Virtual Private Networks (VPNs) are used in a wide range of applications, rangingfrom commercial applications like accessing resources remotely to security and pri- vacy for targeted users like journalists, Non-governmental organizations (NGOs), etc. However, VPNs were not inherently designed with security in mind. The interaction between the kernel processes and the connection tracking framework is uncoordi- nated. This leaves VPNs vulnerable to certain attacks due to their implementation. This work explores the extent to which these attacks are possible on certain imple- mentations of VPN servers which have a separate exit IP and entry IP on the VPN server. Further, this work also formally models the VPN connection tracking behavior between servers and clients. The formal models enables a deeper analysis to identify exactly at what point of the VPN process the vulnerabilities are introduced and if the instances of VPN which have separate entry and exit IPs are still vulnerable to the same attacks. Through simulations done in a virtual lab environment and testing on formal models, it is observed that having a separate exit and entry IP leaves may affect the practicality of certain attacks.

The landscape of internet freedom and surveillance is constantly evolving, with various countries employing technical measures to control online information and monitor citizens. Russia's internet ecosystem presents a unique case study, with the recent establishment of a domestic Trusted Root Certificate Authority (CA) and the ongoing utilization of the "Technical Measures to Combat Threats" (TSPU) devices with government-mandated deployment by internet service providers. This thesis investigates the potential risks associated with these developments, focusing on the vulnerability of Russian Android applications to targeted JavaScript attacks compromising the privacy and security of their users.This analysis of Russian Android applications reveals the existence of the Russian CA certificate embedded into the application packages, enabling the Russian government to intercept and manipulate encrypted TLS traffic. Simulating TSPU behavior with mitmproxy demonstrates the susceptibility of all tested applications to JavaScript injection attacks, allowing targeted government surveillance. This thesis proposes several mitigation strategies and highlights the need for a systemic solution to address the security risks associated with government-controlled CAs in applications, considering Google Play Market restrictions on such certificate inclusion. This thesis contributes to the evolving discussion on internet freedom and cybersecurity in Russia by exposing the unique vulnerabilities faced by users within the Russian digital ecosystem.