Vpwns : Virtual Pwned Networks

J. Appelbaum, M. Ray, K. Koscher, I. Finder

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

7 Citaten (Scopus)
66 Downloads (Pure)


User-accessed Virtual Private Network systems allow authorized users remote access to protected or otherwise privileged networks while avoiding dependence on ISPs along the route for data confidentiality and integrity. This direct expression of the internet’s end-to-end principle of security is generally accepted as a highly successful design.

VPN services and technology advertising censorship circumvention, resistance to data retention, and anonymity as features are proliferating rapidly. But it is unclear that these security properties were included in the original design requirements of VPN protocols and product implementations. Experience with dedicated anonymity networks (e.g., Tor) shows that strong anonymity is not achieved by accident. The ‘P’ in VPN notwithstanding, not all privacy methods are equal or strongly anonymizing, which opens opportunities for attackers when VPN-based systems are used for anonymity or even simple censorship circumvention.

This paper evaluates VPN anonymity, security and privacy features including identity, geographic location, confidentiality of communications, and generalized security issues such as reachability and prevention of network tampering. We find many popular VPN products are susceptible to a variety of practical user deanonymization attacks. Weaknesses stem from lack of security analysis of the composition of VPNs, applications, and the TCP/IP stack on each respective operating system. Although we describe some potential mitigations for vendors, the primary goal of this paper is to raise awareness of the inherent risks which come from repurposing off-the-shelf VPN systems to provide strong anonymity.
Originele taal-2Engels
Titel2nd USENIX Workshop on Free and Open Communications on the Internet, FOCI '12, Bellevue, WA, USA, August 6, 2012
Aantal pagina's7
StatusGepubliceerd - 2012
Extern gepubliceerdJa
Evenement2nd USENIX Workshop on Free and Open Communications on the Internet (FOCI 2012) - Bellevue, WA, Verenigde Staten van Amerika
Duur: 6 aug 20126 aug 2012
Congresnummer: 2


Congres2nd USENIX Workshop on Free and Open Communications on the Internet (FOCI 2012)
Verkorte titelFOCI 2012
Land/RegioVerenigde Staten van Amerika
StadBellevue, WA


Duik in de onderzoeksthema's van 'Vpwns : Virtual Pwned Networks'. Samen vormen ze een unieke vingerafdruk.

Citeer dit