Mining Digital Twins of a VPN Server

Andrea Pferscher; Benjamin Wunderling; Bernhard K. Aichernig; Edi Muškardin

Mining Digital Twins of a VPN Server

Andrea Pferscher^*, Benjamin Wunderling, Bernhard K. Aichernig, Edi Muškardin

^*Korrespondierende/r Autor/-in für diese Arbeit

Publikation: Beitrag in einer Fachzeitschrift › Konferenzartikel › Begutachtung

Abstract

Virtual private networks (VPNs) are widely used to create a secure communication mode between multiple parties over an insecure channel. A common use case for VPNs is secure access to company networks. Therefore, bugs in VPN software are often severe. The Internet Key Exchange protocol (IKE) is a protocol in the Internet Protocol Security (IPsec) protocol suite used in VPNs. There are two version of IKE, IPsec-IKEv1 and the newer IPsec-IKEv2, with IPsec-IKEv1 still widely used in practice. While IPsec-IKEv2 has been investigated in the context of automata learning, no such work exists for IPsec-IKEv1. This paper closes the gap for the IPsec-IKEv1 protocol and shows the steps taken to learn a digital twin of an IPsec server using automata learning. We present and contrast two learned models of an IPsec server. Using learning, we also found security issues in encryption libraries.

Originalsprache	englisch
Seitenumfang	11
Fachzeitschrift	CEUR Workshop Proceedings
Jahrgang	3507
Publikationsstatus	Veröffentlicht - 2023
Veranstaltung	2023 Workshop on Applications of Formal Methods and Digital Twins: FMDT 2023 - Lubeck, Deutschland Dauer: 6 März 2023 → 6 März 2023

ASJC Scopus subject areas

Allgemeine Computerwissenschaft

Zugriff auf Dokument

https://ceur-ws.org/Vol-3507/paper6.pdfLizenz: CC BY 4.0

Andere Dateien und Links

Verknüpfung zur Publikation in Scopus

Dieses zitieren

@article{3924604c9c954901933aa6d02c3fe8cb,

title = "Mining Digital Twins of a VPN Server",

abstract = "Virtual private networks (VPNs) are widely used to create a secure communication mode between multiple parties over an insecure channel. A common use case for VPNs is secure access to company networks. Therefore, bugs in VPN software are often severe. The Internet Key Exchange protocol (IKE) is a protocol in the Internet Protocol Security (IPsec) protocol suite used in VPNs. There are two version of IKE, IPsec-IKEv1 and the newer IPsec-IKEv2, with IPsec-IKEv1 still widely used in practice. While IPsec-IKEv2 has been investigated in the context of automata learning, no such work exists for IPsec-IKEv1. This paper closes the gap for the IPsec-IKEv1 protocol and shows the steps taken to learn a digital twin of an IPsec server using automata learning. We present and contrast two learned models of an IPsec server. Using learning, we also found security issues in encryption libraries.",

keywords = "active automata learning, digital twin, IPsec, model mining, VPN",

author = "Andrea Pferscher and Benjamin Wunderling and Aichernig, {Bernhard K.} and Edi Mu{\v s}kardin",

note = "Publisher Copyright: {\textcopyright} 2023 CEUR-WS. All rights reserved.; 2023 Workshop on Applications of Formal Methods and Digital Twins : FMDT 2023 ; Conference date: 06-03-2023 Through 06-03-2023",

year = "2023",

language = "English",

volume = "3507",

journal = "CEUR Workshop Proceedings",

issn = "1613-0073",

publisher = "RWTH Aachen",

}

TY - JOUR

T1 - Mining Digital Twins of a VPN Server

AU - Pferscher, Andrea

AU - Wunderling, Benjamin

AU - Aichernig, Bernhard K.

AU - Muškardin, Edi

PY - 2023

Y1 - 2023

N2 - Virtual private networks (VPNs) are widely used to create a secure communication mode between multiple parties over an insecure channel. A common use case for VPNs is secure access to company networks. Therefore, bugs in VPN software are often severe. The Internet Key Exchange protocol (IKE) is a protocol in the Internet Protocol Security (IPsec) protocol suite used in VPNs. There are two version of IKE, IPsec-IKEv1 and the newer IPsec-IKEv2, with IPsec-IKEv1 still widely used in practice. While IPsec-IKEv2 has been investigated in the context of automata learning, no such work exists for IPsec-IKEv1. This paper closes the gap for the IPsec-IKEv1 protocol and shows the steps taken to learn a digital twin of an IPsec server using automata learning. We present and contrast two learned models of an IPsec server. Using learning, we also found security issues in encryption libraries.

AB - Virtual private networks (VPNs) are widely used to create a secure communication mode between multiple parties over an insecure channel. A common use case for VPNs is secure access to company networks. Therefore, bugs in VPN software are often severe. The Internet Key Exchange protocol (IKE) is a protocol in the Internet Protocol Security (IPsec) protocol suite used in VPNs. There are two version of IKE, IPsec-IKEv1 and the newer IPsec-IKEv2, with IPsec-IKEv1 still widely used in practice. While IPsec-IKEv2 has been investigated in the context of automata learning, no such work exists for IPsec-IKEv1. This paper closes the gap for the IPsec-IKEv1 protocol and shows the steps taken to learn a digital twin of an IPsec server using automata learning. We present and contrast two learned models of an IPsec server. Using learning, we also found security issues in encryption libraries.

KW - active automata learning

KW - digital twin

KW - IPsec

KW - model mining

KW - VPN

UR - http://www.scopus.com/inward/record.url?scp=85175944724&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:85175944724

SN - 1613-0073

VL - 3507

JO - CEUR Workshop Proceedings

JF - CEUR Workshop Proceedings

T2 - 2023 Workshop on Applications of Formal Methods and Digital Twins

Y2 - 6 March 2023 through 6 March 2023

ER -

Mining Digital Twins of a VPN Server

Abstract

ASJC Scopus subject areas

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Dieses zitieren