When it comes to encrypting data over a VPN, the name of the game is to release as little information about the data or its contents as possible. Sometimes knowing meta information related to the data can be nearly as compromising as having the actual plaintext data in hand. One of the most practical and fascinating examples of data characteristic leakage was published in 2010 related to VOIP (Voice of IP). According to a paper entitled “Uncovering Spoken Phrases in Encrypted Voice over IP Conversations”, it is possible to capture encrypted VOIP (voice) data that has been encoded with Variable Bit Rate (VBR) algorithms, and determine with roughly 50% accuracy the contents of the encrypted voice. That’s right, over half of the words could be determined with 90% accuracy even without decrypting a single bit. What is the major culprit behind this kind of data leakage? Compression. This phenomenon results from the predictability of certain information based on the specific application and characteristics of the compression algorithm, and it clearly shows how dangerous certain compression/encryption schemes can be for exposing certain kinds of data.
Well Documented Examples
Another well documented example of compression leading to the loss of information confidentiality and integrity is the CRIME (Compression Ratio Info-leak Made Easy) exploit (Also known as CVE-2012-4929). This vulnerability is based on the use of compression within the SPDY and HTTPS protocols. A secret cookie can be teased out of the encrypted data (due to compression), and once the attacker has the cookie, session hijacking can occur. A man-in-the-middle attack like this is extremely serious and can result in someone potentially gaining access to your most important information online to include banking information. A whole slew of web browsers were/are vulnerable to this exploit, so ensure that your web browser is updated to the latest version to reduce the risk of falling victim to a CRIME attack.
An even more sinister vulnerability called BREACH was discovered in 2013. BREACH is built on the same principal as CRIME, but only requires the use of HTTPS and HTTP compression (gzip). This allows for a much larger set of potentially impacted servers and clients because SPDY is not as widely used at HTTPS with HTTP compression. To make matters worse, simply disabling compression in the TLS (HTTPS) protocol will not necessarily protect against the vulnerability. HTTP compression itself needs to be disabled in order to alleviate the risk to exploitation. However, removing HTTPS compression also reduces performance. In most cases, it is worth the hit to performance to protect against such attacks.
What does this Mean for your VPN?
Simply put, do not enable compression. Any potential bandwidth savings you might gain will likely not be of enough benefit to offset the risks of data leakage that you may be assuming. Granted that the risks of someone actually attempting to compromise your data are likely fairly low, but why give someone any extra tools if they are acting maliciously? OpenVPN, PPTP, and L2TP, and IPSEC all support compression settings, so don’t assume you are safe if you are using an “older” VPN protocol.
How Can I Check for Compression Use on My VPN?
Checking for compression use will vary depending on the type of VPN in use and the type of devices. A few common examples are listed below –
OpenVPN on Merlin Firware / ASUS Router
PPTP on Ubuntu (Note multiple Options for Compression)
Share Your Thoughts
I would love to hear your thoughts on this issue! Comment away.
Looking For a Few Great Books on Cryptography?
(Note – I receive a small commission if you click on the above links and purchase the listed books)