ID in order to identify the query.The Question section contains the DN, while the Answer section contains the IP, authoritative section, and additional information section.
DNS messages are sent without encryption or authentication, thereby increasing the risk of attack.DNS is vulnerable to spoofing and cache poisoning attacks, which are intended to redirect client traffic to an attacker's machine or a fake website [13][14][15].In this work, the company which created the browser will be referred to as the Browser Authority.

Problem Definition
Each client connects to the Internet through a router, which provides the client with an IP  , DNS IP DS , and the router's own IP  as a gateway.Internet surfing typically begins when the user enters the URL in the CB; the browser program then carries out the following steps.
Step 1. CB fetches DN from URL and submits DN to DNS resolver.
Step 2.  sends Address Resolution Protocol (ARP) request with gateway IP  .Step 3.  responds with its MAC  to .
Step 4. DNS resolver creates a DNS query containing DN and sends the query in LAN using MAC  to the Internet using IP DS .
Step 5.  receives DNS reply from DS through  carrying IP WS .
Step 6.The resolver delivers IP WS to CB.
Step 7. CB creates HTTP request containing URL and sends the request through LAN using MAC  and through the Internet using IP WS .
Step 8. WS responds to  with the service requested, such as an HTML page.
All DNS and HTTP messages are transferred in plain text without the use of an encryption process to maintain security, and this makes the model vulnerable to various types of attack.

Statement of the Problem.
The problem is how to secure web browsing, or rather, how to secure message transfers in the Internet model.A trivial solution is the use of SSL/TLS to secure HTTP traffic, referred to as HTTPS.However, this model is vulnerable to various attacks, and several of these are described further in Section 9.1.
Unfortunately, SSL secures HTTP and leaves DNS unsecured; this can then be exploited by DNS spoofing attacks if ATT is in the same LAN as  (Table 2), or by DNS poisoning attack if ATT is on the Internet (Table 3).
During the browsing process, even if HTTP transacts securely using SSL, the MITM attack finds a loophole in the protocol by sniffing and stripping attacks.DNSSEC [16] has been proposed in place of SSL for securing DNS messages and the Internet; however, this has not been employed due to its complexity and poor performance, as discussed further in Section 4.1.

Related Work
Protecting web browsers from attackers has attracted a great deal of research attention, due to the plethora of data transactions and information on the Internet.SSL/TLS has been deployed for securing HTTP transactions and has been the focus of both developers and attackers worldwide.SSL vulnerabilities have been known for several years, and several suggestions have emerged in the literature for replacing, modifying, or complementing SSL/TLS.The primary approaches which have been proposed for web security can be categorised as follows.

Utilising DNS.
The approaches in this category secure the web through the use of the DNS server, which is part of the infrastructure of the Internet.DNSSEC was created to secure DNS messages and to protect the web from major attacks such as DNS spoofing and has been proposed for use in sharing web server public keys.However, DNSSEC suffers from certain problems which have hindered its wider adoption [11].
DNSSEC uses various signature algorithms and hash functions; however, no standard has been agreed on for the specification of a single algorithm or function.Consequently, the DNS server sends to the client resolver a response containing all the keys and signatures which are supported; this results in higher consumption of bandwidth and processing time and lower performance.The authors of [17] have proposed a cipher suite negotiation which selects the strongest algorithm from the DNS server list as the negotiation parameter.This is then sent in plain text, which places the communication at risk of a MITM attack which tricks both client and server into using a weak algorithm by changing the client list, after which it would be straightforward for the attacker to break the security.
DANE [18] and CAA [19] are IETF standards that propose the use of DNS infrastructure to validate web server certificates.DANE is a method based on the use of DNSSEC, while CAA may use DNSSEC as an option; DANE is therefore affected by all the vulnerabilities of DNSSEC.Both standards In addition, transfer of the public key remains in plain text, meaning that it can still be forged using a MITM attack.

Improvement or Enhancement on the Existing SSL/TLS.
Although SSL/TLS has been proposed for securing HTTP messages, as described in Section 2, attackers have discovered vulnerabilities [20].The majority of attacks on SSL/TLS do not target the cryptographic core but instead exploit protocol vulnerabilities or intercept communicating nodes, as in MITM.
Typing the URL without HTTPS is a bad habit by users which exposes the communication to a stripping MITM.Numerous enforcement mechanisms have been proposed to prevent the success of MITM attacks, such as SHS-HTTPS [21], ISAN-HTTPS Enforcer [22], and HTTPSLock [23], all of which use client-side scripting to redirect the URL to HTTPS before sending the request.However, although this script enforces the request, it does not enforce the response, which may be from an attacker.
SSLock [24] and HSTS [25] use extra header fields which are attached by the web server, but few browsers or web servers support such method.The HTTPS enforcement technique is immune to stripping MITM attacks; however, protection from sniffing MITM attacks rests on the browser, which displays a warning message indicating a self-signed certificate.At this point, most users opt to accept by pressing the "safe" button, and this is another bad habit.
Aziz et al. [26] proposed extending TLS for integrity assurance against replay attacks and collusion attacks by using the Trusted Platform Module (TPM).TPM is a builtin hardware security chip embedded in the motherboard and is separate from the central processing unit (CPU).TPM includes cryptographic mechanisms for both host and program security.This approach is based on a hardware solution, which is not available to every user, and affords limited protection.
Elgohary et al. [27] have proposed an enhancement for SSL/TLS protocols by caching or storing a client session for future use, rather than repeating the entire communication process.However, the enhancement only benefits performance and not security.

The Proposed Scheme (Enc-DNS-HTTP)
The objective of this work is to secure Internet data transfer by securing web browsing or HTTP messages.The term "secure" refers to encryption and authentication which can withstand attacks.
In order to meet this objective, the proposed scheme distributes PK WS using a DNS server with BA authentication.The client and web server establish a session using PK WS .At the beginning of the session, the two nodes negotiate the symmetric cipher technique and the key value to be used.The information is transferred securely, using the agreed authenticated key and techniques.
The proposed scheme does not change the Internet device infrastructure or the messaging procedure, and browsing continues to begin with DNS queries followed by HTTP messages.The proposed changes will be in the message contents, where we assume the following:   in Table 5 presents the details of the Internet browsing phase, which begins by entering a URL in CB.CB then sends DN WS to the DNS resolver program.The resolver then extracts IP DS from the network setting, encrypts DN WS using PK DS , and sends a query to DS.The reply carries IP WS and PK WS signed by BA, whereas the client obtains IP WS and PK WS by using PK BA , which is stored in CB.
In more detail, the process is as follows: CBs generate RN  with CSL, encrypt them with PK WS , and send the result as an HTTP message to WS using IP WS .Next, WS generates RN WS encrypted with CSC and sends it to .The hash function value from RN  and RN WS is SK for both sides. uses SK  to encrypt the HTTP request message, and WS uses SK WS twice, in decrypting the client request and sending the encrypted response to .If no further messages are transmitted between  and WS, then both sides will delete SK.The sequence used by this protocol is illustrated in Figure 2.

Implementation
Ubuntu Linux 12.04 LTS [28] is used as a platform for implementation and experimentation.The proposed scheme is implemented with  programming language, which allows network programming through the socket library.HTTP and DNS servers are implemented separately to be flexible and to manage DNS query and HTTP request programs implemented separately on the client side.For the purpose of ignoring user delays when typing URL, the client-side program reads URL from a file.
6.1.Cryptography Programs.RSA and SHA1 algorithms are implemented according to [29].RSA key generation implemented stored each key in a different file to manage and distribute server keys.SHA1 result was stored in a file, which represented the symmetric cipher key.
The  program code for triple DES was from OpenSSL [30] to make a fair comparison with SSL.Cipher Block Chaining (CBC) was utilised for triple DES operation mode.Triple DES uses three different 64-bit keys, which were provided by the keys derived from SHA1 result file.
The output of the cryptography algorithm is usually ambiguous unrecognized characters, which were compensated for by the implementation programs that read and transferred the results as hexadecimal numbers.

DNS Programs.
DNS is divided into server-side and client-side programs.The server-side program listens on port 53 for incoming queries.When a client query arrives carrying DN WS , the server replies with Enc(IP WS ; RK BA ) in the answer section and Enc(PK WS ; RK BA ) in the additional section of the message.
The client-side program sends a DNS query; this fetches DN WS from the URL file, creates a DNS query, and sends the query to the host, whose IP is saved in the resolv.conffile.Following this, the client-side program receives a DNS reply and extracts Enc(IP WS ; RK BA ) and Enc(PK WS ; RK BA ) from the server reply message.Finally, the  The HTTP client-side program uses IP WS , received from the DNS server, to set the destination address.The client program has two main messages.The first negotiates the symmetric cipher algorithm to be used with the server and shares the key parameter.The second message reads the URL from the URL file, encrypts the request using SK, and sends an HTTP request to the server.Finally, the client decrypts the received content from the server using SK and saves the result in a file.

Experimental Testing
A network with five hosts was built to test the Enc-DNS-HTTP protocol.Four hosts ran the Ubuntu Linux operating system, whereas one host ran Kali Linux [31], in order to use the attacker programs and tools.The first Ubuntu host represented WS; this ran the HTTP server-side program and possessed the cryptography programs.The second Ubuntu host represented DS and ran the DNS server-side program.
The third Ubuntu host operated as the client; this contained the DNS client program, the HTTP client program, and all cryptography programs.The client programs together made up CB.The final Ubuntu host had three network connections, in order to simulate the router, enable the IP_forward property for directing the packet to the correct network interface, connect all hosts to different IPs to simulate each host in a different network, enable DHCP-setting for the assignment of the DNS IP, and save IP in the resolv.conffile.
The client and the attacker were connected to the same LAN, as illustrated in Figure 3. Table 6 shows the host properties and contents.Prior to the experiment, all server keys were created using RSA key generation and stored in different files.It was assumed that the registration phase in the proposed scheme had been executed earlier, since this phase runs only once for each WS.
WS was installed with the Apache 2.4 HTTP server [32] and  was installed with the Curl 7 web browser [33] for the purpose of comparing results.WS was loaded with five HTML pages of different sizes: (a) HTML 100 Byte, (b) HTML 1 KB, (c) HTML 10 KB, (d) HTML 100 KB, and (e) HTML 1 MB.Each page was called four times in order to calculate the average time for the experiment.Wireshark software [34] was used for the capture and analysis of traffic.
In this experiment, the robustness of the proposed Enc-DNS-HTTP was tested under two conditions: firstly without an attack and then with an attack.The first condition represents the unsecured mode of Apache HTTP, the HTTP program, Apache HTTPS, and Enc-DNS-HTTP, whereas the second illustrates Apache HTTPS and Enc-DNS-HTTP in secure mode.
The experimental results from the proposed scheme in a real multisession are reported for the five different HTML pages.These pages were called four times under both conditions, and the performance of the proposed scheme was evaluated in terms of efficiency and effectiveness.The steps involved in the experimental procedure were as follows:   This procedure was executed without attack for Apache HTTP, programmed HTTP, Apache HTTPS, and Enc-DNS-HTTP.In the attack situation run for HTTPS and Enc-DNS-HTTP, CB called each of the five pages once, and ATT ran the Wireshark program to capture network packets.

Attacker Models.
The DNS spoofing attack procedure used was as follows: (1) ATT connects to the LAN network and obtains an IP from .
(2) ATT runs ARP poisoning to redirect packet transfers to his computer; ARP poisoning is performed by sending periodic ARP replies to  and .
(3) ATT runs DNS spoofing to change IP WS in DNS reply, if DN WS in the packet matches DN in a file.ATT must know DN in advance.
(4) If DN WS matches, IP WS is changed to IP ATT ; in this experiment, this led to a DoS, as ATT did not implement a web page.Otherwise, the packet is forwarded to its destination.
The SSL stripping attack procedure used was as follows: (1) ATT connects to the LAN network and obtains an IP from .
(2) ATT runs ARP poisoning to redirect packet transfers to his computer; ARP poisoning is performed by sending periodic ARP replies to  and .
(3) ATT runs SSL stripping to identify HTTPS traffic from  and forwards it to WS.When WS responds with HTTPS, ATT deceives  and responds with HTTP to .
obtains service through HTTP, rather than HTTPS, and ATT can read and modify all information from .

Results and Discussion
The results indicate the robustness of Enc-DNS-HTTP; the scheme is implemented using the  programming language and focused on the essentials of Internet browsing.A comparison of this scheme with Apache HTTPS is inappropriate, since the Apache server is built on complex procedures which require more time to execute.The results show that normal browsing with  programming language and the Apache HTTP server results in at least an approximate machine delay difference, which can be applied to encrypted browsing situations.
The results of this experiment show that Apache HTTP and programmed HTTP performed similarly in terms of operation time and media delay in unsecured conditions.In contrast, Enc-DNS-HTTP performs better than Apache HTTPS in the secure condition.In other words, Enc-DNS-HTTP can ensure the privacy of information transfer within the network.
In the discussion of the results given below, the term "normal HTTP" is used to refer to the programmed HTTP implemented without encryption and the normal HTTP Apache server."Encrypted HTTP" refers to the programmed HTTP implemented with encryption as Enc-DNS-HTTP, as well as HTTPS run using the Apache server."Encrypted HTTP under attack" refers to encrypted HTTP attacked by DNS spoofing.

DNS Messages.
The messages between  and DS are exclusively DNS messages.Figure 4 shows the DS machine's average time delay, which is calculated from 20 DNS query-reply pairs, except for the attack situation, which is calculated from five DNS query-reply pairs.Figure 5 shows the media average time delay calculated for each DNS query-reply pair from the client side.The time difference between reply and query messages, minus the DS machine's time, is the media delay.
Normal HTTP shows minimal difference in Figure 4, due to the message sizes given in Table 7.A large variation in machine timing is observed in the encrypted HTTP, since Enc-DNS-HTTP uses cryptographic programs.Moreover, the message size is large, since PK WS is assigned to the additional section of the reply.However, since Apache HTTPS does not encrypt DNS messages, the value is approximately equal to that of normal HTTP.
Figure 4 clearly shows that the protocol proposed in this work requires more time, due to the use of the encryption process.The additional time cost of this scheme may be considered reasonable in order to achieve the security of DNS messages.
In the attack situation, no differences in terms of time were observed in the encrypted HTTP caused by the DS machine delay.However, media delay was affected, as shown in Figure 5, since DNS messages pass through the attacking machine, causing an additional delay.The DNS spoofing attack is based on a list of DNs stored in a file, and the DN is compared for each reply message.If one matches, the IP is then replaced; in this attack procedure, the media delay for HTTPS becomes large in the process of replacing IP WS value.It should be noted that the attacker cannot identify DN in the reply message when using the proposed scheme, since DN is encrypted with PK DS , and only DS can produce the correct DN.
Under the proposed scheme, the DNS reply message is received by  carrying IP WS , whereas, in Apache HTTPS,  carries the fake IP of the attacker.Although the DS machine time is increased with the use of Enc-DNS-HTTP, this scheme protects the browser from attack.Again, as can be seen in Figure 5, the Apache HTTPS induces a higher delay, since the time taken for the ATT to find the DN WS match in the DNS response and subsequently replace IP WS with IP ATT causes a delay in the response.

TCP Messages.
and WS communicate through TCP messages, which carry user requests in the form of URLs.WS responds through HTML.The average time delays for the WS machine, shown in Figure 6, demonstrate that Enc-DNS-HTTP is superior even under attack.No curve is shown for Apache HTTPS in an attack situation, since this is vulnerable to the attack, causing a DoS for .
Figure 6 indicates that the page size affects the WS delay.After the fourth page, machine delay scatters, and Apache requires the largest time for both HTTP and HTTPS.The delay time of Enc-DNS-HTTP under attack is due solely to the use of ARP poisoning by the attacker before DNS spoofing; this sends ARP replies to WS, creating additional tasks for WS.The curve for Enc-DNS-HTTP in Figure 6 clearly shows that the process of an attack has no effect on our scheme.Figure 7 shows increases in media delay when Enc-DNS-HTTP is under attack; in this case, packets pass through the attacker's machine, adding an extra delay.The attacker forwards only TCP messages, as he cannot identify DN, which is encrypted.The performance of both the Apache HTTPS and our scheme within the framework at transmission time is evaluated, as shown in Figure 7.The differences in time delay illustrate that the proposed scheme is faster than Apache HTTPS; this is due to the lower number of negotiation messages required by the proposed scheme.
HTTPS shows a higher media delay than Enc-DNS-HTTP, due to the number of messages transferred within the Handshake protocol.Enc-DNS-HTTP requires only two messages, whereas HTTPS requires eight, as discussed in Section 2.2.2.The number of handshake messages affects the WS machine time; this can be seen in Figure 8, where HTTPS has the largest value.Figure 8 also demonstrates the correctness of the proposed scheme in terms of server load.As expected, our scheme has a lower impact on machine delay with increasing message size, since it employs few timeconsuming operations, unlike Apache HTTPS.
Thus, Apache HTTPS and Enc-DNS-HTTP are tested on the same types of pages carried by TCP.These tests show that the number and size of negotiation messages have a large influence over the results, leading to Enc-DNS-HTTP outperforming Apache HTTPS.

Throughput.
The throughput of both our scheme and Apache is evaluated in three cases: normal, encrypted, and encrypted under attack.As can be seen in Figure 9, in the first case both methods are comparable, with average throughput; however, in the second case the difference is clear considering the DNS message size.The third case illustrates that our work is free from breach by attack and that it induces better throughput than Apache.
The difference in throughput between  and DS shown in Figure 9 is due to the size of the message.Enc-DNS-HTTP has larger DNS messages than HTTPS, resulting in a reduced throughput.Attacker interception reduces throughput, increasing the packet time delay; since the throughput of Enc-DNS-HTTP is higher than that of Apache, this is further confirmation that the attacker did not modify the reply, unlike in the case of HTTPS.
Combining the DNS and TCP message sizes and considering the request-response delay from  side gives system throughput, as presented in Figure 10.Securing HTTP will reduce system performance, which leads to decreased throughput.Although DNS spoofing lowers throughput, the attacker cannot break browsing security with fake IP in a DNS reply.However, when Apache HTTPS is used, the attacker can manipulate the DNS replies with a fake IP, resulting in no HTTPS response; this gives an infinite delay and a throughput equal to zero.
In summary, the entire protocol is analysed here in order to test its performance in terms of average throughput; the proposed scheme clearly has better throughput than Apache.In addition, the security ability of the proposed scheme is tested; our scheme performed well under the well-known Apache HTTPS attacks, since this scheme secures DNS messages and shares the WS public key, unlike Apache.
Enc-DNS-HTTP withstands DNS spoofing and SSL stripping attacks, which read the HTTPS request-response process between  and WS.With Enc-DNS-HTTP, the attacker cannot deceive  and redirect to HTTP, since the first request is encrypted.

Attack Definitions and Security Analysis
In this section, an illustration of the most well-known attacks that threaten web browsing security is presented.Following this, the security of the proposed scheme will be described and analysed.
9.1.Attacks.The theft of sensitive data from users is one of the most frequent objectives pursued by attackers.Numerous methods are employed to tempt users into providing their data over the wrong connection, which leads to the attacker's destination rather than the legitimate destination.HTTPS offers one defence against web attacks, but this suffers from vulnerabilities [35].However, the goal of attackers is generally to impersonate the server, rather than to crack HTTPS keys.The attacker intercepts traffic from the source and forwards it to the destination (and vice versa), creating an illusion of the user and server being connected normally, when in fact the attacker can modify messages and insert new ones.The most well-known attacks are detailed in the following subsections [36,37].9.1.1.MITM.According to RFC 2828, a MITM attack is "a form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data in order to masquerade as one or more of the entities involved in a communication association."In a virtual sense, the attacking machine is placed between two communicating computers, giving the attacker the capability to read, modify, or block information.The original computers believe they are connected only to each other, and neither the user nor the server is aware of the MITM [38,39].
According to [22,40] the MITM attack may employ two methods: "stripping" and "sniffing."In MITM sniffing, a forged self-signed certificate is presented to the victim as a legal web server certificate.After the user accepts the fake certificate, the user's information is compromised.However, a MITM stripping attack changes an HTTPS connection with the victim to HTTP and connects with the web server using HTTPS.The use of the HTTP connection causes the victim's information to be transferred in plain text format.

Denial of Service (DoS).
The growing number of DoS attacks imposes a significant threat to the availability of network services.A DoS attack is characterised by malicious behaviour, which prevents legitimate users of a network service from using that service [41,42].There are two principal types of DoS attack.The first is a flooding attack, which sends an excessive quantity of packets to a client victim.These packets arrive in such high quantity that a certain key resource at the victim (bandwidth, buffers, or CPU time to compute responses) is quickly depleted.The victim machine either crashes or spends so long compensating for attack traffic that it cannot attend to its real work [43].The second type of DoS attack starts as a MITM attack; however, when the attack blocks the packets sent to the client, the attack becomes a DoS.

Security Analysis
Theorem 1. Enc-DNS-HTTP is protected from DNS spoofing attack.
Proof.As mentioned in Section 7.1, in order to accomplish DNS spoofing, the attacker must know DN WS in advance and store this in a file.Enc-DNS-HTTP sends encrypted DN WS using PK DS in DNS query, and WS replies with the same encrypted DN WS , as shown in the (M1) and (M2) messages in Table 5.The encryption of DN WS means that DN WS will not match the DN known by ATT.Theorem 2. If the DNS spoofing attack stores the encrypted DN WS , then Enc-DNS-HTTP will not disclose  information.
Proof.ATT may have PK DS , since ATT is on the same LAN as .If ATT encrypts a list of DN and stores the ciphered DN in a DNS spoofing file, then the website will be identified from the  query, since both  and ATT possess PK DS .ATT saves the DNS query ID  and compares the ID of all DNS replies with ID  .Once ATT finds the matching/desired website, ATT can change IP WS .
will then suffer from DoS, since  will decrypt IP WS from the DNS reply, as shown in message (M2) in Table 5, leading to a random IP.The HTTP request will receive no response, leading to DoS.ATT can achieve DoS but cannot read the information of .Proof.Table 3 shows that DNS cache poisoning attacks depend on guessing ID 2 when IP WS is stored in a regular format.However, in Enc-DNS-HTTP, IP WS is encrypted with BA authentication using RK BA when saved, as illustrated by message (M3) in Table 4.If ATT is lucky and guesses ID 2 , the stored record will be corrupted because PK WS is an empty field; thus, the IP does not lead to WS for .Theorem 5. Enc-DNS-HTTP prevents a MITM attack from disclosing  information.
Proof.As described in Section 7.1, the first step for an ATT is to execute ARP poisoning in order to reside in a virtual sense between  and ; this results in both  and  sending all network packets through ATT.From the  standpoint, ATT masquerades as ; from the  standpoint, ATT masquerades as .However, even if all packets pass through ATT, ATT cannot read or forge any information, since the information is encrypted using an asymmetric cipher. encrypts data using PK DS for sending to DS and encrypts data using PK WS for sending to WS.In both steps, ATT is unable to read the data, as ATT has neither RK DS nor RK WS . and WS agree on a symmetric algorithm and this is the key to guaranteeing the protection of the information.Theorem 6. Enc-DNS-HTTP is protected from a MITM stripping attack.
Proof.As described in Section 7.1, in MITM stripping ATT will identify HTTPS traffic and change it to HTTP.ATT will forward a packet from , receive the WS response, decrypt the response, and send an HTTP response to .In Enc-DNS-HTTP, ATT cannot perform the second stage because he does not have PK WS , which is obtained by  from DS. Theorem 7. Enc-DNS-HTTP is protected from a MITM sniffing attack.
Proof.As described in Section 9.1.1,MITM sniffing attacks circumvent HTTPS by presenting a forged certificate, after which ATT waits for acceptance by .With Enc-DNS-HTTP, ATT cannot forge PK WS without RK BA , and ATT must poison the DNS cache.If ATT desires to fake IP WS , then this becomes a redirection task, as demonstrated in Theorems 1 and 2. Theorem 8. Enc-DNS-HTTP supports WS authentication.
Proof.As described in Section 5.2, the handshake information transferred from WS is encrypted using RK WS , which is possessed only by WS.Following this, the information from WS is authenticated.Theorem 9. Enc-DNS-HTTP supports data transfer security.
Proof.As described in Section 5.2, data are encrypted before being transferred across the network.Both asymmetric and symmetric encryption are used for the data; the symmetric key is discarded after each session, a form of one-time password.

Conclusion
The security of web browsing depends on SSL/TLS to secure a client and web server connection.MITM and Security and Communication Networks DNS attacks threaten the privacy of HTTPS using different approaches.
This paper proposes Enc-DNS-HTTP to protect web browsing and to secure client-DNS server and client-web server communications.The scheme is based on sharing a web server public key through the DNS server.The key is signed by a trusted third party, such as a web browser program creator.
The browser program begins by fetching a web server public key from a DNS server and verifying the key through a third party public key (PK BA ).Following this, the browser program sends an encrypted symmetric key parameter to the web server.After receiving the second symmetric key parameter from the server, both sides generate a secret key.Finally, the browser program requests the service from the web server.The request is encrypted with the secret key and the response will be encrypted with the same key.
The proposed scheme is implemented in the C programming language on a Linux platform.The results demonstrate the effectiveness of Enc-DNS-HTTP in protecting web browsing.In addition, throughput shows improved performance, despite the encryption affecting the communication from both the DNS and web servers.

PK:
Public key IP: Internet protocol RN: Random number Info: Information or HTML page CSL: Cipher suite list supported by the client node CSC: Cipher suite choice CB: Client browser program RK: Private key URL: Uniform resource locator SK: Secret key/session key S_ID: Session ID Msg_all: All messages exchanged between  and WS so far Sig: Authority signature DN: Domain name.

Function
Enc(; ):  is encrypted with key  Dec(; ): is decrypted with key  Enc(, , ; ): Each parameter encrypted separately with  (): H a s h e dv a l u eo f ( ‖ ): Hashed value after concatenating  and .

2. 1 .
Notations 2.1.1.Entities.Network communication consists of a client (), web server (WS), DNS server (DS), and attacker (ATT).When masquerading as a WS, the attacker is denoted as ATT[WS]; when masquerading as a , the attacker is denoted as ATT[].All entities are connected through the Internet, except when ATT is on the same Local Area Network (LAN) as either  or .The Internet gateway is the router ().
(i) Start the Wireshark program in WS, DS, and .(ii) Start the DNS and HTTP servers.

(
iii) Use CB to call five pages, four times each, within 1 min.(iv) Stop the DNS and HTTP servers.(v) Stop the Wireshark program and save the packets captured in a file.

Figure 6 :
Figure 6: Average time delay for WS machine.

Figure 7 :Figure 8 :
Figure 7: Average time delay for the media between  and WS.

Table 2 :
DNS spoofing attack.ATT within  LAN legitimately; ATT must reside between  and

Table 3 :
DNS cache poisoning attack.ATT not in  LAN; ATT must redirect the traffic to his machine.ATT opportunity: if local DS does not have IP WS , then the request is sent to zone server: HTTP_Response (HTML); dest.IP = IP  are used to authenticate website certificates, meaning that they cannot dispense SSL/TLS while browsing the Internet.

Table 4
has PK BA , RK BA , and PK DS .(ii) DNS server has PK DS and RK DS ; DNS server possesses PK BA .(iii) Every web server must have DN WS , IP WS , PK WS , RK WS , and PK BA .(iv) The client has PK BA through the browser and PK DS from the Internet Service Provider (ISP) during IP configuration.Web servers must be registered in a DNS server before they can be accessed through the Internet by clients.WS sends an encrypted request to BA, which contains PK WS .Next, BA signs PK WS and sends an encrypted message to DS, where the term "sign" means to encrypt PK WS using RK BA .The detailed registration protocol is described in . Then, WS information is stored in DS as DN WS , whereas BA has signed both IP WS and PK WS .The sequence of the protocol is shown in Figure1.5.2.Internet BrowsingPhase.The Internet browsing phase refers to the client surfing the Internet.The protocol shown

Table 5 :
WS Internet browsing protocol.SK  ) = info If there are no further messages, destroy session and delete SK  and SK WS .
WS ) = RN WS , CSC : S K  = H(RN  || RN WS ) client-side program performs Dec(Enc(IP WS ; RK BA ); PK BA ) and Dec(Enc(PK WS ; RK BA ); PK BA ) to extract IP WS and PK WS , which are delivered to the HTTP client program.
6.3.HTTP Programs.HTTP is programmed on both the server and client sides.The HTTP server listens on port 80 and has two response messages.The first message is the response to the client RN  , which is RN WS .These two values are protected using RSA, with Enc(RN  ; PK WS ) and Enc(RN WS ; RK WS ).When RN  and RN WS are entered in the SHA1 algorithm, the symmetric key file SK is produced on both sides.The second message contains the requested service, such as an HTML page, and this service is encrypted using the symmetric cipher agreed on in the previous message with SK.

Table 6 :
Properties and contents of hosts.

Table 7 :
Sizes of DNS messages.

Theorem 3 .
A DNS spoofing attack is unable to replace IP WS with a legal IP.Proof.ATT can read both the DNS reply and IP WS by decrypting with PK BA , which accompanies CB.However, ATT cannot replace IP WS with a real IP, since ATT does not have RK BA to reencrypt the desired IP ATT .