Industry Specification Group (ISG) Encrypted Traffic Integration (ETI) Activity Report 2021

Chair: Tony Rutkowski, CIS
Vice Chair: Scott Cadzow

Defining requirements and identifying use cases of Encrypted Traffic Integration techniques, to mitigate against threats to networks and users arising from the deployment of encrypted traffic.

A paradigm of ‘encrypted by default’ has been adopted by many network and service providers, without taking due account of any threats to network resilience and security. The network management oversight that is accepted for non-encrypted traffic – together with the ability to secure and protect enterprise networks and data centres – may be lost when an all-encrypted paradigm is adopted.

ETSI’s Industry Specification Group on Encrypted Traffic Integration (ISG ETI) aims to develop insights on the evolutionary path of this paradigm, as well as its impact on network resilience and on security where attackers may take advantage of encryption to spread malicious code or exfiltrate protected customer or sensitive data through networks. A primary goal of the group is to better describe the issues and to establish essential requirements to allow for retention of network controls and protection, thus giving guarantees of security and resilience despite the growth of such a paradigm.

The group seeks to challenge the rationale used for pervasive encryption, namely that only the end point of a communication channel can be trusted. In practical terms, pervasive end-to-end encryption bypasses many of the trusted entities that enable it to happen. This has an often negative impact on aspects of security whilst promoting only one dimension – that of confidentiality. Trusted routing, content optimised channels and support for attestation of identity are all among important dimensions that over-stressing confidentiality misses.

ISG ETI serves as ETSI’s principal support response for two significant EU enactments: (1) the EU Encryption Resolution [Brussels, 24 November 2020, 13084/1/20 Rev. 1, Council Resolution on Encryption - Security through encryption and security despite encryption], and (2) the encryption clauses of the NIS2 Directive [Arts. 5 and 18, Brussels, 16.12.2020, COM(2020) 823 Final, 2020/0359 (COD), Proposal for a Directive of the European Parliament and of the Council on measures for a high common level of security of network and information systems across the Union]. 

As a pre-standardization activity, the work of ISG ETI is intended to frame security concerns arising from widespread adoption of encryption by default, and to build the foundation of a longer-term response to threats to networks and users.

Through the development of Group Specifications (GS) and Group Reports (GR), ISG ETI defines requirements and identify the use cases of Encrypted Traffic Integration techniques to mitigate against threats to networks and users arising from the deployment of encrypted traffic. These detailed specifications of mitigation measures are being developed with a view to their further development in ETSI Technical Committees that are identified as appropriate for their adoption.

The rise of the use of encryption places networks and users at risk whilst offering promises of security. Published in June 2021, ISG ETI’s first Group Report GR ETI 001 presents a problem statement of when traffic is encrypted, as well as an examination of how it impacts various stakeholders and how these stakeholders' objectives interrelate. The study considers both positive aspects and negative impacts (such as end-to-end privacy and confidentiality versus masking of data necessary for signalling optimization, hacking, and unlawful data exfiltration). 

Currently in development, a second Group Report presents a requirements definition and analysis, identifying requirements for enabling integration of trusted encrypted network traffic.

Also in development, a Group Specification on ETI integration strategies and techniques specifies techniques to allow a network manager – as an authorized user – to access encrypted traffic for management or other lawful purposes.

A survey of the ETI ecosystem – including bodies and activities for Encrypted Traffic concepts, techniques and capabilities – will be maintained in a regularly updated Wiki (https://etiwiki.etsi.org).

See the list of current ISG ETI Work Items here.