ETSI releases the first Group Report on Encrypted Traffic Integration, protecting end users from malicious attacks
Sophia Antipolis, 1 September 2021
ETSI’s Industry Specification Group on Encrypted Traffic Integration (ISG ETI) has concluded the early part of its work, by identifying problems arising from pervasive encrypted traffic in communications networks.
In the group’s first report, ETSI GR ETI 001, entitled Encrypted Traffic Integration (ETI); Problem Statement, ISG ETI identifies the impact of encrypted traffic on stakeholders and how these stakeholders' objectives interrelate. The rise of the use of encryption places networks and users at risk, whilst offering promises of security.
The use of encryption as the default approach to enhance the security of communications has become increasingly common. While there are often benefits, in many scenarios, the use of encryption exposes users to threats from malicious traffic which, since it is not recognized because it is hidden by encryption, can no longer be filtered out by the network operator to protect the end user. The use of end-to-end encryption can restrict the ability of network management, anti-fraud, cybersecurity, and regulatory monitoring systems to manage data and communications flowing into, through, and out of networks.
Encryption protects traffic flowing through a network from unauthorized inspection. Nevertheless, encryption in itself does not protect the communicating end points from attack and reduces the ability of firewalls, in combination with other network management systems, to remove malicious traffic. Without being over-dramatic, the rise of a pervasive encryption model allows many of the worst elements of societal and human behaviour to go unobserved, because trusted networks are not able to help to protect users.
The role of ETSI ISG ETI is to enable all the positive attributes of pervasive encryption to be enhanced, whilst allowing the networks to operate. This requires a deeper understanding of the problem, as evidenced in the GR ETI 001.
“The next step is to develop a set of requirements for the use of encryption, to offer a balance that allows network operation, while giving the user an assurance of confidentiality. This requirements analysis should be ready by the end of 2021”, adds Scott Cadzow, ETSI ISG ETI Vice-Chair.
Download ETSI GR ETI 001 by clicking on this link:
ETSI provides members with an open and inclusive environment to support the development, ratification and testing of globally applicable standards for ICT systems and services across all sectors of industry and society. We are a not-for-profit body with more than 950 member organizations worldwide, drawn from 64 countries and five continents. Members comprise a diversified pool of large and small private companies, research entities, academia, government, and public organizations. ETSI is officially recognized by the EU as a European Standards Organization (ESO). For more information please visit us at https://www.etsi.org/
Mob: +33 (0)6 87 60 84 40