ETSI is pleased to announce a new specification, ETSI TS 103 523-1: Part 1 of the Middlebox Security Protocol (MSP) series, which defines the security properties of a Middlebox Security Protocol.
Middleboxes are vital in modern networks from new 5G deployments, with ever-faster networks that need performance management, to resisting new cyberattacks with evolved threat defence that copes with encrypted traffic, to VPN provision.
The industry needs middlebox technology to keep pace with these and other evolving and diverse use cases. However, middlebox deployments often raise complex and multi-layered questions around the security, privacy and trust of using middleboxes.
New security framework
MSP Part 1 (ETSI TS 103 523-1) addresses this gap by specifying a new security framework for middlebox protocols, allowing middleboxes to perform vital functions securely while keeping up with the rapid pace of technological development.
The MSP series is driven by four important principles that are vital for secure MSP deployments to perform their functions. These are:
- Data Protection (DP): Protecting data from network attackers and malicious actors.
- Transparency (T): Having knowledge of which parties have what access to the data.
- Access Control (AC): Allowing endpoints meaningfully to grant access to parties with this knowledge.
- Good Citizen (GC): Preventing complexity that adds DDoS attack vectors to the network.
Middlebox Security Protocol (MSP) template
ETSI TS 103 523-1 defines provisions in the area of each of these principles, called MSP Template Requirements.
Using the MSP Framework gives both a flexible and consistent threat model to use across different MSP profiles to MSP profile developers, MSP profile implementors and MSP specification writers.
Use cases
This methodology permits an array of use cases, as well as thorough security analysis, for the next generation of middlebox protocols: MSP.
Such middlebox use cases are many and varied:
- To provide security services in NFV and SDN environments
- System and user security, including cyber defence and protection of user data
- Operational use cases including in Content Delivery Networks
- Compliance by network operators with obligations and service agreements, and discharge of transparency and audit obligations in regulated industries
- Maintaining enterprise network and data centre visibility
Secure and functional operation
ETSI TS 103 523-1 is Part 1 of the Middlebox Security Protocol (MSP) series; this series is a set of protocol specifications that enable secure and functional operation of next-generation middleboxes.
