Vpwns : Virtual Pwned Networks

J. Appelbaum, M. Ray, K. Koscher, I. Finder

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

134 Downloads (Pure)


User-accessed Virtual Private Network systems allow authorized users remote access to protected or otherwise privileged networks while avoiding dependence on ISPs along the route for data confidentiality and integrity. This direct expression of the internet’s end-to-end principle of security is generally accepted as a highly successful design.

VPN services and technology advertising censorship circumvention, resistance to data retention, and anonymity as features are proliferating rapidly. But it is unclear that these security properties were included in the original design requirements of VPN protocols and product implementations. Experience with dedicated anonymity networks (e.g., Tor) shows that strong anonymity is not achieved by accident. The ‘P’ in VPN notwithstanding, not all privacy methods are equal or strongly anonymizing, which opens opportunities for attackers when VPN-based systems are used for anonymity or even simple censorship circumvention.

This paper evaluates VPN anonymity, security and privacy features including identity, geographic location, confidentiality of communications, and generalized security issues such as reachability and prevention of network tampering. We find many popular VPN products are susceptible to a variety of practical user deanonymization attacks. Weaknesses stem from lack of security analysis of the composition of VPNs, applications, and the TCP/IP stack on each respective operating system. Although we describe some potential mitigations for vendors, the primary goal of this paper is to raise awareness of the inherent risks which come from repurposing off-the-shelf VPN systems to provide strong anonymity.
Original languageEnglish
Title of host publication2nd USENIX Workshop on Free and Open Communications on the Internet, FOCI '12, Bellevue, WA, USA, August 6, 2012
Number of pages7
Publication statusPublished - 2012
Externally publishedYes
Event2nd USENIX Workshop on Free and Open Communications on the Internet (FOCI 2012) - Bellevue, WA, United States
Duration: 6 Aug 20126 Aug 2012
Conference number: 2


Conference2nd USENIX Workshop on Free and Open Communications on the Internet (FOCI 2012)
Abbreviated titleFOCI 2012
Country/TerritoryUnited States
CityBellevue, WA


Dive into the research topics of 'Vpwns : Virtual Pwned Networks'. Together they form a unique fingerprint.

Cite this