Middleboxes in a computer network system inspect and analyse network traffic
to detect malicious communications, monitor system performance and provide
operational services. However, encrypted traffic hinders the ability of
middleboxes to perform such services. A common practice in addressing this
issue is by employing a “Man-in-the-Middle” (MitM) approach, wherein an
encrypted traffic flow between two endpoints is interrupted, decrypted and
analysed by the middleboxes. The MitM approach is straightforward and is used
by many organisations, but there are both practical and privacy concerns. Due
to the cost of the MitM appliances and the latency incurred in the
encrypt-decrypt processes, enterprises continue to seek solutions that are less
costly. There were discussion on the many efforts required to configure MitM.
Besides, MitM violates end-to-end privacy guarantee, raising privacy concerns
and issues on compliance especially with the rising awareness on user privacy.
Furthermore, some of the MitM implementations were found to be flawed.
Consequently, new practical and privacy-preserving techniques for inspection
over encrypted traffic were proposed. We examine them to compare their
advantages, limitations and challenges. We categorise them into four main
categories by defining a framework that consist of system architectures, use
cases, trust and threat models. These are searchable encryption, access
control, machine learning and trusted hardware. We first discuss the
man-in-the-middle approach as a baseline, then discuss in details each of them,
and provide an in-depth comparisons of their advantages and limitations. By
doing so we describe practical constraints, advantages and pitfalls towards
adopting the techniques. We also give insights on the gaps between research
work and industrial deployment, which leads us to the discussion on the
challenges and research directions.

By admin