{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,24]],"date-time":"2025-08-24T00:03:07Z","timestamp":1755993787726,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":69,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,20]],"date-time":"2023-11-20T00:00:00Z","timestamp":1700438400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Union","award":["ROF-SG20-3066-3-2-2"],"award-info":[{"award-number":["ROF-SG20-3066-3-2-2"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,20]]},"DOI":"10.1145\/3689943.3695043","type":"proceedings-article","created":{"date-parts":[[2024,11,21]],"date-time":"2024-11-21T18:21:04Z","timestamp":1732213264000},"page":"17-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["OnionVPN: Onion Routing-Based VPN-Tunnels with Onion Services"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-9262-6833","authenticated-orcid":false,"given":"Sebastian","family":"Pahl","sequence":"first","affiliation":[{"name":"Hof University of Applied Sciences, Hof, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-1597-6625","authenticated-orcid":false,"given":"Daniel","family":"Kaiser","sequence":"additional","affiliation":[{"name":"Status Research & Development GmbH, Zug, Switzerland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7374-3927","authenticated-orcid":false,"given":"Thomas","family":"Engel","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Esch-sur-Alzette, Luxembourg"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6642-6904","authenticated-orcid":false,"given":"Florian","family":"Adamsky","sequence":"additional","affiliation":[{"name":"Hof University of Applied Sciences, Hof, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23160"},{"key":"e_1_3_2_1_2_1","volume-title":"No-Log VPNs Reveal Users Personal Data and Logs, vpnMentor. (Jul. 10","author":"Report","year":"2020","unstructured":"Report: No-Log VPNs Reveal Users Personal Data and Logs, vpnMentor. (Jul. 10, 2020), [Online]. Available: https:\/\/www.vpnmentor.com\/blog\/report-free-vpns-leak\/ (visited on 01\/16\/2021)."},{"key":"e_1_3_2_1_3_1","volume-title":"VPNpro. (Jan. 5","author":"Youngren J.","year":"2021","unstructured":"J. Youngren. Hidden VPN Owners Unveiled: 101 VPNs Run by 23 Companies, VPNpro. (Jan. 5, 2021), [Online]. Available: https:\/\/vpnpro.com\/blog\/hidden-vpn-owners-unveiled-97-vpns-23-companies\/ (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_4_1","volume-title":"21 million free VPN users data exposed. (Mar. 3","author":"Ruiz D.","year":"2021","unstructured":"D. Ruiz. 21 million free VPN users data exposed. (Mar. 3, 2021), [Online]. Available: https:\/\/blog.malwarebytes.com\/cybercrime\/privacy\/2021\/03\/21-million-free-vpn-users-data-exposed\/ (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_5_1","volume-title":"LimeVPN Website Taken Down by Hacker Customers Sensitive Information Hacked and Sold on Telegram. (Jun. 29","author":"Durward C.","year":"2021","unstructured":"C. Durward. LimeVPN Website Taken Down by Hacker Customers Sensitive Information Hacked and Sold on Telegram. (Jun. 29, 2021), [Online]. Available: https:\/\/www.privacysharks.com\/well-known-vpn-provider-in-security-breach-sensitive-information-hacked-and-sold-on-dark-web\/ (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24285"},{"key":"e_1_3_2_1_7_1","first-page":"57195736, isbn:","volume-title":"32nd USENIX Security Symposium","author":"Xue N.","year":"2023","unstructured":"N. Xue, Y. Malla, Z. Xia, C. P\u00f6pper, and M. Vanhoef, Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables, presented at the 32nd USENIX Security Symposium, 2023, pp. 57195736, isbn: 978-1-939133-37-3."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"R. Dingledine N. Mathewson and P. Syverson Tor: The Second-Generation Onion Router: Tech. Rep. 2004. [Online]. Available: https:\/\/svn-archive.torproject.org\/svn\/projects\/design-paper\/tor-design.pdf (visited on 07\/08\/2024).","DOI":"10.21236\/ADA465464"},{"key":"e_1_3_2_1_9_1","first-page":"3941","article-title":"Onion Routing for Anonymous and Private Internet Connections","volume":"42","author":"Goldschlag D.","year":"1999","unstructured":"D. Goldschlag, M. Reed, and P. Syverson, Onion Routing for Anonymous and Private Internet Connections, Communications of the ACM, vol. 42, pp. 3941, 1999.","journal-title":"Communications of the ACM"},{"key":"e_1_3_2_1_10_1","volume-title":"Never Been KIST: Tor's Congestion Management Blossoms with Kernel-Informed Socket Transport,\" in Proceedings of the 23rd USENIX Security Symposium","author":"Jansen R.","year":"2014","unstructured":"R. Jansen, J. Geddes, C. Wacek, M. Sherr, and P. Syverson, \"Never Been KIST: Tor's Congestion Management Blossoms with Kernel-Informed Socket Transport,\" in Proceedings of the 23rd USENIX Security Symposium, 2014, p. 16."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278121"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22263-4_8"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32946-3_9"},{"key":"e_1_3_2_1_14_1","unstructured":"M. Perry. \"Congestion Control Arrives in Tor 0.4.7-Stable! | Tor Project.\" (May 4 2022) [Online]. Available: https:\/\/blog.torproject.org\/congestion-contrl-047\/ (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2023-0081"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866345"},{"key":"e_1_3_2_1_17_1","unstructured":"Perrin Trevor \"The Noise Protocol Framework \" Tech. Rep. 2018 Revision 34. [Online]. Available: https:\/\/noiseprotocol.org\/noise.pdf (visited on 11\/18\/2020)."},{"key":"e_1_3_2_1_18_1","volume-title":"[Online]. Available: http:\/\/files.douglas.stebila.ca.s3.amazonaws.com\/files\/research\/presentations\/tls-attacks\/tls_attacks_table.pdf (visited on 12\/11\/2020)","author":"Stebila D.","year":"2020","unstructured":"D. Stebila. \"List of Attacks from recent years on TLS.\" (2020), [Online]. Available: http:\/\/files.douglas.stebila.ca.s3.amazonaws.com\/files\/research\/presentations\/tls-attacks\/tls_attacks_table.pdf (visited on 12\/11\/2020)."},{"key":"e_1_3_2_1_19_1","first-page":"28","volume-title":"A Cryptographic Evaluation of IPsec","author":"Ferguson N.","year":"1999","unstructured":"N. Ferguson and B. Schneier, \"A Cryptographic Evaluation of IPsec,\" p. 28, 1999."},{"key":"e_1_3_2_1_20_1","volume-title":"Rep., 2018","author":"Milner Jason","year":"2020","unstructured":"Donenfeld, Jason A. and Milner, Kevin, \"Formal Verification of the WireGuard Protocol,\" Tech. Rep., 2018, Revision b956944. [Online]. Available: https:\/\/www.wireguard.com\/papers\/wireguard-formal-verification.pdf (visited on 11\/18\/2020)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93387-0_1"},{"key":"e_1_3_2_1_22_1","volume-title":"Karlsruhe Institute of Technology","author":"Lipp B.","year":"2018","unstructured":"B. Lipp, \"A Mechanised Computational Analysis of the WireGuard Virtual Private Network Protocol,\" Masterthesis, Karlsruhe Institute of Technology, May 23, 2018. [Online]. Available: https:\/\/bit.ly\/3mU8jNZ."},{"key":"e_1_3_2_1_23_1","volume-title":"a variant of Salsa20,\" in Workshop Record of SASC","author":"Bernstein D. J.","year":"2008","unstructured":"D. J. Bernstein, \"ChaCha, a variant of Salsa20,\" in Workshop Record of SASC, 2008. [Online]. Available: https:\/\/cr.yp.to\/chacha\/chacha-20080128.pdf."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/11502760_3"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38980-1_8"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34931-7_28"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00030"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.24"},{"key":"e_1_3_2_1_29_1","unstructured":"\"Tor rendezvous specification - version 3.? (Feb. 5 2024) [Online]. Available: https:\/\/raw.githubusercontent.com\/torproject\/torspec\/main\/rend-spec-v3.txt (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_30_1","first-page":"287302, isbn: 9","volume-title":"24th USENIX Security Symposium","author":"Kwon A.","year":"2015","unstructured":"A. Kwon, M. AlSabah, D. Lazar, M. Dacier, and S. Devadas, Circuit fingerprinting attacks: Passive deanonymization of tor hidden services, presented at the 24th USENIX Security Symposium, 2015, pp. 287302, isbn: 978-1-939133-11-3."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2103.03831"},{"key":"e_1_3_2_1_32_1","volume-title":"Dec. 10, 2019. arXiv:  1912","author":"Bui T.","year":"1912","unstructured":"T. Bui, S. P. Rao, M. Antikainen, and T. Aura, Client-side vulnerabilities in commercial VPNs, Dec. 10, 2019. arXiv: 1912.04669[cs]. [Online]. Available: http:\/\/arxiv.org\/abs\/1912.04669 (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_33_1","unstructured":"Routing & Network Namespace Integration. (Feb. 5 2024) [Online]. Available: https:\/\/www.wireguard.com\/netns\/ (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_34_1","unstructured":"Strongswan in linux network namespaces. (Feb. 8 2024) [Online]. Available: https:\/\/docs.strongswan.org\/docs\/5.9\/howtos\/nameSpaces.html (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_35_1","unstructured":"Project todo - wireguard. (Nov. 13 2023) [Online]. Available: https:\/\/www.wireguard.com\/todo\/ (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-75551-7_11"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516651"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2015-0021"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653708"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278551"},{"key":"e_1_3_2_1_41_1","unstructured":"Mullvad servers. (Apr. 11 2024) [Online]. Available: https:\/\/mullvad.net\/en\/servers (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2006.27"},{"key":"e_1_3_2_1_43_1","unstructured":"Tor Rendezvous Specification Version 3 The Tor Project Tech. Rep. Jul. 8 2024. [Online]. Available: https:\/\/github.com\/torproject\/torspec\/blob\/main\/rend- spec- v3.txt (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_44_1","volume-title":"Mullvad VPN. (May 29, 2023","author":"Removing","year":"2023","unstructured":"Removing the support for forwarded ports - Blog, Mullvad VPN. (May 29, 2023), [Online]. Available: https:\/\/mullvad.net\/en\/blog\/2023\/5\/29\/removing-the-support-for-forwarded-ports\/ (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_45_1","unstructured":"Gradual removal of port forwarding from the IVPN service. (Jun. 29 2023) [Online]. Available: https:\/\/www.ivpn.net\/blog\/gradual-removal-of-port-forwarding\/ (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_46_1","unstructured":"Ip leak affecting vpn providers with port forwarding. (Feb. 8 2024) [Online]. Available: https:\/\/www.perfect-privacy.com\/en\/blog\/ip-leak-vulnerability-affecting-vpn-providers-with-port-forwarding (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8445"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc3489"},{"key":"e_1_3_2_1_49_1","volume-title":"[Online]. Available: https:\/\/metrics.torproject.org\/ (visited on 05\/16\/2024)","author":"Project Tor","year":"2024","unstructured":"Tor Project. Tor Metrics! (2024), [Online]. Available: https:\/\/metrics.torproject.org\/ (visited on 05\/16\/2024)."},{"key":"e_1_3_2_1_50_1","volume-title":"tornet-tools. (Feb. 22","author":"Jansen Rob","year":"2022","unstructured":"Rob Jansen and Justin Tracey and Ian Goldberg. tornet-tools. (Feb. 22, 2022), [Online]. Available: https:\/\/github.com\/shadow\/tornettools\/blob\/2ea14da\/tornettools\/generate_tgen.py (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_51_1","unstructured":"verizon. Monthly IP Latency Data | Verizon Enterprise Solutions. (2024) [Online]. Available: https:\/\/enterprise.verizon.com\/terms\/latency (visited on 06\/15\/2024)."},{"key":"e_1_3_2_1_52_1","volume-title":"The Tor Project","author":"Perry M.","year":"2020","unstructured":"M. Perry, RTT-based Congestion Control for Tor, The Tor Project, Jul. 2, 2020. [Online]. Available: https:\/\/gitlab.torproject.org\/tpo\/core\/torspec\/-\/blob\/main\/proposals\/324-rtt-congestion-control.txt (visited on 07\/08\/2024)."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23322"},{"key":"e_1_3_2_1_54_1","unstructured":"Extra security with double vpn | nordvpn. (Aug. 29 2024) [Online]. Available: https:\/\/nordvpn.com\/features\/double-vpn (visited on 08\/29\/2024)."},{"key":"e_1_3_2_1_55_1","unstructured":"What is secure core (Aug. 29 2024) [Online]. Available: https:\/\/protonvpn.com\/support\/secure-core-vpn (visited on 08\/29\/2024)."},{"key":"e_1_3_2_1_56_1","unstructured":"Multihop with wireguard. (Apr. 17 2024) [Online]. Available: https:\/\/mullvad.net\/en\/help\/multihop-wireguard (visited on 08\/29\/2024)."},{"key":"e_1_3_2_1_57_1","volume-title":"Layers of ultimate online security | nord-vpn. (Aug. 29","author":"Onion","year":"2024","unstructured":"Onion over vpn: Layers of ultimate online security | nord-vpn. (Aug. 29, 2024), [Online]. Available: https:\/\/nordvpn.com\/features\/onion-over-vpn (visited on 08\/29\/2024)."},{"key":"e_1_3_2_1_58_1","unstructured":"Onion over a VPN. (Nov. 9 2023) [Online]. Available: https:\/\/surfshark.com\/blog\/tor-over-vpn (visited on 08\/29\/2024)."},{"key":"e_1_3_2_1_59_1","unstructured":"What is Onion Over VPN. (Jan. 20 2024) [Online]. Available: https:\/\/www.cyberghostvpn.com\/privacyhub\/onion-over-vpn (visited on 08\/29\/2024)."},{"key":"e_1_3_2_1_60_1","unstructured":"Nymvpn free beta testing has begun. (Aug. 21 2024) [Online]. Available: https:\/\/nymvpn.com\/en\/blog\/nymvpn-free-beta-testing (visited on 08\/29\/2024)."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.37"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08506-7_15"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813628"},{"key":"e_1_3_2_1_64_1","volume-title":"White Paper, version","author":"Diaz C.","year":"2021","unstructured":"C. Diaz, H. Halpin, and A. Kiayias, The nym network: The next generation of privacy infrastructure, White Paper, version, vol. 1, 2021."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.35"},{"key":"e_1_3_2_1_66_1","volume-title":"DeNASA: Destination-naive AS-awareness in anonymous communications","author":"Barton A.","year":"2016","unstructured":"A. Barton and M. Wright, DeNASA: Destination-naive AS-awareness in anonymous communications, 2016. [Online]. Available: https:\/\/petsymposium.org\/popets\/2016\/popets-2016-0044.php (visited on 04\/17\/2024)."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417279"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.34"},{"key":"e_1_3_2_1_69_1","first-page":"271286, isbn: 9","volume-title":"24th USENIX Security Symposium","author":"Y. Sun","year":"2015","unstructured":"Y. Sun et al., RAPTOR: Routing Attacks on Privacy in Tor, presented at the 24th USENIX Security Symposium, 2015, pp. 271286, isbn: 978-1-939133-11-3."}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Salt Lake City UT USA","acronym":"CCS '24"},"container-title":["Proceedings of the 23rd Workshop on Privacy in the Electronic Society"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689943.3695043","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689943.3695043","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T02:16:09Z","timestamp":1755915369000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689943.3695043"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,20]]},"references-count":69,"alternative-id":["10.1145\/3689943.3695043","10.1145\/3689943"],"URL":"https:\/\/doi.org\/10.1145\/3689943.3695043","relation":{},"subject":[],"published":{"date-parts":[[2023,11,20]]},"assertion":[{"value":"2024-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}