Toward secure outsourced middlebox services: practices, challenges, and beyond

Cong Wang, Xingliang Yuan, Yong Cui, Kui Ren

Research output: Contribution to journalArticleResearchpeer-review

Abstract

Modern enterprise networks heavily rely on ubiquitous network middleboxes for advanced traffic processing such as deep packet inspection, traffic classification, and load balancing. Recent advances in NFV have pushed forward the paradigm of migrating in-house middleboxes to third-party providers as software-based services for reduced cost yet increased scalability. Despite its potential, this new service model also raises new security and privacy concerns, as traffic is now redirected and processed in an untrusted environment. In this article, we survey recent efforts in the direction of enabling secure outsourced middlebox functions, and identify open challenges for researchers and practitioners to further investigate solutions toward secure middlebox services.

Original languageEnglish
Pages (from-to)166-171
Number of pages6
JournalIEEE Network
Volume32
Issue number1
DOIs
Publication statusPublished - Feb 2018
Externally publishedYes

Keywords

  • Encryption
  • Inspection
  • Middleboxes
  • Pattern matching
  • Protocols

Cite this

Wang, Cong ; Yuan, Xingliang ; Cui, Yong ; Ren, Kui. / Toward secure outsourced middlebox services : practices, challenges, and beyond. In: IEEE Network. 2018 ; Vol. 32, No. 1. pp. 166-171.
@article{9b6cbe2e4c214eae844c28d7f6c614e1,
title = "Toward secure outsourced middlebox services: practices, challenges, and beyond",
abstract = "Modern enterprise networks heavily rely on ubiquitous network middleboxes for advanced traffic processing such as deep packet inspection, traffic classification, and load balancing. Recent advances in NFV have pushed forward the paradigm of migrating in-house middleboxes to third-party providers as software-based services for reduced cost yet increased scalability. Despite its potential, this new service model also raises new security and privacy concerns, as traffic is now redirected and processed in an untrusted environment. In this article, we survey recent efforts in the direction of enabling secure outsourced middlebox functions, and identify open challenges for researchers and practitioners to further investigate solutions toward secure middlebox services.",
keywords = "Encryption, Inspection, Middleboxes, Pattern matching, Protocols",
author = "Cong Wang and Xingliang Yuan and Yong Cui and Kui Ren",
year = "2018",
month = "2",
doi = "10.1109/MNET.2017.1700060",
language = "English",
volume = "32",
pages = "166--171",
journal = "IEEE Network",
issn = "0890-8044",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
number = "1",

}

Toward secure outsourced middlebox services : practices, challenges, and beyond. / Wang, Cong; Yuan, Xingliang; Cui, Yong; Ren, Kui.

In: IEEE Network, Vol. 32, No. 1, 02.2018, p. 166-171.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Toward secure outsourced middlebox services

T2 - practices, challenges, and beyond

AU - Wang, Cong

AU - Yuan, Xingliang

AU - Cui, Yong

AU - Ren, Kui

PY - 2018/2

Y1 - 2018/2

N2 - Modern enterprise networks heavily rely on ubiquitous network middleboxes for advanced traffic processing such as deep packet inspection, traffic classification, and load balancing. Recent advances in NFV have pushed forward the paradigm of migrating in-house middleboxes to third-party providers as software-based services for reduced cost yet increased scalability. Despite its potential, this new service model also raises new security and privacy concerns, as traffic is now redirected and processed in an untrusted environment. In this article, we survey recent efforts in the direction of enabling secure outsourced middlebox functions, and identify open challenges for researchers and practitioners to further investigate solutions toward secure middlebox services.

AB - Modern enterprise networks heavily rely on ubiquitous network middleboxes for advanced traffic processing such as deep packet inspection, traffic classification, and load balancing. Recent advances in NFV have pushed forward the paradigm of migrating in-house middleboxes to third-party providers as software-based services for reduced cost yet increased scalability. Despite its potential, this new service model also raises new security and privacy concerns, as traffic is now redirected and processed in an untrusted environment. In this article, we survey recent efforts in the direction of enabling secure outsourced middlebox functions, and identify open challenges for researchers and practitioners to further investigate solutions toward secure middlebox services.

KW - Encryption

KW - Inspection

KW - Middleboxes

KW - Pattern matching

KW - Protocols

UR - http://www.scopus.com/inward/record.url?scp=85028457236&partnerID=8YFLogxK

U2 - 10.1109/MNET.2017.1700060

DO - 10.1109/MNET.2017.1700060

M3 - Article

VL - 32

SP - 166

EP - 171

JO - IEEE Network

JF - IEEE Network

SN - 0890-8044

IS - 1

ER -