Abstract
Virtual private networks (VPNs) are widely used to create a secure communication mode between multiple parties over an insecure channel. A common use case for VPNs is secure access to company networks. Therefore, bugs in VPN software are often severe. The Internet Key Exchange protocol (IKE) is a protocol in the Internet Protocol Security (IPsec) protocol suite used in VPNs. There are two version of IKE, IPsec-IKEv1 and the newer IPsec-IKEv2, with IPsec-IKEv1 still widely used in practice. While IPsec-IKEv2 has been investigated in the context of automata learning, no such work exists for IPsec-IKEv1. This paper closes the gap for the IPsec-IKEv1 protocol and shows the steps taken to learn a digital twin of an IPsec server using automata learning. We present and contrast two learned models of an IPsec server. Using learning, we also found security issues in encryption libraries.
Original language | English |
---|---|
Title of host publication | Preproceedings of the Workshop on Applications of Formal Methods and Digital Twins |
Publication status | Published - Mar 2023 |
Event | Workshop on Applications of Formal Methods and Digital Twins - Duration: 7 Mar 2023 → 9 Mar 2023 |
Workshop
Workshop | Workshop on Applications of Formal Methods and Digital Twins |
---|---|
Period | 7/03/23 → 9/03/23 |
Keywords
- IPsec
- VPN
- active automata learning
- digital twin
- model mining