OpenVPN is Open to VPN Fingerprinting: Appendix

Written by virtualmachine | Published 2025/01/14
Tech Story Tags: vpn | openvpn | cybersecurity | privacy-threats | dpi | active-server-fingerprinting | isp | vpn-dataset

TLDR

This research outlines methods to fingerprint OpenVPN traffic, achieving 85% accuracy, raising concerns about VPN blockability and countermeasures.via the TL;DR App

Authors:

(1) Diwen Xue, University of Michigan;

(2) Reethika Ramesh, University of Michigan;

(3) Arham Jain, University of Michigan;

(4) Arham Jain, Merit Network, Inc.;

(5) J. Alex Halderman, University of Michigan;

(6) Jedidiah R. Crandall, Arizona State University/Breakpointing Bad;

(7) Roya Ensaf, University of Michigan.

Table of Links

Abstract and 1 Introduction

2 Background & Related Work

3 Challenges in Real-world VPN Detection

4 Adversary Model and Deployment

5 Ethics, Privacy, and Responsible Disclosure

6 Identifying Fingerprintable Features and 6.1 Opcode-based Fingerprinting

6.2 ACK-based Fingerprinting

6.3 Active Server Fingerprinting

6.4 Constructing Filters and Probers

7 Fine-tuning for Deployment and 7.1 ACK Fingerprint Thresholds

7.2 Choice of Observation Window N

7.3 Effects of Packet Loss

7.4 Server Churn for Asynchronous Probing

7.5 Probe UDP and Obfuscated OpenVPN Servers

8 Real-world Deployment Setup

9 Evaluation & Findings and 9.1 Results for control VPN flows

9.2 Results for all flows

10 Discussion and Mitigations

12 Acknowledgement and References

A Appendix

This paper is available on arxiv under CC BY 4.0 DEED license.

Written by virtualmachine | Enabling the creation of complex infrastructure and DevOps pipelines.

Published by HackerNoon on 2025/01/14