eduVPN – securing your privacy when you are out and about

Many of us enjoy taking our smartphone or laptop down to our local café, grabbing a cup of our favourite brewed beverage and sitting down to surf the web. Free Wi-Fi is a luxury we have come to expect at these establishments, airports, on commuter trains or the hotel we are staying at. But are you actually aware of how vulnerable you are when you are using a public Wi-Fi hotspot?

Convenience – not security

Most WiFi networks that are created for home and business uses are password-protected and encrypted. However, most public WiFi hotspots are set up strictly for convenience – not security! When you are using an unprotected public hotspot, whatever you do online is wide open to prying hackers’ eyes. That means your messages, emails, banking and shopping information, and every login under the sun is an open book to anyone who knows how to intercept your wireless connection – by simply positioning themselves between you and the connection point! Hackers can also use an unsecured Wi-Fi connection to distribute malware. If you allow file-sharing across such network, the hacker can easily plant infected software on your computer.

Recently, two Belgian researchers have cast more light on new ‘man-in-the-middle’ security risks. Dubbed ‘KRACK’ (Key Reinstallation AttaCK), the flaw has serious implications for essentially all wireless devices that use a security protocol called WPA2 – which just happens to be the standard security option for most networks.

eduVPN – a shield to protect your privacy

As mobile Wi-Fi becomes increasingly common, you can expect public Wi-Fi risks to grow over time. But this doesn’t mean you have to stay away from free Wi-Fi and tether yourself to a desk again.

That is why a group of developers from various R&E networks have joined forces to develop eduVPN, a technology for ultra-secure access, specifically designed for the research and education community. The abbreviation VPN stands for Virtual Private Network, and by using eduVPN a tunnel is created that shields your data traffic off from prying eyes, even when you are in your favourite café or riding the train.

No security worries

Through the eduVPN app students and researchers can access their home institution applications and resources from anywhere, without having to worry about security, explains Tangui Coulouarn, chair of the eduVPN board and project manager at the Danish R&E network DeiC. He is developing eduVPN jointly with colleagues from Australian AARNet, Dutch SURFnet, Nordic NORDUnet, and European GÉANT. He hopes the novel privacy technology will spread as widely as eduroam, the secure, worldwide roaming access for research and education.

“We want to make VPN technology commonly available by building better and more user-friendly tools”, says Tangui Coulouarn. “There are other VPN solutions out there. But they are either very expensive or you can have them for free, but then you have accept to be exposed to advertising. Also, many of them have quality issues”.

Success depends on universities

Ultimately, the success of eduVPN will depend on securing a critical mass of R&E networks that incorporate the technology in their service offering, and of universities that make it mandatory for their students and staff to connect to campus resources via eduVPN.

SURFnet has been the first NREN to deploy eduVPN, starting 1st January 2018. NORDUnet is running a test application, and the other eduVPN partners are preparing deployment in the near future. A variety of use cases are considered at the moment. eduVPN can be used for safe web browsing, for access to campus resources inside a campus, and to establish a secure connection from one campus to another.

Federated VPN usage

But that’s not all. The eduVPN development team has another ambitious goal in mind – a federated VPN usage model.

The idea is to provide secure gateways into trusted networks that end-users can access when using unsecured networks. By separating the ownership and operation of the gateways (servers located in R&E networks) from the operation of authentication and authorisation components (using federated identity), eduVPN offers privacy-by-design in a way that is not attainable by other VPN operators.

For more information please go to the eduVPN website

eduVPN has become an official part of the GÉANT project, and has received financial support from the Vietsch Foundation, the SIDN Fund, RIPE, NORDUnet and SURFnet. Also, eduVPN recently won the Internet Society of the Netherlands´ “Innovation Award 2018”.

Published: 02/2018

For more information please contact our contributor(s):