Single Proxies in Secure Communication Using Service Function Chaining

What is claimed is: 1 . A method comprising: receiving at a first service node among a plurality of service nodes, a message configured to set up a secure communication session between a client and a server, the first service node acting as a proxy in the secure communication session, wherein data packets in the secure communication session are subject to a plurality of service functions; determining a service chain comprising an assignment of at least one of the plurality of service nodes to each of the plurality of service functions; generating a first service header comprising metadata indicating that the service nodes other than the first service node will not act as proxies in the secure communication session; and transmitting the message and the first service header to a second service node in the service chain. 2 . The method of claim 1 , further comprising: receiving the data packets in the secure communication session; generating a second service header comprising cryptographic information related to the secure communication session; and transmitting the data packets in the secure communication session with the second service header to the second service node in the service chain. 3 . The method of claim 2 , further comprising processing the data packets in the secure communication session with at least one service function among the plurality of service functions. 4 . The method of claim 2 , wherein the cryptographic information comprises at least one of an encryption key, a decryption key, a Message Authentication Code (MAC) key, or a cipher suite. 5 . The method of claim 2 , further comprising encrypting the cryptographic information related to the secure communication session in the second service header. 6 . The method of claim 1 , further comprising dividing the secure communication session into a first session between the client and the first service node and a second session between the first service node and the server. 7 . The method of claim 6 , further comprising: receiving the data packets in the secure communication session from the client in the first session; encrypting cryptographic information related to the second session; generating a second service header comprising the encrypted cryptographic information; and transmitting the data packets in the secure communication session with the second service header to the second service node in the service chain. 8 . An apparatus comprising: a network interface unit configured to send and receive communications over a network; and a processor configured to: receive, via the network interface unit, a message configured to set up a secure communication session between a client and a server, the apparatus acting as a proxy in the secure communication session, wherein data packets in the secure communication session are subject to a plurality of service functions; determine a service chain comprising an assignment of at least one service node among a plurality of service nodes to each of the plurality of service functions; generate a first service header comprising metadata indicating that the service nodes other than the apparatus will not act as proxies in the secure communication session; and transmitting, via the network interface unit, the message and the first service header to a next service node in the service chain. 9 . The apparatus of claim 8 , wherein the processor is further configured to: receive the data packets in the secure communication session via the network interface unit; generate a second service header comprising cryptographic information related to the secure communication session; and transmit, via the network interface unit, the data packets in the secure communication session with the second service header to the next service node in the service chain. 10 . The apparatus of claim 9 , wherein the processor is further configured to process the data packets in the secure communication session with at least one service function among the plurality of service functions. 11 . The apparatus of claim 9 , wherein the cryptographic information comprises at least one of an encryption key, a decryption key, a Message Authentication Code (MAC) key, or a cipher suite. 12 . The apparatus of claim 9 , wherein the processor is further configured to encrypt the cryptographic information related to the secure communication session in the second service header. 13 . The apparatus of claim 8 , wherein the processor is further configured to divide the secure communication session into a first session between the client and the apparatus and a second session between the apparatus and the server. 14 . The apparatus of claim 13 , wherein the processor is further configured to: receive, via the network interface unit, the data packets in the secure communication session from the client in the first session; encrypt cryptographic information related to the second session; generate a second service header comprising the encrypted cryptographic information; and transmit, via the network interface unit, the data packets in the secure communication session with the second service header to the next service node in the service chain. 15 . A method comprising: receiving at a service node among a plurality of service nodes, a message configured to set up a secure communication session between a client and a server, wherein data packets in the secure communication session are subject to a plurality of service functions according to a service chain comprising the plurality of service nodes; receiving a first service header comprising metadata indicating that the service node will not act as a proxy in the secure communication session; and transmitting the message and the first service header to a next service node in the service chain. 16 . The method of claim 15 , further comprising: receiving the data packets in the secure communication session; receiving a second service header comprising cryptographic information related to the secure communication session; decrypting the data packets with the cryptographic information; and processing the decrypted data packets with at least one service function among the plurality of service functions. 17 . The method of claim 16 , further comprising transmitting the data packets which have been processed and the second service header to the next service node in the service chain. 18 . The method of claim 16 , further comprising: re-encrypting the decrypted data packets that have been processed with the at least one service function; and transmitting the re-encrypted data packets and the second service header to the next service node in the service chain. 19 . The method of claim 16 , wherein the cryptographic information comprises at least one of an encryption key, a decryption key, a Message Authentication Code (MAC) key, or a cipher suite. 20 . The method of claim 16 , further comprising encrypting the cryptographic information related to the secure communication session in the second service header.