2. Home
  3. ARCHIVE
  4. 2024
  5. VOL 46, NO 4 (2024)
  6. pp. 60-79

METHODS OF VULNERABILITY ANALYSIS AND CYBERSECURITY WHEN CHOOSING VPN PRODUCTS

R. Demura, V. Kharchenko

Èlektron. model. 2024, 46(4):60-79

https://doi.org/10.15407/emodel.46.04.060

ABSTRACT

This paper investigates possible threats and risks to information security arising from the use of VPN products. A combined methodology for assessing the security of VPN products is proposed, which includes the IMECA (Intrusion Modes and Effects Criticality Analysis) method, as well as some so-called static and dynamic methods. This allows you to make an informed choice of a VPN product for secure Internet use, taking into account your personal preferences.

The combined vulnerability analysis methodology involves determining the criticality of threats, taking into account the likelihood of their occurrence and implementation, as well as the severity of the consequences. Based on the results of the analysis, the choice of appropriate countermeasures in the form of VPN product features to minimize risks and increase the security of their users is substantiated. The practical significance of the results for improving cybersecurity is determined. The article is based on a study of the features of VPN products and proposes a new approach that includes IMEСA and experimental methods.

KEYWORDS

cybersecurity, VPN, vulnerabilities, IMECA, risks, combined method of cyebresecurity analysis.

REFERENCES

  1. Arya V. (2023) OpenVPN Vulnerability Exposed: Uncovering VPN Fingerprinting Risks, Insights2Techinfo, pp. 1 URL: https://insights2techinfo.com/openvpn-vulnerability-exposed-uncovering-vpn-fingerprinting-risks/ (date of access: 13.07.2024).
  2. Artem Abakumov and Vyacheslav Kharchenko. (2023). Combining Experimental and Analytical Methods for Penetration Testing of AI-Powered Robotic Systems, P. URL: https://ceur-ws.org/Vol-3403/paper40.pdf (date of access: 08.07.2024).
  3. Ghanem K., Ugwuanyi S., Hansawangkit J., McPherson , Khan R., Irvine J. (2022). Security vs bandwidth: performance analysis between IPsec and OpenVPN in smart grid. 2022 International Symposium on Networks, Computers and Communications (ISNCC): conference paper. IEEE, 2022. P. 1-5. 
    https://doi.org/10.1109/ISNCC55209.2022.9851717
  4. Heorhii Zemlianko, Vyacheslav Kharchenko. (2023). Cybersecurity risk analysis of multifunctional uav fleet systems: a conceptual model and imeca-based technique P. 164-165. URL: http://nti.khai.edu/ojs/index.php/reks/article/view/reks.2023.4.11/2185 (date of access: 08.07.2024).
  5. Gentile A.F., Fazio P., Miceli G.A. (2021). Survey on the Implementation and Management of Secure Virtual Private Networks (VPNs) and Virtual LANs (VLANs) in Static and Mobile Scenarios. Telecom. 2021. No. 4(2). P. 430- 
    https://doi.org/10.3390/telecom2040025
  6. Maher Aljehani, Masahiro Inoue (24 May 2017) Communication and Autonomous Control of Multi-UAV System in Disaster Response Tasks 2017 123-132. 
    https://doi.org/10.1007/978-3-319-59394-4_12
  7. Jayna Locke (May 24, 2023) Can Drones Be Hacked, Tracked, and Used to Carry Passengers? URL: https://www.digi.com/blog/post/can-drones-be-hacked-tracked-and-carry-pas­sengers (date of access: 11.07.2024).
  8. Iqbal M., Riadi I. (2019). Analysis of Security Virtual Private Network (VPN) Using OpenVPN. International Journal of Cyber-Security and Digital Forensics. 2019. No. 1(8). P.58–65. 
    https://doi.org/10.17781/P002557
  9. Crawshaw D. (2020). Everything VPN is New Again: The 24-year-old security model has found a second wind. Queue.2020. No. 5(18). P. 54- 
    https://doi.org/10.1145/3434571.3439745
  10. Common Vulnerabilities and Exposures URL:  https://cve.mitre.org/ (date of access: 09.07.2024).
  11. Budiyanto S., Gunawan D. (2023). Comparative Analysis of VPN Protocols at Layer 2 Focusing on Voice Over Internet Proto-col.IEEE Access.2023. No. 11. P. 60853- 
    https://doi.org/10.1109/ACCESS.2023.3286032
  12. , MihovI., NosenkoA., VegaF., ChengY.A (2020). Performance Comparison of WireGuardand OpenVPN. 10Th ACM Conference on Data and Application Security and Privacy: conference paper. New York, USA, 16-18 March 2020. P. 162-164.  
    https://doi.org/10.1145/3374664.3379532
  13. Antoniuk J., Plechawska-Wójcik M. (2023). Comparative analysis of VPN protocols. Journal of Computer Sciences Institute. 2023. No. 27. P. 138- 
    https://doi.org/10.35784/jcsi.3315
  14. Lipp B., Blanchet B., Bhargavan K. (2019). A Mechanised Cryptographic Proof of the WireGuard Virtual Private Network Protocol.2019 IEEE European Symposium on Security and Privacy (EuroS&P): conference paper, Stockholm, Sweden, 2019. P. 231- 
    https://doi.org/10.1109/EuroSP.2019.00026
  15. Master A., Garman C. (2021). A WireGuard Exploration. CERIAS Technical Reports.2021. Paper 1.
    https://doi.org/10.5703/1288284317610
  16. Goethals T., Kerkhove D., Volckaert B., Turck F.D. (2019). Scalability evaluation of VPN technologies for secure container networking.15th International Conference on Network and Service Management (CNSM): conference paper. IEEE,2019. P. 1-  
    https://doi.org/10.23919/CNSM46954.2019.9012673
  17. Dowling B., Paterson K.G. (2018). A Cryptographic Analysis of the WireGuard Protocol. 16th International Conference “Applied Cryptography and Network Security”: conference paper. Springer, Cham, No. 10892.
    https://doi.org/10.1007/978-3-319-93387-0_1
  18. Swiss company Proton AG. URL:  https://protonvpn.com/ (date of access: 10.07.2024).

Full text: PDF