This paper reveals the vulnerabilities of OpenVPN, including commercial obfuscated services, to DPI-based fingerprinting attacks by adversarial ISPs. It details a detection framework capable of identifying VPN traffic effectively, proposes defenses, and highlights the need for ongoing development of robust obfuscation methods.
Main Points
Growing VPN Adoption
VPNs are increasingly adopted due to concerns over privacy and censorship, motivating ISPs and governments to track or block VPN traffic.
OpenVPN's Vulnerability to Fingerprinting
OpenVPN, the most popular protocol for commercial VPN services, is explored for its vulnerability to fingerprinting by adversarial ISPs.
Detection Framework
A detection framework inspired by the Great Firewall uses a two-phase process (Filter and Prober components) to identify OpenVPN traffic effectively.
Obfuscated VPN Services Vulnerability
Obfuscated VPN services, while marketed as superior in evading detection, share many vulnerabilities with vanilla OpenVPN, making them detectable.
Proposed Defenses and Future Work
The research proposes short-term defenses against fingerprinting attacks and highlights the need for long-term, robust obfuscation strategies.
Insights
The simplicity of OpenVPN's handshake stage and lack of robust obfuscation techniques make it vulnerable to fingerprinting attacks.
Despite providers’ lofty unobservability claims, most implementations of obfuscated services resemble OpenVPN masked with the simple XOR-Patch, which is easily fingerprintable.
Real-world deployment demonstrates a viable method for ISPs and censors to identify both vanilla and obfuscated OpenVPN flows at scale.
Over an eight-day evaluation, our framework flagged 3,638 flows as OpenVPN connections, supporting the effectiveness of our detection framework.
Links
Images
URL
https://arxiv.org/html/2403.03998v1