: Anonymous but authenticated VPN

  • J A Bakker

Student thesis: Master's Thesis


In order to improve their online privacy and to secure communications, many people use VPNs. Those private networks allow devices to securely communicate over the public inter-net by means of encrypting the communication between the devices in the network. This way, hostile devices on the public internet cannot intercept the messages these devices ex-change.
While this offers secure communication, it requires you to trust the VPN owner as the communication between the user and the VPN router is only secure up to the VPN router. Because traditional VPNs use username/password authentication or other methods which make it possible to identify the user that is making the requests, this does not offer privacy towards the VPN itself. This also leads to being able to trace users across multiple sessions, and link their sessions together. In some situations, for example when evading censorship by means of using the VPN, this can be a problem when the VPN server is compromised. This means that sometimes the VPN cannot be trusted.
In this research, we offer a solution to this problem by presenting a WireGuard-based VPN which uses anonymous authentication by means of the IRMA app, based on Attribute-Based Credentials. This way, users can authenticate to the VPN without having to disclose any personal information to the VPN other than the right to use the VPN. We show how this improves the privacy of the user of the VPN. This works because the VPN owner can no longer see what user is connecting, which means users can more easily trust the VPN owner.
Date of Award15 Feb 2023
Original languageEnglish
SupervisorG Alpár (Supervisor) & Fabian van den Broek (Co-assessor)

Master's Degree

  • Master Software Engineering

Cite this