Fingerprinting VPNs with Custom Router Firmware: A New Censorship Threat Model.

Virtual Private Networks are effective in bypassing Internet censorship. Extensive research has been done to obfuscate VPN traffic in order to circumvent control filtering. In this paper, we introduce a new threat model in which a censorship body can use home routers running a custom firmware or an embedded OS to identify VPN connections. Monitoring network traffic at home routers enables efficient and accurate fingerprinting of VPN traffic before the traffic is NATed to the Internet. The proposed model leverages a vulnerability in VPN implementations. Experimental results highlight its ability to fingerprint with negligible false positives/negatives. The purpose of the study is to increase awareness of this issue and inspire others to take this threat model as a reasonable risk that needs to be addressed.