Virtual Private Networks (VPNs) provide confidentiality and hide the original IP address. Although many VPN providers promise not to record user activity, several media reports of data breaches show that this is often not true. Tor, on the other hand, allows anonymous communication using onion routing and takes privacy and anonymity seriously, but at the cost of performance loss. What is missing is a sweet spot between VPNs and anonymization networks that supports bulk downloads and video streaming but provides countermeasures against untrusted VPN providers and Autonomous System (AS)-level attackers.
In this paper, we present OnionVPN, an onion routing-based VPN tunnel, that provides better bulk transfer performance than Tor and offers additional security features over a VPN: (1) intermediate VPN nodes see only encrypted traffic, (2) protection against AS-level attackers with a new path selection algorithm, and (3) onion services with a novel cryptographic NAT traversal algorithm using the Noise protocol framework. We analyze 118 VPN providers, systematically compare them to our requirements and show that OnionVPN is currently possible with three VPN providers. An alternative to Tor for bulk traffic could relieve the Tor network and provide a better experience for other users who need higher privacy and anonymity features.
Titel | OnionVPN: Onion Routing-Based VPN-Tunnels with Onion Services |
---|---|
Medien | Workshop on Privacy in the Electronic Society (WPES) 2024 |
Verlag | --- |
Heft | --- |
Band | --- |
ISBN | --- |
Verfasser/Herausgeber | Sebastian Pahl, Daniel Kaiser, Thomas Engel, Prof. Dr. Florian Adamsky |
Seiten | --- |
Veröffentlichungsdatum | 2024-08-23 |
Projekttitel | --- |
Zitation | Pahl, Sebastian; Kaiser, Daniel; Engel, Thomas; Adamsky, Florian (2024): OnionVPN: Onion Routing-Based VPN-Tunnels with Onion Services. Workshop on Privacy in the Electronic Society (WPES) 2024. DOI: 10.1145/3689943.3695043 |