Unraveling DoH Traces: Padding-Resilient Website Fingerprinting via HTTP/2 Key Frame Sequences

Download PDF
Open Webpage

Baiyang Li, Yujia Zhu, Yuedong Zhang, Qingyun Liu, Li Guo

Published: 2025, Last Modified: 23 Jan 2026ESORICS (3) 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: DNS-over-HTTPS (DoH) has been widely adopted by major web browsers to enhance the security and privacy of DNS transactions. To mitigate traffic analysis threats such as website fingerprinting (WFP) attacks, many DoH deployments apply EDNS(0) padding at both the client and resolver. As the padding strategy equalizes DNS data sizes, it diminishes the efficacy of previous WFP attacks that exploit TLS-layer length patterns. Moreover, TLS-level features fail to capture the application-layer behavior of HTTP/2, which underlies DoH communication.