{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T23:46:17Z","timestamp":1775432777443,"version":"3.50.1"},"publisher-location":"Cham","reference-count":43,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032147813","type":"print"},{"value":"9783032147820","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-14782-0_16","type":"book-chapter","created":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T22:52:36Z","timestamp":1775429556000},"page":"287-306","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["WireTrust: A TrustZone-Based Non-bypassable VPN Tunnel"],"prefix":"10.1007","author":[{"given":"Jonas","family":"R\u00f6ckl","sequence":"first","affiliation":[]},{"given":"Julian","family":"Funk","sequence":"additional","affiliation":[]},{"given":"Tilo","family":"M\u00fcller","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,4,1]]},"reference":[{"key":"16_CR1","doi-asserted-by":"publisher","unstructured":"Appelbaum, J., Martindale, C., Wu, P.: Tiny WireGuard Tweak. In: Proceedings of the 11th International Conference on Cryptology in Africa, AFRICACRYPT \u201919. Lecture Notes in Computer Science, vol. 11627, pp. 3\u201320. Springer (2019). https:\/\/doi.org\/10.1007\/978-3-030-23696-0_1","DOI":"10.1007\/978-3-030-23696-0_1"},{"key":"16_CR2","doi-asserted-by":"publisher","unstructured":"Aumasson, J., Neves, S., Wilcox-O\u2019Hearn, Z., Winnerlein, C.: BLAKE2: simpler, smaller, fast as MD5. In: Proceedings of the 11th International Conference on Applied Cryptography and Network Security, ACNS \u201913. Lecture Notes in Computer Science, vol.\u00a07954, pp. 119\u2013135. Springer (2013). https:\/\/doi.org\/10.1007\/978-3-642-38980-1_8","DOI":"10.1007\/978-3-642-38980-1_8"},{"key":"16_CR3","doi-asserted-by":"publisher","unstructured":"Bernstein, D.J.: Curve25519: New Diffie-Hellman Speed Records. In: Proceedings of the 9th International Conference on Theory and Practice of Public-Key Cryptography, PKC \u201906. Lecture Notes in Computer Science, vol.\u00a03958, pp. 207\u2013228. Springer (2006). https:\/\/doi.org\/10.1007\/11745853_14","DOI":"10.1007\/11745853_14"},{"key":"16_CR4","doi-asserted-by":"publisher","unstructured":"Cook, B., Khazem, K., Kroening, D., Tasiran, S., Tautschnig, M., Tuttle, M.R.: Model checking boot code from AWS data centers. Formal Methods Syst. Des. 57(1), 34\u201352 (2021). https:\/\/doi.org\/10.1007\/s10703-020-00344-2","DOI":"10.1007\/s10703-020-00344-2"},{"key":"16_CR5","unstructured":"Dekker, E., Spaans, P.: Performance comparison of VPN implementations WireGuard, strongSwan, and OpenVPN in a 1 Gbit\/s environment. https:\/\/www.os3.nl\/_media\/2019-2020\/courses\/rp2\/p71_report.pdf (2020). Accessed 21 Dec 2024"},{"key":"16_CR6","doi-asserted-by":"publisher","unstructured":"Diekmann, C., Hupel, L., Carle, G.: Semantics-preserving simplification of real-world firewall rule sets. In: Proceedings of the 20th International Symposium on Formal Methods, FM \u201915. Lecture Notes in Computer Science, vol.\u00a09109, pp. 195\u2013212. Springer (2015). https:\/\/doi.org\/10.1007\/978-3-319-19249-9_13","DOI":"10.1007\/978-3-319-19249-9_13"},{"key":"16_CR7","doi-asserted-by":"publisher","unstructured":"Diekmann, C., Hupel, L., Michaelis, J., Haslbeck, M.W., Carle, G.: Verified iptables firewall analysis and Verification. J. Autom. Reason. 61(1\u20134), 191\u2013242 (2018). https:\/\/doi.org\/10.1007\/S10817-017-9445-1","DOI":"10.1007\/S10817-017-9445-1"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Donenfeld, J.A.: Wireguard: Next generation kernel network tunnel. In: Proceedings of the 24th Annual Network and Distributed System Security Symposium, NDSS \u201917. The Internet Society (2017), https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017-programme\/wireguard-next-generation-kernel-network-tunnel\/","DOI":"10.14722\/ndss.2017.23160"},{"key":"16_CR9","doi-asserted-by":"publisher","unstructured":"Dowling, B., Paterson, K.G.: A cryptographic analysis of the wireguard protocol. In: Proceedings of the 16th International Conference on Applied Cryptography and Network Security, ACNS \u201918. Lecture Notes in Computer Science, vol. 10892, pp. 3\u201321. Springer (2018). \u00a0https:\/\/doi.org\/10.1007\/978-3-319-93387-0_1, https:\/\/doi.org\/10.1007\/978-3-319-93387-0_1","DOI":"10.1007\/978-3-319-93387-0_1"},{"key":"16_CR10","doi-asserted-by":"publisher","unstructured":"Dowling, B., R\u00f6sler, P., Schwenk, J.: Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework. In: Proceedings of the 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC \u201920. Lecture Notes in Computer Science, vol. 12110, pp. 341\u2013373. Springer (2020). https:\/\/doi.org\/10.1007\/978-3-030-45374-9_12","DOI":"10.1007\/978-3-030-45374-9_12"},{"key":"16_CR11","unstructured":"Dutkowska-Zuk, A., Hounsel, A., Morrill, A., Xiong, A., Chetty, M., Feamster, N.: How and why people use virtual private networks. In: Proceedings of the 31st USENIX Security Symposium, USENIX Security \u201922, Boston, MA, USA, August 10-12, 2022. pp. 3451\u20133465. USENIX Association (2022). https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/dutkowska-zuk"},{"key":"16_CR12","unstructured":"Forescout Research Labs: How TCP\/IP stacks breed critical vulnerabilities in IoT, OT and IT devices. https:\/\/www.forescout.com\/company\/resources\/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices\/ (2020). Accessed 14 Oct 2022"},{"key":"16_CR13","doi-asserted-by":"publisher","unstructured":"Garc\u00eda-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Perez, S.M., Cabot, J.: Management of stateful firewall misconfiguration. Comput. Secur. 39, 64\u201385 (2013). https:\/\/doi.org\/10.1016\/J.COSE.2013.01.004","DOI":"10.1016\/J.COSE.2013.01.004"},{"key":"16_CR14","unstructured":"Girol, G., Hirschi, L., Sasse, R., Jackson, D., Cremers, C., Basin, D.A.: A spectral analysis of noise: a comprehensive, automated, formal analysis of Diffie-Hellman protocols. In: Proceedings of the 29th USENIX Security Symposium, USENIX SEC \u201920. pp. 1857\u20131874. USENIX Association (2020), https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/girol"},{"key":"16_CR15","doi-asserted-by":"publisher","unstructured":"H\u00fclsing, A., Ning, K., Schwabe, P., Weber, F., Zimmermann, P.R.: Post-quantum WireGuard. In: Proceedings of the 42nd IEEE Symposium on Security and Privacy, S &P \u201921, pp. 304\u2013321. IEEE (2021). \u00a0https:\/\/doi.org\/10.1109\/SP40001.2021.00030","DOI":"10.1109\/SP40001.2021.00030"},{"key":"16_CR16","unstructured":"Donenfeld, J.A., Milner, K.: Formal Verification of the WireGuard Protocol. https:\/\/www.wireguard.com\/papers\/wireguard-formal-verification.pdf (2017). Accessed 28 Nov 2024"},{"key":"16_CR17","unstructured":"Justin Ludwig: WireGuard Performance Tuning. https:\/\/www.procustodibus.com\/blog\/2022\/12\/wireguard-performance-tuning (2022). Accessed 14 Dec 2024"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Khan, M.T., DeBlasio, J., Voelker, G.M., Snoeren, A.C., Kanich, C., Vallina-Rodriguez, N.: An empirical analysis of the commercial VPN ecosystem. In: Proceedings of the 18th Internet Measurement Conference 2018, IMC \u201918, pp. 443\u2013456. ACM (2018). https:\/\/dl.acm.org\/citation.cfm?id=3278570","DOI":"10.1145\/3278532.3278570"},{"key":"16_CR19","doi-asserted-by":"publisher","unstructured":"Khanvilkar, S., Khokhar, A.A.: Virtual private networks: an overview with performance evaluation. IEEE Commun. Mag. 42(10), 146\u2013154 (2004). https:\/\/doi.org\/10.1109\/MCOM.2004.1341273","DOI":"10.1109\/MCOM.2004.1341273"},{"key":"16_CR20","doi-asserted-by":"publisher","unstructured":"Klein, A.: Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More). In: Proceedings of the 42nd IEEE Symposium on Security and Privacy, S &P \u201921, pp. 1179\u20131196. IEEE (2021). \u00a0https:\/\/doi.org\/10.1109\/SP40001.2021.00054","DOI":"10.1109\/SP40001.2021.00054"},{"key":"16_CR21","doi-asserted-by":"publisher","unstructured":"Kobeissi, N., Nicolas, G., Bhargavan, K.: Noise explorer: fully automated modeling and verification for arbitrary noise protocols. In: Proceedings of the 4th IEEE European Symposium on Security and Privacy, EuroS &P \u201919, pp. 356\u2013370. IEEE (2019). \u00a0https:\/\/doi.org\/10.1109\/EUROSP.2019.00034","DOI":"10.1109\/EUROSP.2019.00034"},{"key":"16_CR22","unstructured":"Kol, M., Oberman, S.: Ripple20. https:\/\/www.jsof-tech.com\/wp-content\/uploads\/2020\/06\/JSOF_Ripple20_Technical_Whitepaper_June20.pdf (2020). Accessed 01 Mar 2022"},{"key":"16_CR23","doi-asserted-by":"publisher","unstructured":"Kroening, D., Tautschnig, M.: CBMC - C Bounded Model Checker - (Competition Contribution). In: Proceedings of the 20th International Conference for Tools and Algorithms for the Construction and Analysis of Systems, TACAS \u201914. Lecture Notes in Computer Science, vol.\u00a08413, pp. 389\u2013391. Springer (2014). https:\/\/doi.org\/10.1007\/978-3-642-54862-8_26","DOI":"10.1007\/978-3-642-54862-8_26"},{"key":"16_CR24","unstructured":"Lafourcade, P., Mahmoud, D., Ruhault, S.: A unified symbolic analysis of wireguard. In: Proceedings of the 31st Annual Network and Distributed System Security Symposium, NDSS \u201924. The Internet Society (2024). https:\/\/www.ndss-symposium.org\/ndss-paper\/a-unified-symbolic-analysis-of-wireguard\/"},{"key":"16_CR25","doi-asserted-by":"publisher","unstructured":"Lipp, B., Blanchet, B., Bhargavan, K.: A mechanised cryptographic proof of the wireguard virtual private network protocol. In: Proceedings of the 4th IEEE European Symposium on Security and Privacy, EuroS &P \u201919, pp. 231\u2013246. IEEE (2019). \u00a0https:\/\/doi.org\/10.1109\/EUROSP.2019.00026","DOI":"10.1109\/EUROSP.2019.00026"},{"key":"16_CR26","doi-asserted-by":"crossref","unstructured":"Machiry, A., et al.: BOOMERANG: exploiting the semantic gap in trusted execution environments. In: Proceedings of the Network and Distributed System Security Symposium, NDSS \u201917. The Internet Society (2017). https:\/\/www.ndss-symposium.org\/ndss2017\/ndss-2017-programme\/boomerang-exploiting-semantic-gap-trusted-execution-environments\/","DOI":"10.14722\/ndss.2017.23227"},{"key":"16_CR27","doi-asserted-by":"publisher","unstructured":"Mackey, S., Mihov, I., Nosenko, A., Vega, F., Cheng, Y.: A performance comparison of WireGuard and OpenVPN. In: Proceedings of the 10th ACM Conference on Data and Application Security and Privacy, CODASPY \u201920, pp. 162\u2013164. ACM (2020). \u00a0https:\/\/doi.org\/10.1145\/3374664.3379532","DOI":"10.1145\/3374664.3379532"},{"key":"16_CR28","unstructured":"Barone, M., Miola, D., Parola, F., Risso, F.: Achieving Linear CPU scaling in WireGuard with an efficient multi-tunnel architecture. https:\/\/netdevconf.info\/0x18\/docs\/netdev-0x18-paper23-talk-paper.pdf (2023). Accessed 14 Dec 2024"},{"key":"16_CR29","doi-asserted-by":"publisher","unstructured":"de\u00a0Moura, L.M., Bj\u00f8rner, N.S.: Z3: an efficient SMT solver. In: Proceedings of the 14th International Conference for Tools and Algorithms for the Construction and Analysis of Systems, TACAS \u201908. Lecture Notes in Computer Science, vol.\u00a04963, pp. 337\u2013340. Springer (2008). https:\/\/doi.org\/10.1007\/978-3-540-78800-3_24","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"16_CR30","doi-asserted-by":"crossref","unstructured":"Nir, Y.: ChaCha20 and Poly1305 for IETF Protocols. https:\/\/www.rfc-editor.org\/rfc\/rfc8439 (2018). Accessed 08 Jan 2025","DOI":"10.17487\/RFC8439"},{"key":"16_CR31","unstructured":"OpenVPN Inc.: OpenVPN \u2013 A Secure tunneling daemon. https:\/\/github.com\/OpenVPN\/openvpn (2024). Accessed 27 Dec 2024"},{"key":"16_CR32","doi-asserted-by":"publisher","unstructured":"Pinto, S., Santos, N.: Demystifying ARM TrustZone: a comprehensive survey. ACM Comput. Surv. 51(6), 130:1\u2013130:36 (2019). https:\/\/doi.org\/10.1145\/3291047","DOI":"10.1145\/3291047"},{"key":"16_CR33","unstructured":"Pudelko, M., Emmerich, P., Gallenm\u00fcller, S., Carle, G.: Performance analysis of VPN gateways. In: Proceedings of the 19th IFIP Networking Conference, Networking \u201920, pp. 325\u2013333. IEEE (2020). https:\/\/ieeexplore.ieee.org\/document\/9142755"},{"key":"16_CR34","doi-asserted-by":"publisher","unstructured":"Quach, A., Wang, Z., Qian, Z.: Investigation of the 2016 Linux TCP stack vulnerability at scale. Proc. ACM Meas. Anal. Comput. Syst. 1(1), 4:1\u20134:19 (2017). \u00a0https:\/\/doi.org\/10.1145\/3084441, https:\/\/doi.org\/10.1145\/3084441","DOI":"10.1145\/3084441"},{"key":"16_CR35","doi-asserted-by":"publisher","unstructured":"R\u00f6ckl, J., Bernsdorf, N., M\u00fcller, T.: TeeFilter: high-assurance network filtering engine for high-end IoT and edge devices based on TEEs. In: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, ASIA CCS \u201924. ACM (2024). https:\/\/doi.org\/10.1145\/3634737.3637643","DOI":"10.1145\/3634737.3637643"},{"key":"16_CR36","doi-asserted-by":"publisher","unstructured":"Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted execution environment: what it is, and what it is not. In: Proceedings of the 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom \u201915, pp. 57\u201364. IEEE (2015). \u00a0https:\/\/doi.org\/10.1109\/TRUSTCOM.2015.357","DOI":"10.1109\/TRUSTCOM.2015.357"},{"key":"16_CR37","doi-asserted-by":"publisher","unstructured":"Schwarz, F.: TrustedGateway: TEE-assisted routing and firewall enforcement using ARM TrustZone. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID \u201922, pp. 56\u201371. ACM (2022). https:\/\/doi.org\/10.1145\/3545948.3545961","DOI":"10.1145\/3545948.3545961"},{"key":"16_CR38","unstructured":"secunet Security Networks\u00a0AG: Introduction to strongSwan. https:\/\/docs.strongswan.org\/docs\/latest\/howtos\/introduction.html (2024). Accessed 27 Dec 2024"},{"key":"16_CR39","unstructured":"Trevor Perrin: The Noise Protocol Framework. https:\/\/noiseprotocol.org\/noise.pdf (2018). Accessed 22 Nov 2024"},{"key":"16_CR40","doi-asserted-by":"publisher","unstructured":"Wool, A.: A quantitative study of firewall configuration errors. Computer 37(6), 62\u201367 (2004). https:\/\/doi.org\/10.1109\/MC.2004.2","DOI":"10.1109\/MC.2004.2"},{"key":"16_CR41","doi-asserted-by":"publisher","unstructured":"Wool, A.: Trends in firewall configuration errors: measuring the holes in Swiss cheese. IEEE Internet Comput. 14(4), 58\u201365 (2010). https:\/\/doi.org\/10.1109\/MIC.2010.29","DOI":"10.1109\/MIC.2010.29"},{"key":"16_CR42","doi-asserted-by":"publisher","unstructured":"Wu, Y., Shan, Y., Wang, Z., Zhang, P., He, M., Liu, J.: SeWG: security-enhanced wireguard for android based on TEE. In: Proceedings of the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom \u201920, pp. 1711\u20131717. IEEE (2020). \u00a0https:\/\/doi.org\/10.1109\/TRUSTCOM50675.2020.00235","DOI":"10.1109\/TRUSTCOM50675.2020.00235"},{"key":"16_CR43","unstructured":"Xue, N., Malla, Y., Xia, Z., P\u00f6pper, C., Vanhoef, M.: Bypassing tunnels: leaking VPN client traffic by abusing routing tables. In: Proceedings of the 32nd USENIX Security Symposium, USENIX SEC \u201923, pp. 5719\u20135736. USENIX Association (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/xue"}],"container-title":["Lecture Notes in Computer Science","Secure IT Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-14782-0_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T22:52:38Z","timestamp":1775429558000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-14782-0_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032147813","9783032147820"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-14782-0_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 April 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NordSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nordic Conference on Secure IT Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tartu","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Estonia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 November 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nordsec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nordsec2025.cs.ut.ee\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}