An SFC-enabled approach for processing SSL/TLS encrypted traffic in future enterprise networks

Abstract

In this paper, we propose an architecture based on NFV and SDN which allows to balance traffic analysis techniques using a Classifier. It steers flows to the appropriate Service Function Chaining (to open traffic or not) according to network requirements (such as, effectiveness, flexibility, scalability, performance, and privacy). The SSL/TLS traffic processing is carried-out by the centerpiece of this work, the SFC-enabled MITM. A Proof-of-Concept was conducted (focusing on our SFC-enabled MITM) which showed that functionalities lost due to encryption (Content Optimization, Caching, Network Anti-virus, and Content Filter) were recovered when processing opened traffic within its Service Function Chains. We also evaluated its impact on performance. The results show that cipher suite overhead plays a role but can be mitigated, the Classifier can alleviate the performance overhead of different traffic analysis techniques, network functions have lower impact to performance, and Service Function Chaining length influences page load time.