Sec-ALG: An Open-source Application Layer Gateway for Secure Access to Private Networks

Maria Riaz*, Juha-Matti Tilli, Raimo Kantola

*Tämän työn vastaava kirjoittaja

    Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussaConference article in proceedingsScientificvertaisarvioitu

    2 Sitaatiot (Scopus)
    162 Lataukset (Pure)

    Abstrakti

    Middleboxes such as Network Address Translators (NATs), proxy servers or Application Layer Gateways (ALGs) provide remote access to end-hosts in the private address space. The middleboxes offer proprietary solutions and encrypted traffic poses a challenge when middleboxes employ packet payload inspection techniques for connection establishment. Session key sharing and decryption followed by re-encryption of the traffic, for correctly routing to the private host, increases the connection latency and also poses a higher threat in case of traffic interception by a malicious third-party.In this paper, we present a novel open-source ALG, called Sec-ALG, for providing secure end-to-end communication to the web servers situated in the private address space. Sec-ALG relies on the technique of light Deep Packet Inspection (DPI) for protocol detection and session establishment using a novel parser-lexer generator called YaLe. The proposed approach offers increased security by maintaining end-to-end encryption for an HTTPS connection. Our experimental analysis demonstrates that Sec-ALG reduces the HTTPS connection latency in comparison to the NGINX reverse proxy using a 24-core host machine. Moreover, Sec-ALG handles requests at a three-fold increased rate than NGINX proxy when tested with 100 concurrent connections. The ALG can be used either as a standalone solution or a component of the Realm Gateway, that is a generic interworking solution between public and private networks. The presented work is part of an extensive ongoing research at Aalto University focusing on embedding policy based trust into the network.

    AlkuperäiskieliEnglanti
    OtsikkoProceedings of the 29th International Conference on Computer Communications and Networks, ICCCN 2020
    KustantajaIEEE
    Sivumäärä11
    ISBN (elektroninen)9781728166070
    DOI - pysyväislinkit
    TilaJulkaistu - elok. 2020
    OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
    TapahtumaInternational Conference on Computer Communications and Networks - Honolulu, Yhdysvallat
    Kesto: 3 elok. 20206 elok. 2020
    Konferenssinumero: 29

    Julkaisusarja

    NimiProceedings : International Conference on Computer Communications and Networks
    KustantajaIEEE
    ISSN (painettu)1095-2055

    Conference

    ConferenceInternational Conference on Computer Communications and Networks
    LyhennettäICCCN
    Maa/AlueYhdysvallat
    KaupunkiHonolulu
    Ajanjakso03/08/202006/08/2020

    Sormenjälki

    Sukella tutkimusaiheisiin 'Sec-ALG: An Open-source Application Layer Gateway for Secure Access to Private Networks'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.
    • 5G-FORCE: 5G-FORCE

      Costa Requena, J. (Vastuullinen tutkija)

      01/01/201931/03/2021

      Projekti: Business Finland: Other research funding

    Siteeraa tätä