Industry Specification Group (ISG) Encrypted Traffic Integration (ETI) Activity Report 2020

Chair: Tony Rutkowski, CIS

Defining requirements and identifying use cases of Encrypted Traffic Integration techniques, to mitigate against threats to networks and users arising from the deployment of encrypted traffic.

A paradigm of ‘encrypted by default’ has been adopted by many network and service providers, without taking due account of any threats to network resilience and security. The network management oversight that is accepted for non-encrypted traffic may be lost when an all-encrypted paradigm is adopted.

Launched in June 2020, ETSI’s Industry Specification Group on Encrypted Traffic Integration (ISG ETI) aims to develop insights on the evolutionary path of this paradigm, as well as its impact on network resilience and on security where attackers may take advantage of encryption to spread malicious code or exfiltrate protected customer or sensitive data through networks. A primary goal of the group is to better describe the issues and to establish essential requirements to allow for retention of network controls, thus giving guarantees of security and resilience despite the growth of such a paradigm.

As a pre-standardization activity, the work of ISG ETI is intended to frame security concerns arising from widespread adoption of encryption by default, and to build the foundation of a longer-term response to threats to networks and users.

Through the development of Group Specifications (GS) and Group Reports (GR), ISG ETI will define requirements and identify the use cases of Encrypted Traffic Integration techniques to mitigate against threats to networks and users arising from the deployment of encrypted traffic. These detailed specifications of mitigation measures are being developed with a view to their further development in ETSI Technical Committees that are identified as appropriate for their adoption.

Work embarked in 2020 on the group’s initial set of deliverables that include a Group Specification and three Group Reports.

The ISG’s first Group Specification aims to specify techniques that will allow a network manager, as an authorized user, to access encrypted traffic for management or other lawful purposes.

The first of three Group Reports (GR) presents a problem statement of when traffic is encrypted, and an examination of how it impacts various stakeholders. This considers both positive aspects and negative impacts (e.g. end-to-end privacy and confidentiality versus masking of data necessary for signalling optimization).

The second GR presents a requirements definition and analysis. Its aim is to identify requirements for allowing integration of encrypted traffic across an abstracted network architecture. It also addresses key management, network management and user protection issues.

The third GR identifies the knowledge bases for ‘encrypted traffic’, and to develop ontology extensions that allow encrypted traffic to be integrated into existing knowledge bases.

A survey of the ETI ecosystem – including traffic concepts, techniques, and capabilities – is also in preparation. Its purpose is to develop and maintain an initial knowledge base for the ecosystem of bodies and activities for Encrypted Traffic concepts, techniques and capabilities as a wiki.