ETSI releases Middlebox Security Protocols framework specification

Sophia Antipolis, 17 December 2020

ETSI is pleased to announce a new specification, ETSI TS 103 523-1: Part 1 of the Middlebox Security Protocol (MSP) series, which defines the security properties of a Middlebox Security Protocol.

Middleboxes are vital in modern networks - from new 5G deployments, with ever-faster networks that need performance management, to resisting new cyberattacks with evolved threat defence that copes with encrypted traffic, to VPN provision. Industry needs middlebox technology to keep pace with these and other evolving and diverse use cases. However, middlebox deployments often raise complex and multi-layered questions around the security, privacy and trust of using middleboxes.

MSP Part 1 (ETSI TS 103 523-1) addresses this gap by specifying a new security framework for middlebox protocols, allowing middleboxes to perform vital functions securely whilst keeping up with the rapid pace of technical development.

The MSP series is driven by four important principles that are vital for secure MSP deployments to perform their functions. These are:

  • Data Protection (DP): protecting data from network attackers and malicious actors.
  • Transparency (T): having knowledge of which parties have what access to the data.
  • Access Control (AC): allowing endpoints meaningfully to grant access to parties with this knowledge.
  • Good Citizen (GC): preventing complexity that adds DDoS attack vectors to the network.

ETSI TS 103 523-1 defines provisions in the area of each of these principles, called MSP Template Requirements. Using the MSP Framework gives both a flexible and consistent threat model to use across different MSP profiles to MSP profile developers, MSP profile implementors and MSP specification writers. This methodology permits an array of use cases, as well as thorough security analysis, for the next generation of middlebox protocols: MSP.

Such middlebox use cases are many and varied:

  • to provide security services in NFV and SDN environments
  • system and user security, including cyber defence and protection of user data
  • operational use cases including in Content Delivery Networks
  • compliance by network operators with obligations and service agreements, and discharge of transparency and audit obligations in regulated industries
  • maintaining enterprise network and data centre visibility

ETSI TS 103 523-1 is Part 1 of the Middlebox Security Protocol (MSP) series; this series is a set of protocol specifications that enable secure and functional operation of next generation middleboxes.

About ETSI
ETSI provides members with an open and inclusive environment to support the development, ratification and testing of globally applicable standards for ICT systems and services across all sectors of industry and society.  We are a not-for-profit body with more than 900 member organizations worldwide, drawn from 65 countries and five continents. Members comprise a diversified pool of large and small private companies, research entities, academia, government and public organizations. ETSI is officially recognized by the EU as a European Standards Organization (ESO). For more information, please visit us at https://www.etsi.org/.

Contact
Claire Boyer
Mob: +33 (0)6 87 60 84 40
Email: [email protected]