GoHop: Personal VPN to defend from censorship

Wang, Yuzhi; Ji, Ping; Ye, Borui; Wang, Pengjun; Luo, R.C.; Yang, Huazhong

doi:10.1109/icact.2014.6778916

Cited by 6 publications

(7 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e network topology of the experimental environment is shown in Fig- ure 3. e attack can be launched by the following steps: (1) installing SoftEther server software on the malicious server, (2) on the user interface of the SoftEther server software, enabling the VPN Gate option, so that the malicious server now becomes a volunteer node of the VPN Gate relay system, and (3) adding DNAT rules in the malicious OpenWrt router to redirect all VPN traffics to the malicious server. To add the DNAT rules, we use the following Linux Shell commands: iptables -t nat -A PREROUTING -d 219.100.37.X --dport 443 -p tcp -m tcp -j DNAT --to-destination 47.242.230.X:443…”

Section: Scenario 1: Vpn Session Hijackingmentioning

confidence: 99%

“…Users use this to access services or resources in the remote networks. Either to circumvent censorship [1] or for privacy purpose [2], many users use VPN to obtain network services. However, VPN still faces some privacy and security risks [3].…”

Section: Introductionmentioning

confidence: 99%

“…Used as a platform for running the VPN Gate plugins, the SoftEther VPN is opensource software to support multiprotocols, including L2TP/ IPSec, OpenVPN, MS-SSTP, and "SSL-VPN" [5]. According to the website of the VPN Gate project, the motivations of the project are (1) to bypass censorship firewalls, (2) to hide IP address, and (3) to antipacket sniffing [6]. e VPN Gate has grown into a large distributed system (up to 14,000 volunteer nodes during peak hours).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

On Man-in-the-Middle Attack Risks of the VPN Gate Relay System

Sun

Wang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

With the development of the Internet, more and more people use virtual private network (VPN) to circumvent censorship or hide themselves for privacy purposes. However, VPN itself faces some security and privacy risks. Widely used all over the world, the VPN Gate is a volunteer-organized public VPN relay system launched in 2013. By analyzing the security of the system, we have found that there is a man-in-the-middle attack risk because an attacker may hijack a VPN session and decrypt the traffic. According to our study, the reason of the security issues is the misuse of the SSL certificate. To mitigate the security risks, we offered a series of recommendations.

show abstract

Section: Scenario 1: Vpn Session Hijackingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On Man-in-the-Middle Attack Risks of the VPN Gate Relay System

Sun

Wang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Open HTTP Proxies: Users also resort to Open HTTP proxies and other censorship resistance systems to anonymize their traffic [16,42]. One of these services is VPN Gate, an open and free service analyzed by Nobori et al [23].…”

Section: Vpn-based Measurementsmentioning

confidence: 99%

An Empirical Analysis of the Commercial VPN Ecosystem

Khan¹,

DeBlasio

Voelker

et al. 2018

Proceedings of the Internet Measurement Conference 2018

View full text Add to dashboard Cite

Global Internet users increasingly rely on virtual private network (VPN) services to preserve their privacy, circumvent censorship, and access geo-filtered content. Due to their own lack of technical sophistication and the opaque nature of VPN clients, however, the vast majority of users have limited means to verify a given VPN service's claims along any of these dimensions. We design an active measurement system to test various infrastructural and privacy aspects of VPN services and evaluate 62 commercial providers. Our results suggest that while commercial VPN services seem, on the whole, less likely to intercept or tamper with user traffic than other, previously studied forms of traffic proxying, many VPNs do leak user traffic-perhaps inadvertently-through a variety of means. We also find that a non-trivial fraction of VPN providers transparently proxy traffic, and many misrepresent the physical location of their vantage points: 5-30% of the vantage points, associated with 10% of the providers we study, appear to be hosted on servers located in countries other than those advertised to users.

show abstract

“…GoHop [85] breaks the notion of 'flow' used by Deep Packet Inspection (DPI) boxes by sending traffic over a set of randomized ports. Clayton et al [86] note that the GFW terminates offending connections through injection of TCP reset packets.…”

Section: Miscellaneousmentioning

confidence: 99%

SoK: Making Sense of Censorship Resistance Systems

Khattak

Elahi

Simon

et al. 2016

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

An increasing number of countries implement Internet censorship at different scales and for a variety of reasons. In particular, the link between the censored client and entry point to the uncensored network is a frequent target of censorship due to the ease with which a nation-state censor can control it. A number of censorship resistance systems have been developed thus far to help circumvent blocking on this link, which we refer to as link circumvention systems (LCs). The variety and profusion of attack vectors available to a censor has led to an arms race, leading to a dramatic speed of evolution of LCs. Despite their inherent complexity and the breadth of work in this area, there is no systematic way to evaluate link circumvention systems and compare them against each other. In this paper, we (i) sketch an attack model to comprehensively explore a censor's capabilities, (ii) present an abstract model of a LC, a system that helps a censored client communicate with a server over the Internet while resisting censorship, (iii) describe an evaluation stack that underscores a layered approach to evaluate LCs, and (iv) systemize and evaluate existing censorship resistance systems that provide link circumvention. We highlight open challenges in the evaluation and development of LCs and discuss possible mitigations.

show abstract

GoHop: Personal VPN to defend from censorship

Cited by 6 publications

References 10 publications

On Man-in-the-Middle Attack Risks of the VPN Gate Relay System

On Man-in-the-Middle Attack Risks of the VPN Gate Relay System

An Empirical Analysis of the Commercial VPN Ecosystem

SoK: Making Sense of Censorship Resistance Systems

Contact Info

Product

Resources

About