ETSI Encrypted Traffic Integration group extends term to work on cryptographic and key management models
Sophia Antipolis, 2 August 2022
ETSI has recently extended the term of its Industry Specification Group Encrypted Traffic Integration (ISG ETI) for a two-year period through to mid-2024 to work on specific cryptographic and key management models.
As it prepares for the new term, the group has adopted a new work item issuing guidance on the implementation of the EU Council Resolution on "Encryption: Security through encryption and security despite encryption" and will finalize the report for publication in Q3 of 2022. This shall be followed up by direct support from the group for the ETSI CYBER technical committee on aspects of encryption for the NIS2 directive.
In the meantime, the group has made significant progress and has begun work on the development of mitigation strategies. These strategies focus on progressing the networked domain to the adoption of the zero-trust model, in which an end-to-end link is built up from several trusted links. In that case, every link and every active entity is forced to make itself known in the trust chain from source to destination. The result is a form of "trust contract" between the user and the entire set of network entities within the chain. The intent is to ensure that stakeholders who need access to part of the communication, typically the content of headers, can stake their claim access and make their intent clear to the user, as well as across the entire communication chain. Each link then contributes to the security and trust of the chain by explicit proof of the actions taken. This is planned for publication in Q4-2022 and will feed into development of another Report planned for publication in the second half of 2023.
During the initial period, the group developed the problem statement published as ETSI GR ETI 001 (2021-06). This report identified the impact of encrypted traffic on stakeholders and how these stakeholders' objectives inter-relate.
Over the next two years, the group will expand further on this with a view to identifying specific cryptographic and key management models to ensure all stakeholders across the communications chain have appropriate, often restricted access, in turn ensuring that they can meet user expectations. This period will include a review of the changing legislative environment in which networks operate and give guidance on how to integrate effective traffic protection with effective provisions for traffic and content management.
During this coming period, the Industry Specification Group will strengthen ties to other ETSI groups, including CYBER, Lawful Interception, Network Function Virtualization and Fifth-generation fixed network (F5G) to ensure that the "trust contract" and "zero trust model" are feasible in deployed networks. As part of this, the Encrypted Traffic Integration group will also extend its ties to the application domain, ensuring that any particularities of applications can be considered in the "trust contract" and "zero trust model" contexts. This will include close interactions with the eHealth, Intelligent Transport and Smart-city groups within ETSI.
The new term sees the continuation of the management team from the first term, although there’s a role swap: Scott Cadzow of C3L, steps into the role of Chair, and Tony Rutkowski of CIS, steps into the role of Vice-Chair.
ETSI provides members with an open and inclusive environment to support the development, ratification and testing of globally applicable standards for ICT systems and services across all sectors of industry and society. We are a non-profit body, with more than 900 member organizations worldwide, drawn from 64 countries and five continents. The members comprise a diversified pool of large and small private companies, research entities, academia, government, and public organizations. ETSI is officially recognized by the EU as a European Standardization Organization (ESO). For more information, please visit us at https://www.etsi.org/