How to design a trustworthy IPsec VPN device employing nested tunnels?

Abstract: Enterprises use site-to-site \textit{Virtual Private Network} (VPN) technology to securely transmit data over insecure networks, such as the Internet. By utilizing commercial VPN products, organizations partially rely on the vendors to keep their communication out of reach from malicious groups or individuals. These VPN servers consist of thousands of subcomponents, which can be grouped into \textit{hardware, operating system, general software, protocols, and algorithms}. The main idea of this study is to design an IPsec VPN architecture based on \textit{IPsec nesting}. This is achieved by designing two servers that consist of different subcomponents on each layer. Thus, a vulnerability in one component will not necessarily put the entire IPsec communication at risk. The subcomponents picked for deployment are investigated and reviewed based on their trustworthiness, which will be based on later defined criteria. This trust analysis will act as a potential starting point for providing a framework for future trust assessments.