In countries where internet censorship and surveillance are government policies, online security is crucial for risky users. Journalists, activists, politicians, and others with a large online presence can have serious repercussions, even for the websites they visit.
virtual private networks VPN, were designed to protect user data from surveillance, but doing what they claim is of paramount importance to those whose lives may depend on their effectiveness. VPNs’ ability to protect users also inspires research by Jedidiah Crandall, an associate professor of computer science at Arizona State University.
Crandall explains that VPNs hide your internet protocol or IP address by associating it with a different server than yours and making it appear as if you are accessing the internet outside of your normal network.
” VPNs were originally designed to access a secure network, but companies have repurposed them so you can escape a restrictive ISP you don’t trust and access a free and secure provider at home‘ says Crandall. ” In order to, The way people use VPNs today is a bit reversed. »
Crandall points out that this access is useful when users are concerned that their browsing data may be monitored by their internet service provider or ISP, or when users are in a country that censors their internet content.
resources like OpenVPN, a leading global private networking and cybersecurity company and the #1 resource for commercial VPN services, provides access to tools that quickly and easily connect to private networks and protect assets. But Crandall’s research goals to refute privacy claims and uncover whether VPNs can create a false sense of security in their users.
” We only ask basic questions like, “If you’re reusing VPNs this way, do they actually have the security features that people expect?” ‘ he says, reiterating his work’s focus on risky users who suffer from strict censorship and surveillance policies. “The first part of our research was to look at the VPN tunnel itself, which is an encrypted tunnel between the VPN server and the client, to see what kind of damage attackers can do from there. »
To figure out how attacks can be launched, Crandall and a group of researchers simulated a range of attacks from two potential threat paths: client-side, or direct attacks on user devices, and server-side, or attacks on the VPN server accessed by the user. the user’s device. The group explained their findings in an article entitled “ Blind in/on-path attacks and applications on VPNs “.
The team came to the conclusion Traffic can still be attacked from inside the tunnel as if no VPN were usedwhere attackers are able to reroute connections and deliver malware that users think a VPN is protecting them from.
“A lot can be at stake for people around the world when VPN providers market false claims about their services. Our Research has shown how VPN-based services, including those that market their VPN service as “invisible” or “unblockable,” can be effectively blocked with little collateral damage explains Ensafi, assistant professor of electrical engineering and computer science.