Skip to main content
SpringerLink
Log in

Research on Security Threats Using VPN in Zero Trust Environments

  • Conference paper
  • First Online:
Information Security Applications (WISA 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14402))

Included in the following conference series:

  • 238 Accesses

Abstract

The United States issued an executive order requiring all federal agencies to adopt the Zero Trust security framework, and instructed each federal government department to devise a plan for its implementation. This development has generated a great deal of interest in the Zero Trust security framework in many countries. In Korea, the Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) are actively promoting the establishment of guidelines for the implementation of Zero Trust in public institutions. Discussions on policies and models for the introduction of Zero Trust began with the launch of the Zero Trust security forum on October 26, 2022. Accordingly, this paper examines and conducts experiments on security threats that may arise within a Zero Trust environment in the Zero Trust Network Access (ZTNA) system. Despite the adoption of Zero Trust in many network environments, existing firewall or VPN devices are still in use. We discuss potential security threats that Zero Trust environments may encounter due to vulnerabilities in these existing network devices and propose countermeasures to mitigate such threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Rose, S.: NIST Special Publication 800-207, Zero Trust Architecture (2020)

    Google Scholar 

  2. Department of Defense (DoD): Zero Trust Reference Architecture (2022)

    Google Scholar 

  3. Kindervag, J.: Build security into your network’s DNA: the zero trust network architecture, pp. 1–26. Forrester Research Inc. (2010)

    Google Scholar 

  4. Sudakshina, M., Khan, D.A., Jain, S.: Cloud-based zero trust access control policy: an approach to support work-from-home driven by COVID-19 pandemic. New Gener. Comput. 39, 599–622 (2021). https://doi.org/10.1007/s00354-021-00130-6

    Article  Google Scholar 

  5. Kerman, A., Borchert, O., Rose, S., Tan, A.: Implementing a zero trust architecture. Technical report, The MITRE Corporation (2020)

    Google Scholar 

  6. Anil, G.: A zero trust security framework for granular insight on blind spot and comprehensive device protection in the enterprise of Internet of Things (E-IOT). BMS Institute of Technology (2021)

    Google Scholar 

  7. Uttecht, K.D.: Zero Trust (ZT) concepts for federal government architectures. Massachusetts Institute of Technology, Lexington, United States (2020)

    Google Scholar 

  8. CSA Singapore: The Singapore Cybersecurity Strategy 2021 (2021). https://www.csa.gov.sg/Tips-Resource/publications/2021/singapore-cybersecurity-strategy-2021

  9. CISA USA: Zero Trust Maturity Mode, Pre-decisional Draft (2021). https://www.cisa.gov/sites/default/files/publications/CISA%20Zero%20Trust%20Maturity%20Model_Draft.pdf

  10. Ward, R., Beyer, B.: BeyondCorp: a new approach to enterprise security (2014)

    Google Scholar 

  11. Hwang, M.J.: Microsoft zero trust network strategy and implementation plan. Microsoft Cyber Security Solutions Group (2020)

    Google Scholar 

  12. Zimmer, B.: Location independent security approach (LISA). USENIX Security (2018)

    Google Scholar 

  13. Wright, C., Cowan, C., Morris, J., Smalley, S., Kroah-Hartman, G.: Linux security module framework. In: Ottawa Linux Symposium, vol. 8032, pp. 6–16 (2002)

    Google Scholar 

  14. Kim, S.Y., Jeong, K.H., Hwang, Y.N., Nyang, D.H.: Abnormal behavior detection for zero trust security model using deep learning. In: Korea Information Processing Society Collection of Academic Papers, vol. 28, no. 1, pp. 132–135 (2021)

    Google Scholar 

  15. Sun, P., et al.: Hybrid firmware analysis for known mobile and IoT security vulnerabilities. In: 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE (2020)

    Google Scholar 

  16. Rastogi, A., Nygard, K.E.: Software engineering principles and security vulnerabilities. In: CATA, pp. 180–190 (2019)

    Google Scholar 

  17. Corteggiani, N., Camurati, G., Francillon, A.: Inception: system-wide security testing of real-world embedded systems software. In: Proceedings of the USENIX Security Symposium (2018)

    Google Scholar 

  18. Chen, D.D., Egele, M., Woo, M., Brumley, D.: Towards automated dynamic analysis for Linux-based embedded firmware. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2016)

    Google Scholar 

  19. Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: Proceedings of the ACM on Asia Conference on Computer and Communications Security (ASIACCS) (2016)

    Google Scholar 

  20. Davidson, D., Moench, B., Ristenpart, T., Jha, S.: FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: Proceedings of the USENIX Security Symposium (2013)

    Google Scholar 

  21. Abeni, L., Kiraly, C.: Investigating the network performance of a real-time Linux Kernel. In: Proceedings of the 15th Real Time Linux Workshop (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Security Research Institute, Daejeon, 34044, South Korea

    Eunyoung Kim

  2. Department of Computer Science and Engineering, Seoul National University of Science and Technology, Seoul, 01811, South Korea

    Kiwook Sohn

Authors
  1. Eunyoung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kiwook Sohn
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eunyoung Kim .

Editor information

Editors and Affiliations

  1. Pusan National University, Busan, Korea (Republic of)

    Howon Kim

  2. Yeungnam University, Gyeongbuk, Korea (Republic of)

    Jonghee Youn

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kim, E., Sohn, K. (2024). Research on Security Threats Using VPN in Zero Trust Environments. In: Kim, H., Youn, J. (eds) Information Security Applications. WISA 2023. Lecture Notes in Computer Science, vol 14402. Springer, Singapore. https://doi.org/10.1007/978-981-99-8024-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-8024-6_5

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-8023-9

  • Online ISBN: 978-981-99-8024-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation