Search the Community
Showing results for tags 'interception'.
Found 2 results
-
I assume that organizations like the NSA can monitor and save metadata of all VPN traffic in the world. I think, then, that all VPNs are useless because having access to metadata of incoming and outgoing traffic of a VPN server can reveal almost everything and cracking the encrypted traffic is not necessary as they can look on decrypted traffic that exited a VPN server. Some correlation attacks scenarios I could think of: 1) If a VPN user accesses a less popular site, say abc.net then it can be safely assumed that he/she is the only VPN user that accesses it. Then the user can be easily identified, because it may be looked up that whenever a request was sent to this site by the VPN, a user X was also connected (for example sent/received requests from the VPN within 5-10 seconds) to the VPN. This can hardly be a coincidence so the anonymity is compromised. 2) Similarly, some pattern in the traffic can be seen. For example, a user usually spends some time on one site before moving on to some other site. So it is plain to see that if whenever some user X sent a request to the VPN and the VPN sent a request to some site abc.net 2 seconds later (or at any regular interval) and this continued for, say, several minutes, then those outgoing requests from the VPN are likely to correspond to the incoming requests from the user to the VPN. There are probably dozens of other variations of correlation attack that can be performed. I think that 60-100 people on a server is much too less to provide any anonymity. The point is that organizations like the NSA don't even have to decrypt the data but just seek for patterns. With all the computational power they have it should be easy. They wouldn't even need to perform the attack on specific targets only, but simply use computers to deanonymize almost every user. My questions are: 1. Does the NSA use correlation attacks? Why or why not? I have never read any news about it but saw a bunch of posts like this on forums that dangers of a correlation attack. I have only read about them cracking VPNs (but only those that were vulnerable because they were apparently run by lazy people and AirVPN is not one of them) here: http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ and here: http://arstechnica.com/tech-policy/2014/12/nsa-has-vpns-in-vulcan-death-grip-no-really-thats-what-they-call-it/. But no information about correlation attacks. 2. What measures does AirVPN take to prevent correlation attacks? Do you use multihop network i.e. different entry and exit IP? If so, are there any additional hops inbetween, similar to TOR relay nodes? Does it make correlation attacks any harder? What can we do to increase our security against these type of attacks? Would routing the traffic through AirVPN SSH tunnel (in the client) help or further compromise anonymity?
-
Hello, after reading the latest terrifying news about the NSA's ability to intercept and defeat VPN encryption I think we could all use a refresh on some behind the scenes AirVPN practices and defences against this evil. First off here is the Ars article, if you haven't read it strap in tight it's an unnerveing ride... http://arstechnica.com/information-technology/2014/03/nsas-automated-hacking-engine-offers-hands-free-pwning-of-the-world/ So what I'd like to know are what all defences AirVPN has in place to counter the things we've learned the NSA is doing to defeat even the strongest VPNs. 1. When is the last time AirVPN has completely wiped ALL of its internal systems and done fresh installs, and fully patched OS's and software OFFLINE? 2. We've learned governments will intercept hardware in the course of delivery and install "plants" before you even receive your new hardware. Have you taken into account where your hardware has been since it left the manufacturer? 3. Users are easily fooled if their connection is being hijacked during the time they open a new connection to AirVPN servers, is there anyway to alert a user, OR kill the connection with a warning if you (can) detect connections being made from a different location? 4. From this most recent article we've learned the NSA has "VPN cracking blades." In the article it's focused on IPSEC VPNs, have there been known weaknesses that would allow the NSA to bruteforce any part of IPSEC? How does their method strike you as per AirVPNs entire network configuration? These are just some basic questions that I could come up with, please feel free to point out any misunderstandings I may have had, and please anyone feel free to add any critical questions I didn't list. Thanks a lot, I do love AirVPN!