Compression Oracle Attacks on VPN Networks

Conference:  Defcon 26



The presentation discusses the vulnerability of TLS and VPNs to compression oracle attacks, with a focus on OpenVPN. The speaker explores the use of compression in VPNs and the potential for bi-directional compression on requests and responses. The presentation also highlights the need for continued research and improvement in TLS and VPN security.
  • TLS and VPNs are vulnerable to compression oracle attacks
  • OpenVPN uses bi-directional compression on requests and responses
  • Continued research and improvement in TLS and VPN security is necessary
The speaker discusses the famous 'crime' attack on TLS compression, which led to the death of TLS compression. They also mention the 'breach' attack, which was able to leak CSRF tokens of real-world web applications. The presentation emphasizes the need for improved security measures in VPNs to prevent similar attacks.


Security researchers have done a good amount of practical attacks in the past using chosen plain-text attacks on compressed traffic to steal sensitive data. In spite of how popular CRIME and BREACH were, little was talked about how this class of attacks was relevant to VPN networks. Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show a case study with a well-known VPN server and their plethora of clients. We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.