survey

Security Assessment and Evaluation of VPNs: A Comprehensive Survey

Authors:

Naina Emmanuel,

Muhammad Faisal Amjad,

Tahreem Yaqoob,

Mohammed Atiquzzaman,

Narmeen Shafqat,

Waleed Bin Shahid,

Umer AshfaqAuthors Info & Claims

ACM Computing Surveys, Volume 55, Issue 13s

Article No.: 273, Pages 1 - 47

https://doi.org/10.1145/3579162

Published: 13 July 2023 Publication History

Abstract

The use of Virtual Private Networks (VPNs) has witnessed an outstanding rise as they aim to provide confidentiality and anonymity to communication. Despite this enormous and ubiquitous usage, VPNs come with various security, misconfiguration, and performance related issues thereby hindering the users to take maximum advantage of this revolutionary technology. To address this concern, VPN users must choose the most secure and perfect VPN solution for the smooth functioning of daily life activities. Generally, no clear set of directions is available for assisting a common VPN user thereby accentuating the need to develop an elucidated and coherent checklist that thoroughly helps in evaluating any VPN based on its security, performance, auditing, and management function. This research comprehensively surveys VPN technologies, its features, working principles, and compliance principles that evolved over the last two decades. Based on it, this research presents a new methodology in the form of a feature-enriched template to comprehensively analyze a VPN solution. Each VPN feature is given its score against the potential damage it may cause in case of failure and the probability of occurrence of that failure. In this way, the corporate sector and individual users can quantitatively and qualitatively grade available options while choosing a VPN and use it effectively.

References

[1]

Lars Westberg, Laszlo Hevizi, and Vicknesan Ayadurai. 2015. Using tunneling to enhance remote LAN connectivity. (Oct. 132015). US Patent 9,160,714.

[2]

Kevin Townsend. 1998. Understanding VPNs and PPTP. PC Network Advisor, članak, srpanj (1998).

[3]

Abdelmajid Lakbabi, Ghizlane Orhanou, and Said El Hajji. 2012. VPN IPSec & SSL technology security and management point of view. In Proceedings of the 2012 Next Generation Networks and Services. IEEE, 202–208.

[4]

Lana Ibrahim. 2017. Virtual private network (VPN) management and IPSec tunneling technology. Middle East 1 (2017), 76–86.

[5]

Kwok Ho Cheung. 1999. Design and security issues on virtual private networks with resource reservation in advance. PhD thesis.

[6]

Ayhan ERDOĞAN and Dz Yzb. 2001. Virtual private networks (VPNs): A survey. 39, 5 (2001).

[7]

Hany Ramzy, Mohamed Hussein, Alaa Omar, and Khaled Shehata. 2018. Design and assessment of a novel encryption algorithm for a special purpose virtual private networks. The International Conference on Electrical Engineering 11, 11 (Apr2018), 1–12. DOI:

[8]

Jayanthi Gokulakrishnan and V. Thulasi Bai. 2014. A survey report on VPN security & its technologies. Indian Journal of Computer Science and Engineering 5, 4 (2014), 3–5.

[9]

Daouda Ahmat, Mahamat Barka, and Damien Magoni. 2016. Mobile VPN schemes: Technical analysis and experiments. In Proceedings of the International Conference on e-Infrastructure and e-Services for Developing Countries. Springer, 88–97.

[10]

Madhusanka Liyanage, Pardeep Kumar, Mika Ylianttila, and Andrei Gurtov. 2016. Novel secure VPN architectures for LTE backhaul networks. Security and Communication Networks 9, 10 (2016), 1198–1215.

Digital Library

[11]

Jiang Hua, Fan Jinpo, Zhang Gang, and Hu Ronglei. 2019. Design and implementation of integrated access VPN gateway. In Proceedings of the 2019 the 9th International Conference on Communication and Network Security. 128–132.

Digital Library

[12]

B. H. Priyanka and Ravi Prakash. 2015. A critical survey of privacy infrastructures. arXiv:1512.07207. Retrieved from https://arxiv.org/abs/1512.07207.

[13]

N. Baukari and Ali Aljane. 1996. Security and auditing of VPN. In Proceedings of the 3rd International Workshop on Services in Distributed and Networked Environments. IEEE, 132–138.

[14]

Abdullah Alshalan, Sandeep Pisharody, and Dijiang Huang. 2016. A survey of mobile VPN technologies. IEEE Communications Surveys & Tutorials 18, 2 (2016), 1177–1196.

Digital Library

[15]

N. M. Mosharaf Kabir Chowdhury and Raouf Boutaba. 2010. A survey of network virtualization. Computer Networks 54, 5 (2010), 862–876.

Digital Library

[16]

Sneha Padhiar and Pranav Verma. 2015. A survey on performance evaluation of VPN on various operating system. International Journal of Engineering Development and Research 3, 4 (2015), 516–519.

[17]

Mohammad Taha Khan, Joe DeBlasio, Geoffrey M. Voelker, Alex C. Snoeren, Chris Kanich, and Narseo Vallina-Rodriguez. 2018. An empirical analysis of the commercial VPN ecosystem. In Proceedings of the Internet Measurement Conference 2018. ACM, 443–456.

Digital Library

[18]

Vehbi C. Gungor and Frank C. Lambert. 2006. A survey on communication networks for electric system automation. Computer Networks 50, 7 (2006), 877–897.

Digital Library

[19]

Zhang Zhipeng, Sonali Chandel, Sun Jingyao, Yan Shilin, Yu Yunnan, and Zang Jingji. 2018. VPN: A boon or trap?: A comparative study of MPLS, IPSec, and SSL virtual private networks. In Proceedings of the 2018 2nd International Conference on Computing Methodologies and Communication. IEEE, 510–515.

[20]

Chengchao Liang and F. Richard Yu. 2015. Wireless network virtualization: A survey, some research issues and challenges. IEEE Communications Surveys & Tutorials 17, 1 (2015), 358–380.

Digital Library

[21]

Roy Hills. 2005. Common VPN Security Flaws. NTA Monitor Ltd. white paper.

[22]

Byeong-Ho Kang and Maricel O. Balitanas. 2009. Vulnerabilities of VPN using IPSec and defensive measures. International Journal of Advanced Science and Technology 8, 7 (2009), 9–18.

[23]

Daouda Ahmat and Damien Magoni. 2018. A survey on secure and resilient session schemes: Technical comparison and assessment. ICST Transactions on Ubiquitous Environments 4, 13 (2018), e1.

[24]

Sheila Frankel, Karen Kent, Ryan Lewkowski, Angela D. Orebaugh, Ronald W. Ritchey, and Steven R. Sharma. 2005. Guide to IPsec VPNs. NIST Special Publication 800–77. National Institute of Standards and Technology.

[25]

Sohely Jahan, Md. Saifur Rahman, and Sajeeb Saha. 2017. Application specific tunneling protocol selection for virtual private networks. In Proceedings of the 2017 International Conference on Networking, Systems and Security. IEEE. DOI:

[26]

Thomas Berger. 2006. Analysis of current VPN technologies. In Proceedings of the 1st International Conference on Availability, Reliability and Security. IEEE, 8.

Digital Library

[27]

Zhi Fu, S. Felix Wu, He Huang, Kung Loh, Fengmin Gong, Ilia Baldine, and Chong Xu. 2001. IPSec/VPN security policy: Correctness, conflict detection, and resolution. In Proceedings of the International Workshop on Policies for Distributed Systems and Networks. Springer, 39–56.

[28]

Hua Jiang, Qingrui Wang, Gang Zhang, and Jinpo Fan. 2019. Design and implementtationg of an IPsec VPN gateway base on OpenWRT. Journal of Physics: Conference Series 1176, 4 (Mar2019), 042007. DOI:

[29]

Jan Lastinec and Ladislav Hudec. 2015. A performance analysis of IPSec/AH protocol for automotive environment. In Proceedings of the 16th International Conference on Computer Systems and Technologies. ACM. DOI:

Digital Library

[30]

W. Townsley, A. Valencia, Allan Rubens, G. Pall, Glen Zorn, and Bill Palter. 1999. Layer Two Tunneling Protocol “L2TP”. Technical Report, 1999.

Digital Library

[31]

Kuwar Kuldeep V. V. Singh and Himanshu Gupta. 2016. A new approach for the security of VPN. In Proceedings of the 2nd International Conference on Information and Communication Technology for Competitive Strategies. ACM, 13.

Digital Library

[32]

Georgios Lilis and Maher Kayal. 2018. A secure and distributed message oriented middleware for smart building applications. Automation in Construction 86, 1 (2018), 163–175.

[33]

Sheila Frankel, Paul Hoffman, Angela Orebaugh, and Richard Park. 2008. Guide to SSL VPNs. NIST Special Publication 800-113. National Institute of Standards and Technology.

[34]

Vasile C. Perta, Marco V. Barbera, Gareth Tyson, Hamed Haddadi, and Alessandro Mei. 2015. A glance through the VPN looking glass: IPv6 leakage and DNS hijacking in commercial VPN clients. Proceedings on Privacy Enhancing Technologies 2015, 1 (2015), 77–91.

[35]

Arun Kumar Singh, Shefalika Ghosh Samaddar, and Arun K. Misra. 2012. Enhancing VPN security through security policy management. In Proceedings of the 2012 1st International Conference on Recent Advances in Information Technology. IEEE, 137–142.

[36]

David E. Mcdysan. 2004. Virtual private network (VPN)-aware customer premises equipment (CPE) edge router. (Aug. 172004). US Patent 6,778,498.

[37]

Markus Feilner and VPN Open. 2006. OpenVPN: Building and Integrating Virtual Private Networks: Learn How to Build Secure VPNs Using this Powerful Open Source Application. Packt Publishing.

[38]

Dezhong Cai, Ali Sajassi, and Roberto Kobo. 2011. Redundancy at a virtual provider edge node that faces a tunneling protocol core network for virtual private local area network (LAN) service (VPLS). (Dec. 132011). US Patent 8,077,709.

[39]

Paulo Costa, Ricardo Montenegro, Teresa Pereira, and Pedro Pinto. 2019. The security challenges emerging from the technological developments. Mobile Networks and Applications 24, 6 (2019), 2032–2037.

[40]

Zhonglin Han. 2019. Challenges and analysis of business supporting system deployment based on cloud computing. Journal of Physics: Conference Series 1168, 6 (2019), 062015.

[41]

Thattapon Surasak and Scott C.-H. Huang. 2019. Enhancing VoIP security and efficiency using VPN. In Proceedings of the 2019 International Conference on Computing, Networking and Communications. IEEE. DOI:

[42]

Zheng Wu and Mingzhong Xiao. 2019. Performance evaluation of VPN with different network topologies. In Proceedings of the 2019 IEEE 2nd International Conference on Electronics Technology. IEEE. DOI:

[43]

David Crawshaw. 2020. Everything VPN is new again: The 24-year-old security model has found a second wind. Queue 18, 5 (2020), 54–66.

Digital Library

[44]

Sun Jingyao, Sonali Chandel, Yu Yunnan, Zang Jingji, and Zhang Zhipeng. 2019. Securing a network: How effective using firewalls and VPNs are?. In Future of Information and Communication Conference. K. Arai and R. Bhatia (Eds.), Springer, 1050–1068.

[45]

TunnelBear. How much data do free users get? https://help.tunnelbear.com/hc/en-us/articles/360007004411-How-much-data-do-free-users-get-. accessed: 2021-03-23.

[46]

Aaron Don M. Africa. 2020. Application of computer systems in VPN networks. International Journal of Emerging Trends in Engineering Research 8, 4 (Apr2020), 1199–1207. DOI:

[47]

Igor Kotenko and Igor Saenko. 2015. The genetic approach for design of virtual private networks. In Proceedings of the 2015 IEEE 18th International Conference on Computational Science and Engineering. IEEE, 168–175.

Digital Library

[48]

Dinesh Taneja and S. S. Tyagi. 2019. Factors impacting the performance of data transferred via VPN. International Journal of Innovative Technology and Exploring Engineering 8, 12 (2019), 2961–2966.

[49]

Ahmed Nafeez. 2018. Compression Oracle Attacks on VPN Networks. Blackhat, (2018).

[50]

Zhao Aqun, Yuan Yuan, Ji Yi, and Gu Guanqun. 2000. Research on tunneling techniques in virtual private networks. In Proceedings of the WCC 2000-ICCT 2000. 2000 International Conference on Communication Technology Proceedings. Vol. 1. IEEE, 691–697.

[51]

Andrew R. McGee, S. Rao Vasireddy, Chen Xie, David D. Picklesimer, Uma Chandrashekhar, and Steven H. Richman. 2004. A framework for ensuring network security. Bell Labs Technical Journal 8, 4 (2004), 7–27.

[52]

Weili Huang and Fanzheng Kong. 2010. The research of VPN on WLAN. In Proceedings of the 2010 International Conference on Computational and Information Sciences. IEEE, 250–253.

Digital Library

[53]

Dhari Kh Abedula and Ahmed A. Sabeeh. 2014. Security network with virtual private network and (IPSec) applications. Intl. Conf. on Advances in Computer Science and Electronics Engineering (CSEE’2014).

[54]

Qi Zhang, Juanru Li, Yuanyuan Zhang, Hui Wang, and Dawu Gu. 2018. Oh-Pwn-VPN Security analysis of OpenVPN-based android apps. In Cryptology and Network Security. S. Capkun and S. Chow (Eds.), Springer International Publishing, 373–389. DOI:

[55]

Thanh Bui, Siddharth Rao, Markku Antikainen, and Tuomas Aura. 2019. Client-side vulnerabilities in commercial VPNs. In Secure IT Systems. A. Askarov, R. Hansen, and W. Rafnsson (Eds.), Springer International Publishing, 103–119. DOI:

[56]

Matthias Horst, Martin Grothe, Tibor Jager, and Jörg Schwenk. 2016. Breaking PPTP VPNs via RADIUS encryption. In Cryptology and Network Security. S. Foresti and G. Persiano (Eds.), Springer International Publishing, 159–175. DOI:

[57]

Daniel J. Bernstein, Tanja Lange, and Ruben Niederhagen. 2016. Dual EC: A standardized back door. In The New Codebreakers. P. Ryan, D. Naccache, and J. J. Quisquater (Eds.), Springer, 256–281.

Digital Library

[58]

Stephen Checkoway, Ruben Niederhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Thomas Ristenpart, Daniel J. Bernstein, Jake Maskiewicz, Hovav Shacham, and Matthew Fredrikson. 2014. On the practical exploitability of dual EC in TLS implementations. In Proceedings of the 23rd USENIXSecurity Symposium. 319–335.

[59]

Shaanan N. Cohney, Matthew D. Green, and Nadia Heninger. 2018. Practical state recovery attacks against legacy RNG implementations. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 265–280.

Digital Library

[60]

Sanaz Rahimi and Mehdi Zargham. 2012. Analysis of the security of VPN configurations in industrial control environments. International Journal of Critical Infrastructure Protection 5, 1 (2012), 3–13.

[61]

Education Bureau. 2010. The government of hong kong special administrative region. Education Support for Non-Chinese Speaking Students: Reduction of Examination Fee Level of the General Certificate of Secondary Education (Chinese) Examination.

[62]

Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, and Marcin Szymanek. 2018. The dangers of key reuse: Practical attacks on IPsec IKE. In Proceedings of the 27th USENIX Security Symposium. 567–583.

[63]

Muhammad Ikram, Narseo Vallina-Rodriguez, Suranga Seneviratne, Mohamed Ali Kaafar, and Vern Paxson. 2016. An analysis of the privacy and security risks of android VPN permission-enabled apps. In Proceedings of the 2016 Internet Measurement Conference. ACM, 349–364.

Digital Library

[64]

Jay Bryan R. Lawas, Allan C. Vivero, and Ankit Sharma. 2016. Network performance evaluation of VPN protocols (SSTP and IKEv2). In Proceedings of the 2016 13th International Conference on Wireless and Optical Communications Networks. IEEE, 1–5.

[65]

Awais Tanveer, Amir Ali, Muhammad Arsalan Paracha, and Fawad Riasat Raja. 2015. Performance analysis of AES-finalists along with SHS in IPSEC VPN over 1Gbps link. In Proceedings of the 2015 12th International Bhurban Conference on Applied Sciences and Technology. IEEE. DOI:

[66]

A. A. Ajiya, U. S. Idriss, and M. Jerome2019. Performance evaluation of IPSEC-VPN on debian linux environment. International Journal of Computer Applications 181, 45 (Mar2019), 39–44. DOI:

[67]

Maximilian Pudelko, Paul Emmerich, Sebastian Gallenmüller, and Georg Carle. 2020. Performance analysis of VPN gateways. In Proceedings of the 2020 IFIP Networking Conference.

[68]

Kehe Wu, Jianping He, and Shuangbao Chen. 2011. Test and analysis of sensitive factors of SSL VPN on kylin. In Proceedings of the 2011 International Conference on Electrical and Control Engineering. IEEE. DOI:

[69]

Sami Ullah, Joontae Choi, and Heekuck Oh. 2020. IPsec for high speed network links: Performance analysis and enhancements. Future Generation Computer Systems 107, C (Jun2020), 112–125. DOI:

Digital Library

[70]

Shaneel Narayan, Kris Brooking, and Simon de Vere. 2009. Network performance analysis of VPN protocols: An empirical comparison on different operating systems. In Proceedings of the 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing. Vol. 1, IEEE, 645–648.

Digital Library

[71]

L. Caldas-Calle, J. Jara, M. Huerta, and P. Gallegos. 2017. QoS evaluation of VPN in a Raspberry Pi devices over wireless network. In Proceedings of the 2017 International Caribbean Conference on Devices, Circuits and Systems. IEEE. DOI:

[72]

Shashank Khanvilkar and Ashfaq Khokhar. 2004. Virtual private networks: An overview with performance evaluation. IEEE Communications Magazine 42, 10 (2004), 146–154.

Digital Library

[73]

Alexander V. Uskov. 2012. Information security of IPsec-based mobile VPN: Authentication and encryption algorithms performance. In Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications. IEEE, 1042–1048.

Digital Library

[74]

Thomas Berger. 2006. Analysis of current VPN technologies. In Proceedings of the 1st International Conference on Availability, Reliability and Security. IEEE Computer Society, 108–115. DOI:

Digital Library

[75]

Su Hua Sun. 2011. The advantages and the implementation of SSL VPN. In Proceedings of the 2011 IEEE 2nd International Conference on Software Engineering and Service Science. IEEE, 548–551.

[76]

Tim Lackorzynski, Stefan Kopsell, and Thorsten Strufe. 2019. A comparative study on virtual private networks for future industrial communication systems. In Proceedings of the 2019 15th IEEE International Workshop on Factory Communication Systems. IEEE. DOI:

[77]

Sohely Jahan, Md Saifur Rahman, and Sajeeb Saha. 2017. Application specific tunneling protocol selection for virtual private networks. In Proceedings of the 2017 International Conference on Networking, Systems and Security. IEEE, 39–44.

[78]

Wafaa Bou Diab, Samir Tohme, and Carole Bassil. 2008. VPN analysis and new perspective for securing voice over VPN networks. In Proceedings of the 4th International Conference on Networking and Services. IEEE, 73–78.

Digital Library

[79]

Fenny Anak Daud, Ruhani Ab Rahman, Murizah Kassim, and Azlina Idris. 2018. Performance of encryption techniques using dynamic virtual protocol network technology. In Proceedings of the 2018 IEEE 8th International Conference on System Engineering and Technology. IEEE. DOI:

[80]

Tomasz Malinowski and Jan Chudzikiewicz. 2018. On improving communication system performance in some virtual private networks. In Computer Networks. P. Gaj, M. Sawicki, G. Suchacka, and A. Kwiecien (Eds.), Springer International Publishing, 64–73. DOI:

[81]

DR. P. Rajamohan. 2014. Performance analysis and special issues of VPN technologies in communication: Trusted VPNs, secure VPNs and hybrid VPNs. IPASJ International Journal of Computer Science 2, 7 (2014), 239–242.

[82]

Wendong Wang and Ning Lu. 2018. Security risk analysis and security technology research of government public data center. In Proceedings of the 2018 IEEE International Conference on Energy Internet. IEEE, 185–189.

[83]

Sanaz Rahimi and Mehdi Zargham. 2017. Quantitative evaluation of virtual private networks and its implications for communication security in industrial protocols. International Journal of Computational Intelligence Theory and Practice 3, 1 (2017), 51–61.

[84]

Geoffrey G. Thomas and John Whaley. 2018. Optimizing connections over virtual private networks. (April 102018). US Patent 9,942,199.

[85]

A. Aguado, V. López, J. Martinez-Mateo, M. Peev, D. López, and V. Martín. 2018. VPN service provisioning via virtual router deployment and quantum key distribution. In Proceedings of the 2018 Optical Fiber Communications Conference and Exposition. IEEE, 1–3.

[86]

Jeffrey R. Hoy, Sreekanth R. Iyer, Kaushal K. Kapadia, Ravi K. Muthukrishnan, and Nataraj Nagaratnam. 2019. Dynamically defined virtual private network tunnels in hybrid cloud environments. (Feb. 142019). US Patent App. 16/159,678.

[87]

Gabriel Biedima Peterside, Pavol Zavarsky, and Sergey Butakov. 2015. Automated security configuration checklist for a cisco IPsec VPN router using SCAP 1.2. In Proceedings of the 2015 10th International Conference for Internet Technology and Secured Transactions. IEEE, 355–360.

[88]

Hazem Hamed, Ehab Al-Shaer, and Will Marrero. 2005. Modeling and verification of IPSec and VPN security policies. In Proceedings of the 13th IEEE International Conference on Network Protocols. IEEE, 10.

Digital Library

[89]

Guanqun Wang, Yunxiao Sun, Qinggang He, Guodong Xin, and Bailing Wang. 2018. A content auditing method of IPsec VPN. In Proceedings of the 2018 IEEE 3rd International Conference on Data Science in Cyberspace. IEEE, 634–639.

[90]

Arun Kumar Singh, Shefalika Ghosh Samaddar, and Arun K. Misra. 2012. Enhancing VPN security through security policy management. In Proceedings of the 2012 1st International Conference on Recent Advances in Information Technology. IEEE, 137–142.

[91]

V. N. Sichkar. 2018. IPSec and SSL as solutions for the enterprise network security. Juvenis scientia 1, 1(2018), 13–15.

[92]

Ahmed A. Jaha, Fathi Ben Shatwan, and Majdi Ashibani. 2008. Proper virtual private network (VPN) solution. In Proceedings of the 2008 2nd International Conference on Next Generation Mobile Applications, Services, and Technologies. IEEE, 309–314.

Digital Library

[93]

Huaqing Mao, Li Zhu, and Hang Qin. 2012. A comparative research on SSL VPN and IPSec VPN. In Proceedings of the 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing. IEEE, 1–4.

[94]

Yan Niu, Jun Li, and Lala Li. 2009. Research on authentication security of wireless local area network based on L2TP protocol. In Proceedings of the 2009 IITA International Conference on Services Science, Management and Engineering. IEEE, 491–494.

Digital Library

[95]

Vasile C. Perta, Marco V. Barbera, Gareth Tyson, Hamed Haddadi, and Alessandro Mei. 2015. A glance through the VPN looking glass: IPv6 leakage and DNS hijacking in commercial VPN clients. Proceedings on Privacy Enhancing Technologies 2015, 1 (2015), 77–91.

[96]

Scott Behrens. 2020. Neohapsis/Suddensix. Retrieved May 19, 2020 from https://github.com/Neohapsis/suddensix.

[97]

Infosec Resources. 2019. Decrypting SSL/TLS Traffic with Wireshark. Retrieved May 19, 2020 from https://resources.infosecinstitute.com/decrypting-ssl-tls-traffic-with-wireshark/.

[98]

Gerard Draper-Gil, Arash Habibi Lashkari, Mohammad Saiful Islam Mamun, and Ali A. Ghorbani. 2016. Characterization of encrypted and VPN traffic using time-related. In Proceedings of the 2nd International Conference on Information Systems Security and Privacy. 407–414.

[99]

Vasile C. Perta, Marco V. Barbera, Gareth Tyson, Hamed Haddadi, and Alessandro Mei. 2015. A glance through the VPN looking glass: IPv6 leakage and DNS hijacking in commercial VPN clients. Proceedings on Privacy Enhancing Technologies 2015, 1 (2015), 77–91.

[100]

Nasser Mohammed Al-Fannah. 2017. One leak will sink a ship: WebRTC IP address leaks. In Proceedings of the 2017 International Carnahan Conference on Security Technology. IEEE, 1–5.

[101]

Cas Cremers and Michele Feltz. 2012. Beyond eCK: Perfect forward secrecy under actor compromise and ephemeral-key reveal. In Proceedings of the European Symposium on Research in Computer Security. Springer, 734–751.

[102]

A. Durand, J. Ihren, and P. Savola. 2006. Operational considerations and issues with IPv6 DNS. Technical report, 2006.

[103]

OpenVPN. 2019. The VORACLE Attack Vulnerability. Retrieved May 19, 2020 from https://openvpn.net/security-advisory/the-voracle-attack-vulnerability/.

[104]

Adam Barth, Joel Weinberger, and Dawn Song. 2009. Cross-origin javascript capability leaks: Detection, exploitation, and defense. In Proceedings of the USENIX Security Symposium. 187–198.

[105]

P. Wagenseil. 2019. Google Chrome and Other Browsers Let Any Website Track You - Here’s How to Stop it. Retrieved May 19, 2020 from https://www.tomsguide.com/news/browser-leaks-rsa20.

[106]

Shaneel Narayan, Samad S. Kolahi, Kris Brooking, and Simon de Vere. 2008. Performance evaluation of virtual private network protocols in Windows 2003 environment. In Proceedings of the 2008 International Conference on Advanced Computer Theory and Engineering. IEEE, 69–73.

Digital Library

[107]

Cheryl Vroom and Rossouw Von Solms. 2004. Towards information security behavioural compliance. Computers & Security 23, 3 (2004), 191–198.

Digital Library

[108]

Jinhai Zhang. 2019. Research on key technology of VPN protocol recognition. In Proceedings of the 2018 IEEE International Conference of Safety Produce Informatization. IEEE, 161–164.

[109]

Yin Pan. 2007. Security auditing course development. In Proceedings of the 8th ACM SIGITE Conference on Information Technology Education. ACM, 259–266.

Digital Library

[110]

Roy Hills. 2005. Common VPN Security Flaws. NTA Monitor Ltd. white paper.

[111]

Retains Full Rights. 2003. Global information assurance certification paper. GIAC.

[112]

Adam Langley, Alistair Riddoch, Alyssa Wilk, Antonio Vicente, Charles Krasic, Dan Zhang, Fan Yang, Fedor Kouranov, Ian Swett, Janardhan Iyengar, Jeff Bailey, Jeremy Dorfman, Jim Roskind, Joanna Kulik, Patrik Westin, Raman Tenneti, Robbie Shade, Ryan Hamilton, Victor Vasiliev, Wan-Teh Chang, and Zhongyi Shi. 2017. The QUIC transport protocol: Design and internet-scale deployment. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication. ACM, 183–196.

Digital Library

[113]

Rauchg. Http/2 and spdy indicator. https://chrome.google.com/webstore/detail/http2-and-spdy-indicator/. accessed: 2021-03-23.

[114]

David Vose. 2008. Risk Analysis: A Quantitative Guide. John Wiley & Sons.

Cited By

Ma YLiu TQi JGan YCheng QWang JXiao M(2025)Facilitators and Barriers of Large Language Model Adoption Among Nursing Students: A Qualitative Descriptive StudyJournal of Advanced Nursing10.1111/jan.16655Online publication date: 4-Jan-2025
https://doi.org/10.1111/jan.16655
Ilias ISameon SZulkifli MSalleh M(2025)Optimizing VPN Security in Financial Services: Implementing 256-Bit Encryption and Tunneling Protocols for Secure Data Transmission2025 19th International Conference on Ubiquitous Information Management and Communication (IMCOM)10.1109/IMCOM64595.2025.10857544(1-6)Online publication date: 3-Jan-2025
https://doi.org/10.1109/IMCOM64595.2025.10857544
Chatzoglou EKampourakis VTsiatsikas ZKaropoulos GKambourakis G(2025)Unmasking the hidden credential leaks in password managers and VPN clientsComputers and Security10.1016/j.cose.2024.104298150:COnline publication date: 1-Mar-2025
https://dl.acm.org/doi/10.1016/j.cose.2024.104298
Show More Cited By

Index Terms

Security Assessment and Evaluation of VPNs: A Comprehensive Survey
1. Networks
  1. Network properties
    1. Network reliability
2. Security and privacy
  1. Network security
  2. Security services

Recommendations

SP 800-77. Guide to IPsec VPNs
SP 800-113. Guide to SSL VPNs
Capturing industry experience for an effective information security assessment

An Information System (IS) security programme consists of several essential security controls. In order to verify and maintain the effectiveness of an IS security programme, it is pertinent to identify how security controls are compared to each other in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 55, Issue 13s

December 2023

1367 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3606252

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 July 2023

Online AM: 09 January 2023

Accepted: 16 December 2022

Revised: 17 November 2022

Received: 29 April 2021

Published in CSUR Volume 55, Issue 13s

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey

Funding Sources

Higher Education Commission (HEC), Pakistan through its initiative of the National Cyber Security Auditing and Evaluation Lab (NCSAEL)

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
3,064
Total Downloads

Downloads (Last 12 months)1,158
Downloads (Last 6 weeks)137

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ma YLiu TQi JGan YCheng QWang JXiao M(2025)Facilitators and Barriers of Large Language Model Adoption Among Nursing Students: A Qualitative Descriptive StudyJournal of Advanced Nursing10.1111/jan.16655Online publication date: 4-Jan-2025
https://doi.org/10.1111/jan.16655
Ilias ISameon SZulkifli MSalleh M(2025)Optimizing VPN Security in Financial Services: Implementing 256-Bit Encryption and Tunneling Protocols for Secure Data Transmission2025 19th International Conference on Ubiquitous Information Management and Communication (IMCOM)10.1109/IMCOM64595.2025.10857544(1-6)Online publication date: 3-Jan-2025
https://doi.org/10.1109/IMCOM64595.2025.10857544
Chatzoglou EKampourakis VTsiatsikas ZKaropoulos GKambourakis G(2025)Unmasking the hidden credential leaks in password managers and VPN clientsComputers and Security10.1016/j.cose.2024.104298150:COnline publication date: 1-Mar-2025
https://dl.acm.org/doi/10.1016/j.cose.2024.104298
Lv LZhou P(2025)TrojanProbe: Fingerprinting Trojan tunnel implementations by actively probing crafted HTTP requestsComputers & Security10.1016/j.cose.2024.104147148(104147)Online publication date: Jan-2025
https://doi.org/10.1016/j.cose.2024.104147
Liu MGou GXiong GShi JGuan ZMiao HLi Y(2025)Enhanced detection of obfuscated HTTPS tunnel traffic using heterogeneous information networkComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110975257:COnline publication date: 1-Feb-2025
https://dl.acm.org/doi/10.1016/j.comnet.2024.110975
Li JFeng BZheng H(2025)A survey on VPNComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110964257:COnline publication date: 1-Feb-2025
https://dl.acm.org/doi/10.1016/j.comnet.2024.110964
Zohaib SSajjad SIqbal ZYousaf MHaseeb MMuhammad Z(2024)Zero Trust VPN (ZT-VPN): A Systematic Literature Review and Cybersecurity Framework for Hybrid and Remote WorkInformation10.3390/info1511073415:11(734)Online publication date: 17-Nov-2024
https://doi.org/10.3390/info15110734
Luschi ADaino GGhisalberti GMezzatesta VIadanza E(2024)Empowering Clinical Engineering and Evidence-Based Maintenance with IoT and Indoor NavigationFuture Internet10.3390/fi1608026316:8(263)Online publication date: 25-Jul-2024
https://doi.org/10.3390/fi16080263
Hsu T(2024)Designing a Secure and Scalable Service Agent for IoT Transmission through Blockchain and MQTT FusionApplied Sciences10.3390/app1407297514:7(2975)Online publication date: 1-Apr-2024
https://doi.org/10.3390/app14072975
Tian YJiang Z(2024)Design of Real-Time Media Encrypted Conference System Based on WebRTC2024 13th International Conference of Information and Communication Technology (ICTech)10.1109/ICTech63197.2024.00067(326-331)Online publication date: 12-Apr-2024
https://doi.org/10.1109/ICTech63197.2024.00067
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

Figures

Tables

Media

View full text|Download PDF

View Issue’s Table of Contents