跳到主要內容

臺灣博碩士論文加值系統

(44.192.95.161) 您好!臺灣時間:2024/10/12 10:52
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:林亞吟
研究生(外文):Lin, Ya-Yin
論文名稱:針對開發於 WireGuard 的 VPN 的基於秘密共享的安全身份驗證和密鑰協商機制
論文名稱(外文):Secret Sharing Scheme-based Authentication and Key Agreement Mechanism for WireGuard-based VPN
指導教授:黃育綸
指導教授(外文):Huang, Yu-Lun
口試委員:孫弘民許富皓黃育綸
口試委員(外文):Sun, Hung-MinHsu, Fu-HauHuang, Yu-Lun
口試日期:2022-7-28
學位類別:碩士
校院名稱:國立陽明交通大學
系所名稱:資電亥客與安全碩士學位學程
學門:電算機學門
學類:軟體發展學類
論文種類:學術論文
論文出版年:2022
畢業學年度:110
語文別:英文
論文頁數:70
中文關鍵詞:虛擬私人網路秘密共享噪聲協定框架密鑰管理
外文關鍵詞:Virtual Private NetworkSecret SharinNoise Protocol FrameworkWireGuardVPN Key Management
相關次數:
  • 被引用被引用:0
  • 點閱點閱:317
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
虛擬私人網路(Virtual Private Network, VPN) 藉由密碼學運算來加解密訊息,讓網際網路兩端的裝置能夠保護傳輸的資料。其中 WireGuard 為近年熱門的peer-to-peer (P2P) VPN軟體之一,基於Noise protcol framework (NPF)中的IKpsk2握手模式所開發,並使用固定的加密演算法來提升速度及效能。但 WireGuard 需要網路管理員在每個端點進行手動配置,當連線的端點越來越多,會變得複雜且容易出錯,另外協定中並無更新會話密鑰的機制,而是重新握手產生新的會話密鑰,會消耗較多資源。我們在本篇論文提出一套基於秘密共享(Secret sharing)密鑰協商機制,Secret Sharing Scheme-based Authentication and Key Agreement Mechanism for WireGuard-based VPN (S3-AKA),更新密鑰機制的Rekey protocol以及自動分發和管理密鑰的Semi-centralized key system。藉由S3-AKA協助網路管理員配置端點來建立全互聯的VPN網路。端點使用了兩張WirewGuard網路介面卡建立不同的VPN通道,即Key tunnel和Data tunnel,分別向Semi-centralized key system和其他端點連線,並使用秘密共享的方式來分散地儲存重要的VPN密鑰,以確保端點之間的連線安全。針對運算效能的部分,我們設計Rekey protocol採用NPF的Npsk0握手模式更新會話密鑰,僅需要0.5 RTT (Round time trip)便可完成。最後我們針對WirefGuad協定細節稍作修改,以抵禦被動的量子密碼攻擊。我們對S3-AKA 進行不同種的安全分析。首先使用Proverif進行正規化驗證,驗證Authentication protcol和Rekey protocol的機密性和認證性等級,結果顯示在握手完成後所傳輸的訊息皆有到達最高的機密性和認證性等級,本篇論文所提出的機制確實能夠安全地保護訊息和密鑰,減輕管理者的負擔
WireGuard is a popular peer-to-peer (P2P) VPN (Virtual Private Network) software, using the IKpsk2 handshake pattern of Noise Protocol Framework (NPF) to provide secure communication. However, WireGuard still faces some challenges.(1) Manual configuration on each endpoint, may lead to complex and error-prone situations, (2) the counterpart endpoints' public keys may encounter passive quantum attacks if one endpoint is compromised, (3) WireGuard requires periodical authentication may consume more resources since there is no update of session keys.
This research revises the WireGuard protocol and proposes a Secret Sharing Scheme-based Authentication and Key Agreement Mechanism for WireGuard-based VPN (abbreviated S3-AKA). In addition to the WireGuard authentication protocol, S3-AKA contains (a) a rekey protocol for updating session keys and (b) a semi-centralized key system for automatically combining key pieces and distributing the public key of a specified endpoint.
In S3-AKA, an endpoint establishes two tunnels, a key tunnel to the key system and a data tunnel to the counterpart endpoint for authentication and communication, respectively.
Initially, S3-AKA calculates pieces of a public key and store the pieces separately on the storage servers in an isolated and secure network. Upon each key request, the semi-centralized key system combines the pieces and delivers the correct key back. We revised the WireGuard protocol to update session keys using Npsk0 pattern, requiring only 0.5 round trip time (RTT) per update.
We use Proverif to formally verify on the confidentiality and authentication of S3-AKA and show that the highest level of security can be achieved. The S3-AKA can efficiently protect VPN tunnels.
摘要 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii
Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv
List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Virtual Private Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Synopsis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 Noise Protocol Framework and VPN . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1 Noise Protocol Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.2 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 The existing VPN solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.2.1 StrongSwan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.2.2 OpenVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.2.3 WireGurad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.2.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.3 VPN Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.3.1 Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.3.2 Hub-and-Spoke VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.3.3 Full-Mesh VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3 Related Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1 WireGuard Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2 Key Management Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.1 Paillisse’s work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.2 Kurniadi’s work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4 Our System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.2 System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.3 Semi-Centralized Key System . . . . . . . . . . . . . . . . . . . . . . . . . . 27
4.4 Rekey Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4.1 Overview of rekey protocol . . . . . . . . . . . . . . . . . . . . . . . 30
4.4.2 Detail implementation . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.4.3 Rollback mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.5 Phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.5.1 Phase I: Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 40
4.5.2 Phase II: Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
4.5.3 Phase III: Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4.5.4 Phase IV: Authentication . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.5.5 Phase V: Rekey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
5 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.1 Formal Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.2 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
5.3 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
5.3.1 DDOS attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
5.3.2 MITM attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
5.3.3 Replay attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
6 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
7 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
7.1 Security of keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
7.2 Security and performance of key storage . . . . . . . . . . . . . . . . . . . . . 60
8 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Appendix A WireGuard Authentication Protocol . . . . . . . . . . . . . . . . . . . 67
[1] R. Venkateswaran, “Virtual private networks,” IEEE potentials, vol. 20, no. 1, pp. 11–15,
2001.

[2] C. Scott, P. Wolfe, and M. Erwin, Virtual private networks. ” O’Reilly Media, Inc.”,
1999.

[3] J. A. Donenfeld, “Wireguard: next generation kernel network tunnel.” in NDSS, 2017, pp.
1–12.

[4] T. Perrin, “The noise protocol framework,” PowerPoint Presentation, 2018.

[5] S. Mackey, I. Mihov, A. Nosenko, F. Vega, and Y. Cheng, “A performance comparison
of wireguard and openvpn,” in Proceedings of the Tenth ACM Conference on Data and
Application Security and Privacy, 2020, pp. 162–164.

[6] A. Abdulazeez, B. Salim, D. Zeebaree, and D. Doghramachi, “Comparison of vpn proto-
cols at network layer focusing on wire guard protocol,” 2020.

[7] P. N. P. Hai, H. N. Hong, B. B. Quoc, and T. Hoang, “A comparative research on vpn tech-
nologies on operating system for routers,” in 2021 International Conference on Advanced
Technologies for Communications (ATC). IEEE, 2021, pp. 89–93.

[8] E. Dekker and P. Spaans, “Performance comparison of vpn implementations wireguard,
strongswan, and openvpn in a 1 gbit/s environment.”

[9] M. Feilner, OpenVPN: Building and integrating virtual private networks. Packt Publish-
ing Ltd, 2006.

[10] J. G. Ivan Pepelnjak and J. Apcar, MPLS and VPN Architectures. Cisco Systems, 2003,
vol. 4.

[11] J. Appelbaum, C. Martindale, and P. Wu, “Tiny wireguard tweak,” in International Con-
ference on Cryptology in Africa. Springer, 2019, pp. 3–20.
[12] J. Paillisse, A. Barcia, A. Lopez, A. Rodriguez-Natal, F. Maino, and A. Cabellos, “A con-
trol plane for wireguard,” in 2021 International Conference on Computer Communications
and Networks (ICCCN). IEEE, 2021, pp. 1–8.

[13] S. Kurniadi, E. Utami, and F. Wibowo, “Building dynamic mesh vpn network using
mikrotik router,” in Journal of Physics: Conference Series, vol. 1140, no. 1. IOP Pub-
lishing, 2018, p. 012039.

[14] A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp.
612–613, 1979.

[15] B. Blanchet, B. Smyth, V. Cheval, and M. Sylvestre, “Proverif 2.00: automatic crypto-
graphic protocol verifier, user manual and tutorial,” Version from, pp. 05–16, 2018.

[16] N. Kobeissi, G. Nicolas, and K. Bhargavan, “Noise explorer: Fully automated modeling
and verification for arbitrary noise protocols,” in 2019 IEEE European Symposium on Se-
curity and Privacy (EuroS&P). IEEE, 2019, pp. 356–370.

[17] slackhq/nebula, “A scalable overlay networking tool with a focus on performance,
simplicity and security.” [Online]. Available: https://github.com/slackhq/nebula

[18] N. Lemnouar, “Security limitations of shamir's secret sharing,” Journal of Discrete Math-
ematical Sciences and Cryptography, pp. 1–13, 2022.

[19] F. T. Penney., “Original c implementation of shamir’s secret sharing algorithm. original
source code.” [Online]. Available: https://github.com/fletcher/c-sss

[20] J. K. Arbogast, I. B. Sumner, and M. O. Lam, “Parallelizing shamir’s secret sharing algo-
rithm,” Journal of Computing Sciences in Colleges, vol. 33, no. 3, pp. 12–18, 2018.
電子全文 電子全文(網際網路公開日期:20251027)
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top