Mining Digital Twins of a VPN Server

Edi Muskardin; Andrea  Pferscher; Bernhard K. Aichernig; Benjamin Wunderling

Mining Digital Twins of a VPN Server

Edi Muskardin, Andrea Pferscher, Bernhard K. Aichernig, Benjamin Wunderling

Trustworthy & Adaptive Computing (TAC)

Research output: Conference proceeding/Chapter in Book/Report/ › Conference Paper › peer-review

Abstract

Virtual private networks (VPNs) are widely used to create a secure communication mode between multiple parties over an insecure channel. A common use case for VPNs is secure access to company networks. Therefore, bugs in VPN software are often severe. The Internet Key Exchange protocol (IKE) is a protocol in the Internet Protocol Security (IPsec) protocol suite used in VPNs. There are two version of IKE, IPsec-IKEv1 and the newer IPsec-IKEv2, with IPsec-IKEv1 still widely used in practice. While IPsec-IKEv2 has been investigated in the context of automata learning, no such work exists for IPsec-IKEv1. This paper closes the gap for the IPsec-IKEv1 protocol and shows the steps taken to learn a digital twin of an IPsec server using automata learning. We present and contrast two learned models of an IPsec server. Using learning, we also found security issues in encryption libraries.

Original language	English
Title of host publication	Preproceedings of the Workshop on Applications of Formal Methods and Digital Twins
Publication status	Published - Mar 2023
Event	Workshop on Applications of Formal Methods and Digital Twins - Duration: 7 Mar 2023 → 9 Mar 2023

Workshop

Workshop	Workshop on Applications of Formal Methods and Digital Twins
Period	7/03/23 → 9/03/23

Keywords

IPsec
VPN
active automata learning
digital twin
model mining

Access to Document

https://ceur-ws.org/Vol-3507/paper6.pdf

Cite this

@inproceedings{a191fe6913f143539d05e2d8d5c191de,

title = "Mining Digital Twins of a VPN Server",

abstract = "Virtual private networks (VPNs) are widely used to create a secure communication mode between multiple parties over an insecure channel. A common use case for VPNs is secure access to company networks. Therefore, bugs in VPN software are often severe. The Internet Key Exchange protocol (IKE) is a protocol in the Internet Protocol Security (IPsec) protocol suite used in VPNs. There are two version of IKE, IPsec-IKEv1 and the newer IPsec-IKEv2, with IPsec-IKEv1 still widely used in practice. While IPsec-IKEv2 has been investigated in the context of automata learning, no such work exists for IPsec-IKEv1. This paper closes the gap for the IPsec-IKEv1 protocol and shows the steps taken to learn a digital twin of an IPsec server using automata learning. We present and contrast two learned models of an IPsec server. Using learning, we also found security issues in encryption libraries.",

keywords = "IPsec, VPN, active automata learning, digital twin, model mining",

author = "Edi Muskardin and Andrea Pferscher and Aichernig, {Bernhard K.} and Benjamin Wunderling",

year = "2023",

month = mar,

language = "English",

booktitle = "Preproceedings of the Workshop on Applications of Formal Methods and Digital Twins",

note = "Workshop on Applications of Formal Methods and Digital Twins ; Conference date: 07-03-2023 Through 09-03-2023",

}

TY - GEN

T1 - Mining Digital Twins of a VPN Server

AU - Muskardin, Edi

AU - Pferscher, Andrea

AU - Aichernig, Bernhard K.

AU - Wunderling, Benjamin

PY - 2023/3

Y1 - 2023/3

N2 - Virtual private networks (VPNs) are widely used to create a secure communication mode between multiple parties over an insecure channel. A common use case for VPNs is secure access to company networks. Therefore, bugs in VPN software are often severe. The Internet Key Exchange protocol (IKE) is a protocol in the Internet Protocol Security (IPsec) protocol suite used in VPNs. There are two version of IKE, IPsec-IKEv1 and the newer IPsec-IKEv2, with IPsec-IKEv1 still widely used in practice. While IPsec-IKEv2 has been investigated in the context of automata learning, no such work exists for IPsec-IKEv1. This paper closes the gap for the IPsec-IKEv1 protocol and shows the steps taken to learn a digital twin of an IPsec server using automata learning. We present and contrast two learned models of an IPsec server. Using learning, we also found security issues in encryption libraries.

AB - Virtual private networks (VPNs) are widely used to create a secure communication mode between multiple parties over an insecure channel. A common use case for VPNs is secure access to company networks. Therefore, bugs in VPN software are often severe. The Internet Key Exchange protocol (IKE) is a protocol in the Internet Protocol Security (IPsec) protocol suite used in VPNs. There are two version of IKE, IPsec-IKEv1 and the newer IPsec-IKEv2, with IPsec-IKEv1 still widely used in practice. While IPsec-IKEv2 has been investigated in the context of automata learning, no such work exists for IPsec-IKEv1. This paper closes the gap for the IPsec-IKEv1 protocol and shows the steps taken to learn a digital twin of an IPsec server using automata learning. We present and contrast two learned models of an IPsec server. Using learning, we also found security issues in encryption libraries.

KW - IPsec

KW - VPN

KW - active automata learning

KW - digital twin

KW - model mining

M3 - Conference Paper

BT - Preproceedings of the Workshop on Applications of Formal Methods and Digital Twins

T2 - Workshop on Applications of Formal Methods and Digital Twins

Y2 - 7 March 2023 through 9 March 2023

ER -

Mining Digital Twins of a VPN Server

Abstract

Workshop

Keywords

Access to Document

Fingerprint

Cite this