Teemu Rytilahti,Thorsten Holz

2024-10-11

Abstract:Virtual Private Network (VPN) solutions are used to connect private networks securely over the Internet. Besides their benefits in corporate environments, VPNs are also marketed to privacy-minded users to preserve their privacy, and to bypass geolocation-based content blocking and censorship. This has created a market for turnkey VPN services offering a multitude of vantage points all over the world for a monthly price. While VPN providers are heavily using privacy and security benefits in their marketing, such claims are generally hard to measure and substantiate. While there exist some studies on the VPN ecosystem, all prior works omit a critical part in their analyses: (i) How well do the providers configure and secure their own network infrastructure? and (ii) How well are they protecting their customers from other customers? To answer these questions, we have developed an automated measurement system with which we conduct a large-scale analysis of VPN providers and their thousands of VPN endpoints. Considering the fact that VPNs work internally using non-Internet-routable IP addresses, they might enable access to otherwise inaccessible networks. If not properly secured, this can inadvertently expose internal networks of these providers, or worse, even other clients connected to their services. Our results indicate a widespread lack of traffic filtering towards internally routable networks on the majority of tested VPN service providers, even in cases where no other VPN customers were directly exposed. We have disclosed our findings to the affected providers and other stakeholders, and offered guidance to improve the situation.

Cryptography and Security,Networking and Internet Architecture

Shane S. Clark,Hossen A. Mustafa,Benjamin Ransford,Jacob Sorber,Kevin Fu,Wenyuan Xu

DOI: https://doi.org/10.1007/978-3-642-40203-6_39

2013-01-01

Abstract:Computers plugged into power outlets leak identifiable information by drawing variable amounts of power when performing different tasks. This work examines the extent to which this side channel leaks private information about web browsing to an observer taking measurements at the power outlet. Using direct measurements of AC power consumption with an instrumented outlet, we construct a classifier that correctly identifies unlabeled power traces of webpage activity from a set of 51 candidates with 99% precision and 99% recall. The classifier rejects samples of 441 pages outside the corpus with a false-positive rate of less than 2%. It is also robust to a number of variations in webpage loading conditions, including encryption. When trained on power traces from two computers loading the same webpage, the classifier correctly labels further traces of that webpage from either computer. We identify several reasons for this consistently recognizable power consumption, including system calls, and propose countermeasures to limit the leakage of private information. Characterizing the AC power side channel may help lead to practical countermeasures that protect user privacy from an untrustworthy power infrastructure. © 2013 Springer-Verlag.

Thanh Bui,Siddharth Prakash Rao,Markku Antikainen,Tuomas Aura

DOI: https://doi.org/10.48550/arXiv.1912.04669

2019-12-10

Abstract:Internet users increasingly rely on commercial virtual private network (VPN) services to protect their security and privacy. The VPN services route the client's traffic over an encrypted tunnel to a VPN gateway in the cloud. Thus, they hide the client's real IP address from online services, and they also shield the user's connections from perceived threats in the access networks. In this paper, we study the security of such commercial VPN services. The focus is on how the client applications set up VPN tunnels, and how the service providers instruct users to configure generic client software. We analyze common VPN protocols and implementations on Windows, macOS and Ubuntu. We find that the VPN clients have various configuration flaws, which an attacker can exploit to strip off traffic encryption or to bypass authentication of the VPN gateway. In some cases, the attacker can also steal the VPN user's username and password. We suggest ways to mitigate each of the discovered vulnerabilities.

Cryptography and Security

Ben Feher,Lior Sidi,Asaf Shabtai,Rami Puzis

DOI: https://doi.org/10.48550/arXiv.1601.00184

2016-01-02

Abstract:WebRTC is an API that allows users to share streaming information, whether it is text, sound, video or files. It is supported by all major browsers and has a flexible underlying infrastructure. In this study we review current WebRTC structure and security in the contexts of communication disruption, modification and eavesdropping. In addition, we examine WebRTC security in a few representative scenarios, setting up and simulating real WebRTC environments and attacks.

Cryptography and Security

Diwen Xue,Reethika Ramesh,Arham Jain,Michalis Kallitsis,J. Alex Halderman,Jedidiah R. Crandall,Roya Ensafi

2024-03-07

Abstract:VPN adoption has seen steady growth over the past decade due to increased public awareness of privacy and surveillance threats. In response, certain governments are attempting to restrict VPN access by identifying connections using "dual use" DPI technology. To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN, the most popular protocol for commercial VPN services. We identify three fingerprints based on protocol features such as byte pattern, packet size, and server response. Playing the role of an attacker who controls the network, we design a two-phase framework that performs passive fingerprinting and active probing in sequence. We evaluate our framework in partnership with a million-user ISP and find that we identify over 85% of OpenVPN flows with only negligible false positives, suggesting that OpenVPN-based services can be effectively blocked with little collateral damage. Although some commercial VPNs implement countermeasures to avoid detection, our framework successfully identified connections to 34 out of 41 "obfuscated" VPN configurations. We discuss the implications of the VPN fingerprintability for different threat models and propose short-term defenses. In the longer term, we urge commercial VPN providers to be more transparent about their obfuscation approaches and to adopt more principled detection countermeasures, such as those developed in censorship circumvention research.

Cryptography and Security

Nguyen Phong Hoang,Arian Akhavan Niaki,Phillipa Gill,Michalis Polychronakis

DOI: https://doi.org/10.48550/arXiv.2102.08332

2021-06-16

Abstract:Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy is weakened by--the still exposed--IP address information. However, content delivery networks, DNS-based load balancing, co-hosting of different websites on the same server, and IP address churn, all contribute towards making domain-IP mappings unstable, and prevent straightforward IP-based browsing tracking. In this paper, we show that this instability is not a roadblock (assuming a universal DoT/DoH and ECH deployment), by introducing an IP-based website fingerprinting technique that allows a network-level observer to identify at scale the website a user visits. Our technique exploits the complex structure of most websites, which load resources from several domains besides their primary one. Using the generated fingerprints of more than 200K websites studied, we could successfully identify 84% of them when observing solely destination IP addresses. The accuracy rate increases to 92% for popular websites, and 95% for popular and sensitive websites. We also evaluated the robustness of the generated fingerprints over time, and demonstrate that they are still effective at successfully identifying about 70% of the tested websites after two months. We conclude by discussing strategies for website owners and hosting providers towards hindering IP-based website fingerprinting and maximizing the privacy benefits offered by DoT/DoH and ECH.

Cryptography and Security,Networking and Internet Architecture

Christof Ferreira Torres,Fiona Willi,Shweta Shinde

DOI: https://doi.org/10.48550/arXiv.2306.08170

2023-06-14

Abstract:With the recent hype around the Metaverse and NFTs, Web3 is getting more and more popular. The goal of Web3 is to decentralize the web via decentralized applications. Wallets play a crucial role as they act as an interface between these applications and the user. Wallets such as MetaMask are being used by millions of users nowadays. Unfortunately, Web3 is often advertised as more secure and private. However, decentralized applications as well as wallets are based on traditional technologies, which are not designed with privacy of users in mind. In this paper, we analyze the privacy implications that Web3 technologies such as decentralized applications and wallets have on users. To this end, we build a framework that measures exposure of wallet information. First, we study whether information about installed wallets is being used to track users online. We analyze the top 100K websites and find evidence of 1,325 websites running scripts that probe whether users have wallets installed in their browser. Second, we measure whether decentralized applications and wallets leak the user's unique wallet address to third-parties. We intercept the traffic of 616 decentralized applications and 100 wallets and find over 2000 leaks across 211 applications and more than 300 leaks across 13 wallets. Our study shows that Web3 poses a threat to users' privacy and requires new designs towards more privacy-aware wallet architectures.

Cryptography and Security

Siyuan Tang,Eihal Alowaisheq,Xianghang Mi,Yi Chen,XiaoFeng Wang,Yanzhi Dou

DOI: https://doi.org/10.48550/arXiv.2212.02740

2022-12-06

Cryptography and Security

Abstract:As an emerging service for in-browser content delivery, peer-assisted delivery network (PDN) is reported to offload up to 95\% of bandwidth consumption for video streaming, significantly reducing the cost incurred by traditional CDN services. With such benefits, PDN services significantly impact today's video streaming and content delivery model. However, their security implications have never been investigated. In this paper, we report the first effort to address this issue, which is made possible by a suite of methodologies, e.g., an automatic pipeline to discover PDN services and their customers, and a PDN analysis framework to test the potential security and privacy risks of these services. Our study has led to the discovery of 3 representative PDN providers, along with 134 websites and 38 mobile apps as their customers. Most of these PDN customers are prominent video streaming services with millions of monthly visits or app downloads (from Google Play). Also found in our study are another 9 top video/live streaming websites with each equipped with a proprietary PDN solution. Most importantly, our analysis on these PDN services has brought to light a series of security risks, which have never been reported before, including free riding of the public PDN services, video segment pollution, exposure of video viewers' IPs to other peers, and resource squatting. All such risks have been studied through controlled experiments and measurements, under the guidance of our institution's IRB. We have responsibly disclosed these security risks to relevant PDN providers, who have acknowledged our findings, and also discussed the avenues to mitigate these risks.

Thomas Sandholm,Boris Magnusson,Bjorn A. Johnsson

DOI: https://doi.org/10.48550/arXiv.1312.6501

2013-12-23

Abstract:In this paper we present the implementation of a WebRTC gateway service that can forward ad-hoc RTP data plane traffic from a browser on one local network to a browser on another local network. The advantage compared to the existing IETF STUN (RFC 5389), TURN (RFC 5766) and ICE (RFC 5245) protocols is that it does not require a public host and port mapping for each participating local host, and it works with more restrictive firewall policies. WebRTC implements ICE which combines STUN and TURN probes to automatically find the best connection between two peers who want to communicate. In corporate networks, simple hole punching and NAT traversal techniques typically do not work, e.g. because of symmetric NATs. Dynamic allocation of ports on an external 3rd party relay service is also typically blocked on restricted hosts. In our use case, doctors at hospitals can only access port 80 through the hospital firewall on external machines, and they need to communicate with patients who are typically behind a NAT in a local WiFi network. VPN solutions only work for staff but not between patients and staff. Our solution solves this problem by redirecting all WebRTC traffic through a gateway service on the local network that has a secure tunnel established with a public gateway. The public gateway redirects traffic from multiple concurrent streams securely between local gateway services that connect to it. The local gateways also communicate with browsers on their local network to mimic a direct browser-to-browser connection without having to change the browser runtime. We have demonstrated that this technique works well within the hospital network and arbitrary patient networks, without the need for any individual host configuration. In our evaluation we show that the latency overhead is 18-20 ms for each concurrent stream added to the same gateway service.

Networking and Internet Architecture

MohaisenAziz,RenKui,Kui Ren

2017-01-01

Abstract:The Tor hidden services, one of the features of the Tor anonymity network, are widely used for providing anonymity to services within the Tor network. Tor uses the .onion pseudo-top-level domain fo...

Xinyuan Wang,Shiping Chen,Sushil Jajodia

DOI: https://doi.org/10.1145/1102120.1102133

2005-01-01

Abstract:Peer-to-peer VoIP calls are becoming increasingly popular due to their advantages in cost and convenience. When these calls are encrypted from end to end and anonymized by low latency anonymizing network, they are considered by many people to be both secure and anonymous.In this paper, we present a watermark technique that could be used for effectively identifying and correlating encrypted, peer-to-peer VoIP calls even if they are anonymized by low latency anonymizing networks. This result is in contrast to many people's perception. The key idea is to embed a unique watermark into the encrypted VoIP flow by slightly adjusting the timing of selected packets. Our analysis shows that it only takes several milliseconds time adjustment to make normal VoIP flows highly unique and the embedded watermark could be preserved across the low latency anonymizing network if appropriate redundancy is applied. Our analytical results are backed up by the real-time experiments performed on leading peer-to-peer VoIP client and on a commercially deployed anonymizing network. Our results demonstrate that (1) tracking anonymous peer-to-peer VoIP calls on the Internet is feasible and (2) low latency anonymizing networks are susceptible to timing attacks.

Andrei Bytes,Jay Prakash,Jianying Zhou,Tony Q.S. Quek

DOI: https://doi.org/10.48550/arXiv.2002.03144

2020-04-26

Abstract:The number of active users of Wi-Fi Direct Device-to-Device file sharing applications on Android has exceeded 1.8 billion. Wi-Fi Direct, also known as Wi-Fi P2P, is commonly used for peer-to-peer, high-speed file transfer between mobile devices, as well as a close proximity connection mode for wireless cameras, network printers, TVs and other IoT and mobile devices. For its end users, such type of direct file transfer does not incur cellular data charges. However, despite the popularity of such applications, we observe that the software vendors tend to prioritize the ease of user flow over the security in their implementations, which leads to serious security flaws. We perform a comprehensive security analysis in the context of security and usability and report our findings in the form of 17 Common Vulnerabilities and Exposures (CVE) which have been disclosed to the corresponding vendors. To address the similar flaws at the early stage of the application design, we propose a joint consideration of security and usability for such applications and their protocols that can be visualized in form of a customised User Journey Map (UJM).

Cryptography and Security,Human-Computer Interaction,Networking and Internet Architecture

Yuxiang Yang,Xuewei Feng,Qi Li,Kun Sun,Ziqiang Wang,Ke Xu

DOI: https://doi.org/10.14722/ndss.2024.23419

2024-04-06

Abstract:In this paper, we uncover a new side-channel vulnerability in the widely used NAT port preservation strategy and an insufficient reverse path validation strategy of Wi-Fi routers, which allows an off-path attacker to infer if there is one victim client in the same network communicating with another host on the Internet using TCP. After detecting the presence of TCP connections between the victim client and the server, the attacker can evict the original NAT mapping and reconstruct a new mapping at the router by sending fake TCP packets due to the routers' vulnerability of disabling TCP window tracking strategy, which has been faithfully implemented in most of the routers for years. In this way, the attacker can intercept TCP packets from the server and obtain the current sequence and acknowledgment numbers, which in turn allows the attacker to forcibly close the connection, poison the traffic in plain text, or reroute the server's incoming packets to the attacker. We test 67 widely used routers from 30 vendors and discover that 52 of them are affected by this attack. Also, we conduct an extensive measurement study on 93 real-world Wi-Fi networks. The experimental results show that 75 of these evaluated Wi-Fi networks (81%) are fully vulnerable to our attack. Our case study shows that it takes about 17.5, 19.4, and 54.5 seconds on average to terminate an SSH connection, download private files from FTP servers, and inject fake HTTP response packets with success rates of 87.4%, 82.6%, and 76.1%. We responsibly disclose the vulnerability and suggest mitigation strategies to all affected vendors and have received positive feedback, including acknowledgments, CVEs, rewards, and adoption of our suggestions.

Cryptography and Security

Kiavash Satvat,Nitesh Saxena

DOI: https://doi.org/10.48550/arXiv.1808.01718

2018-08-06

Abstract:Harm to the privacy of users through data leakage is not an unknown issue, however, it has not been studied in the context of the crash reporting system. Automatic Crash Reporting Systems (ACRS) are used by applications to report information about the errors happening during a software failure. Although crash reports are valuable to diagnose errors, they may contain users' sensitive information. In this paper, we study such a privacy leakage vis-a-vis browsers' crash reporting systems. As a case study, we mine a dataset consisting of crash reports collected over the period of six years. Our analysis shows the presence of more than 20,000 sessions and token IDs, 600 passwords, 9,000 email addresses, an enormous amount of contact information, and other sensitive data. Our analysis sheds light on an important security and privacy issue in the current state-of-the-art browser crash reporting systems. Further, we propose a hotfix to enhance users' privacy and security in ACRS by removing sensitive data from the crash report prior to submit the report to the server. Our proposed hotfix can be easily integrated into the current implementation of ACRS and has no impact on the process of fixing bugs while maintaining the reports' readability.

Cryptography and Security

Jiazheng Wang,Zhenlong Yuan,Jun Li

DOI: https://doi.org/10.1109/iccet.2019.8726915

2019-01-01

Abstract:VoIP is pervasively used in online voice conversations through internet, and WeChat has become one of the most successful VoIP applications. Any leakage of VoIP call information will threat user confidentiality and privacy, and thus may lead to a catastrophic consequence to VoIP service providers. In this paper, a thorough behavior analysis of WeChat proprietary VoIP protocols is performed and we find the anonymity of users can be compromised by flow correlation attacks. Hereby a new framework UVP is proposed. UVP works in a global monitoring manner and leverages a new, efficient flow distance metric, evolved from Dynamic Time Wrapping, to correlate traffics from caller and callee. Evaluated in both in-house test bench and with real world dataset, UVP demonstrated its capability of uncovering WeChat VoIP call records and further obtaining the contact network of the victims.

Fuqing Chen,Haixin Duan,Xiaofeng Zheng,Jian Jiang,Jianjun Chen

DOI: https://doi.org/10.1007/978-3-319-89641-0_11

2018-01-01

Abstract:The TLS protocol is supposed to provide confidentiality to communication channel, preventing active and passive network attacks. However, researchers have presented several side-channel attacks against TLS protected communications, due to protocol design flaws or implementation problems. We present a new side-channel attack against HTTPS (HTTP over TLS) by exploiting cookie injection. Taking advantage of cookie's weak Same Origin Policy (SOP), an attacker can inject arbitrary cookies into a victim's browser if a website is not fully protected by HTTP Strict Transport Security (HSTS), the injected cookies can then be used to infer sensitive information of encrypted traffic initiated by the victim. We show two such side-channel attacks. The first allows the attacker to identify whether the victim is visiting a known sensitive URL or not. The second is able to reveal the full path of unknown URLs visited by the victim, exploiting cookie-path matching vulnerabilities in Internet Explorer, Edge, Safari, etc. With experiments, we investigate several popular cloud storage services and demonstrate that most of them (including Google Drive and Dropbox) are vulnerable to such attacks. The issues we discovered in Internet Explorer, Edge and Safari are also acknowledged by Microsoft (MSRC Case 39133, will be fixed in future version) and Apple (Case 666783646, has been fixed). Finally, we discuss potential defense and mitigation against these attacks.

Olivier van der Toorn,Raffaele Sommese,Anna Sperotto,Roland van Rijswijk-Deij,Mattijs Jonker

DOI: https://doi.org/10.48550/arXiv.2202.01160

2022-09-20

Abstract:Given the importance of privacy, many Internet protocols are nowadays designed with privacy in mind (e.g., using TLS for confidentiality). Foreseeing all privacy issues at the time of protocol design is, however, challenging and may become near impossible when interaction out of protocol bounds occurs. One demonstrably not well understood interaction occurs when DHCP exchanges are accompanied by automated changes to the global DNS (e.g., to dynamically add hostnames for allocated IP addresses). As we will substantiate, this is a privacy risk: one may be able to infer device presence and network dynamics from virtually anywhere on the Internet -- and even identify and track individuals -- even if other mechanisms to limit tracking by outsiders (e.g., blocking pings) are in place. We present a first of its kind study into this risk. We identify networks that expose client identifiers in reverse DNS records and study the relation between the presence of clients and said records. Our results show a strong link: in 9 out of 10 cases, records linger for at most an hour, for a selection of academic, enterprise and ISP networks alike. We also demonstrate how client patterns and network dynamics can be learned, by tracking devices owned by persons named Brian over time, revealing shifts in work patterns caused by COVID-19 related work-from-home measures, and by determining a good time to stage a heist.

Networking and Internet Architecture,Cryptography and Security

Artur Janc,Krzysztof Kotowicz,Lukas Weichselbaum,Roberto Clapis

DOI: https://doi.org/10.48550/arXiv.2001.07421

2020-01-21

Abstract:Intelligent Tracking Prevention (ITP) is a privacy mechanism implemented by Apple's Safari browser, released in October 2017. ITP aims to reduce the cross-site tracking of web users by limiting the capabilities of cookies and other website data. As part of a routine security review, the Information Security Engineering team at Google has identified multiple security and privacy issues in Safari's ITP design. These issues have a number of unexpected consequences, including the disclosure of the user's web browsing habits, allowing persistent cross-site tracking, and enabling cross-site information leaks (including cross-site search). This report is a modestly expanded version of our original vulnerability submission to Apple (WebKit bug #201319), providing additional context and edited for clarity. A number of the issues discussed here have been addressed in Safari 13.0.4 and iOS 13.3, released in December 2019.

Cryptography and Security

Pere Manils,Chaabane Abdelberri,Stevens Le Blond,Mohamed Ali Kaafar,Claude Castelluccia,Arnaud Legout,Walid Dabbous

DOI: https://doi.org/10.48550/arXiv.1004.1461

2010-04-09

Networking and Internet Architecture

Abstract:Privacy of users in P2P networks goes far beyond their current usage and is a fundamental requirement to the adoption of P2P protocols for legal usage. In a climate of cold war between these users and anti-piracy groups, more and more users are moving to anonymizing networks in an attempt to hide their identity. However, when not designed to protect users information, a P2P protocol would leak information that may compromise the identity of its users. In this paper, we first present three attacks targeting BitTorrent users on top of Tor that reveal their real IP addresses. In a second step, we analyze the Tor usage by BitTorrent users and compare it to its usage outside of Tor. Finally, we depict the risks induced by this de-anonymization and show that users' privacy violation goes beyond BitTorrent traffic and contaminates other protocols such as HTTP.

Vinod S. Khandkar,Manjesh K. Hanawal,Sameer G Kulkarni

DOI: https://doi.org/10.48550/arXiv.2207.01841

2022-07-05

Abstract:Security and Privacy are crucial in modern Internet services. Transport Layer Security (TLS) has largely addressed the issue of security. However, information about the type of service being accessed goes in plain-text in the initial handshakes of vanilla TLS, thus potentially revealing the activity of users and compromising privacy. The ``Encrypted ClientHello'' or ECH overcomes this issue by extending TLS 1.3 where all of the information that can potentially reveal the service type is masked, thus addressing the privacy issues in TLS 1.3. However, we notice that Internet services tend to use different versions of TLS for application data (primary connection/channel) and supporting data (side channels) such as scheduling information \textit{etc.}. %, during the active session. Although many internet services have migrated to TLS 1.3, we notice that it is only true for the primary connections which do benefit from TLS 1.3, while the side-channels continue to use lower version of TLS (e.g., 1.2) %which do not support ECH and continue to leak type of service accessed. We demonstrate that privacy information leaked from the side-channels can be used to affect the performance on the primary channels, like blocking or throttling specific service on the internet. Our work demonstrates that adapting ECH on primary channels alone is not sufficient to prevent the privacy leaks and attacks on primary channels. Further, we demonstrate that it is necessary for all of the associated side-channels also to migrate to TLS 1.3 and adapt ECH extension in order to offer complete privacy preservatio

Cryptography and Security,Networking and Internet Architecture