Not This Exit: Analyzing the Impact of VPN Exit IPs on Network Alchemy
Description
Virtual Private Networks (VPNs) are used in a wide range of applications, rangingfrom commercial applications like accessing resources remotely to security and pri-
vacy for targeted users like journalists, Non-governmental organizations (NGOs), etc.
However, VPNs were not inherently designed with security in mind. The interaction
between the kernel processes and the connection tracking framework is uncoordi-
nated. This leaves VPNs vulnerable to certain attacks due to their implementation.
This work explores the extent to which these attacks are possible on certain imple-
mentations of VPN servers which have a separate exit IP and entry IP on the VPN
server.
Further, this work also formally models the VPN connection tracking behavior
between servers and clients. The formal models enables a deeper analysis to identify
exactly at what point of the VPN process the vulnerabilities are introduced and if
the instances of VPN which have separate entry and exit IPs are still vulnerable to
the same attacks. Through simulations done in a virtual lab environment and testing
on formal models, it is observed that having a separate exit and entry IP leaves may
affect the practicality of certain attacks.
Date Created
The date the item was original created (prior to any relationship with the ASU Digital Repositories.)
2024
Agent
- Author (aut): Ayyagari, Tarun
- Thesis advisor (ths): Crandall, Jedidiah
- Committee member: Wang, Ruoyu
- Committee member: Gary, Kevin
- Publisher (pbl): Arizona State University