Saved in:
Bibliographic Details
Main Authors: Xue, Diwen, Ramesh, Reethika, Jain, Arham, Kallitsis, Michalis, Halderman, J. Alex, Crandall, Jedidiah R., Ensafi, Roya
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2403.03998
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910356915355648
author Xue, Diwen
Ramesh, Reethika
Jain, Arham
Kallitsis, Michalis
Halderman, J. Alex
Crandall, Jedidiah R.
Ensafi, Roya
author_facet Xue, Diwen
Ramesh, Reethika
Jain, Arham
Kallitsis, Michalis
Halderman, J. Alex
Crandall, Jedidiah R.
Ensafi, Roya
contents VPN adoption has seen steady growth over the past decade due to increased public awareness of privacy and surveillance threats. In response, certain governments are attempting to restrict VPN access by identifying connections using "dual use" DPI technology. To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN, the most popular protocol for commercial VPN services. We identify three fingerprints based on protocol features such as byte pattern, packet size, and server response. Playing the role of an attacker who controls the network, we design a two-phase framework that performs passive fingerprinting and active probing in sequence. We evaluate our framework in partnership with a million-user ISP and find that we identify over 85% of OpenVPN flows with only negligible false positives, suggesting that OpenVPN-based services can be effectively blocked with little collateral damage. Although some commercial VPNs implement countermeasures to avoid detection, our framework successfully identified connections to 34 out of 41 "obfuscated" VPN configurations. We discuss the implications of the VPN fingerprintability for different threat models and propose short-term defenses. In the longer term, we urge commercial VPN providers to be more transparent about their obfuscation approaches and to adopt more principled detection countermeasures, such as those developed in censorship circumvention research.
format Preprint
id arxiv_https___arxiv_org_abs_2403_03998
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle OpenVPN is Open to VPN Fingerprinting
Xue, Diwen
Ramesh, Reethika
Jain, Arham
Kallitsis, Michalis
Halderman, J. Alex
Crandall, Jedidiah R.
Ensafi, Roya
Cryptography and Security
VPN adoption has seen steady growth over the past decade due to increased public awareness of privacy and surveillance threats. In response, certain governments are attempting to restrict VPN access by identifying connections using "dual use" DPI technology. To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN, the most popular protocol for commercial VPN services. We identify three fingerprints based on protocol features such as byte pattern, packet size, and server response. Playing the role of an attacker who controls the network, we design a two-phase framework that performs passive fingerprinting and active probing in sequence. We evaluate our framework in partnership with a million-user ISP and find that we identify over 85% of OpenVPN flows with only negligible false positives, suggesting that OpenVPN-based services can be effectively blocked with little collateral damage. Although some commercial VPNs implement countermeasures to avoid detection, our framework successfully identified connections to 34 out of 41 "obfuscated" VPN configurations. We discuss the implications of the VPN fingerprintability for different threat models and propose short-term defenses. In the longer term, we urge commercial VPN providers to be more transparent about their obfuscation approaches and to adopt more principled detection countermeasures, such as those developed in censorship circumvention research.
title OpenVPN is Open to VPN Fingerprinting
topic Cryptography and Security
url https://arxiv.org/abs/2403.03998