How to design a trustworthy IPsec VPN device employing nested tunnels?
2018 (English)Independent thesis Advanced level (degree of Master (One Year)), 40 credits / 60 HE credits
Student thesis
Abstract [en]
Enterprises use site-to-site \textit{Virtual Private Network} (VPN) technology to securely transmit data over insecure networks, such as the Internet. By utilizing commercial VPN products, organizations partially rely on the vendors to keep their communication out of reach from malicious groups or individuals. These VPN servers consist of thousands of subcomponents, which can be grouped into \textit{hardware, operating system, general software, protocols, and algorithms}. The main idea of this study is to design an IPsec VPN architecture based on \textit{IPsec nesting}. This is achieved by designing two servers that consist of different subcomponents on each layer. Thus, a vulnerability in one component will not necessarily put the entire IPsec communication at risk. The subcomponents picked for deployment are investigated and reviewed based on their trustworthiness, which will be based on later defined criteria. This trust analysis will act as a potential starting point for providing a framework for future trust assessments.
Place, publisher, year, edition, pages
2018. , p. 54
Keywords [en]
Nesting, IPSec, nested, tunnel, encryption
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:ltu:diva-71046OAI: oai:DiVA.org:ltu-71046DiVA, id: diva2:1252171
External cooperation
Combitech AB
Educational program
Information Security, master's level (60 credits)
Supervisors
Examiners
2018-10-032018-10-012018-10-03Bibliographically approved