223 reads
OpenVPN is Open to VPN Fingerprinting: Appendix
by Virtual Machine TechJanuary 14th, 2025
Virtual Machine Tech
@virtualmachine
Enabling the creation of complex infrastructure and DevOps pipelines.
Read this story in a terminal
Print this story
Read this story w/o Javascript
Too Long; Didn't Read
This research outlines methods to fingerprint OpenVPN traffic, achieving 85% accuracy, raising concerns about VPN blockability and countermeasures.
1x
Read by Dr. One
Listen to this story
Virtual Machine Tech
@virtualmachine
Enabling the creation of complex infrastructure and DevOps pipelines.
Learn More
LEARN MORE ABOUT @VIRTUALMACHINE'S
EXPERTISE AND PLACE ON THE INTERNET.
EXPERTISE AND PLACE ON THE INTERNET.
STORY’S CREDIBILITY
Academic Research Paper
Part of HackerNoon's growing list of open-source research papers, promoting free access to academic material.
Authors:
(1) Diwen Xue, University of Michigan;
(2) Reethika Ramesh, University of Michigan;
(3) Arham Jain, University of Michigan;
(4) Arham Jain, Merit Network, Inc.;
(5) J. Alex Halderman, University of Michigan;
(6) Jedidiah R. Crandall, Arizona State University/Breakpointing Bad;
(7) Roya Ensaf, University of Michigan.
Table of Links
3 Challenges in Real-world VPN Detection
4 Adversary Model and Deployment
5 Ethics, Privacy, and Responsible Disclosure
6 Identifying Fingerprintable Features and 6.1 Opcode-based Fingerprinting
6.3 Active Server Fingerprinting
6.4 Constructing Filters and Probers
7 Fine-tuning for Deployment and 7.1 ACK Fingerprint Thresholds
7.2 Choice of Observation Window N
7.4 Server Churn for Asynchronous Probing
7.5 Probe UDP and Obfuscated OpenVPN Servers
9 Evaluation & Findings and 9.1 Results for control VPN flows
12 Acknowledgement and References
A Appendix
Figure 11: Evaluation Process for Active Server Fingerprinting.
Figure 12: Decision tree derived from ISP and VPN datasets.
Table 4: Recommendation Websites Used
Table 5: Evaluation results on Merit, breakdown by configuration. Highlighted rows are “obfuscated” configurations. Variants marked with stars mean that the VPN provider does not disclose which obfuscation technique is used and we can only infer the variant type based on packet captures. Note Hide.me claims the tls-crypt option alone is enough to “obfuscate entire traffic” [18]. However, this option only encrypts control channel payloads but not the OpenVPN packer headers.
This paper is available on arxiv under CC BY 4.0 DEED license.
L O A D I N G
. . . comments & more!
. . . comments & more!
About Author
TOPICS
THIS ARTICLE WAS FEATURED IN...
RELATED STORIES
X REMOVE AD
