A Generic Proxy Mechanism for Secure Middlebox Traversal
Sechang Son, Matthew Farrellee, Miron Livny
IEEE International Conference on Cluster Computing (Cluster 2005)
Boston, Massachusetts, USA, September 27 - 30, 2005
Abstract
Middleboxes (a.k.a firewalls and NATs) have brought significant connectivity problems along with their benefits, causing many applications to break or become inefficient. Due to bi-directional communication, huge scale in size, and multi-organizational nature, the Grid may be one of the areas damaged most by the connectivity problem. Several ideas to deal with the connectivity problem were investigated and many systems are available. However, many issues still remain unanswered. Most systems are middlebox unfriendly and are considered harmful to network security; the tussle between middleboxes trying to investigate payloads and applications trying to protect their content from observation and modification must be resolved. This paper discusses how a simple relay-based system, called XRAY (middleboX traversal by RelAYing), deals with these issues and provides other benefits such as flexible control of traffic. This paper also discusses how relay-based traversal systems can help applications to communicate over middleboxes and also complement middlebox operations to help network security.