Encrypted Traffic Integration: A Persistent Challenge
When the operators and government representatives first met at Vienna in 1850 to work out the arrangements for connecting electrical telegraph networks across borders, they wrestled with a problem that has remained a persistent challenge ever since. The problem was the handling of communication traffic in Morse binary code by users pursuing perfect end-to-end encryption. In an attempt by users to keep their traffic messages from being read by anyone except for the intended recipient, they developed mathematical techniques for encrypting them, i.e., rendering them unintelligible and essentially invisible, along the transmission path.
The integration of encrypted traffic into public communication networks resulted in both operational and legal challenges. For example, because operators charged by the word, the use of encryption techniques that resulted in endless strings of characters, necessitated some other form of charging. Operators also did error corrections of the traffic on the basis of known languages and words, so there was no longer a way to check for corrupted messages. From a legal standpoint, there were also challenges on how to treat traffic that was likely to be unlawful, subject to a judicial order, or formal State messages. All these challenges required solutions which were placed into technical standards, operational practices, and provisions of legal instruments. A key part of the solution was trusted knowledge of the identities of the source and recipient of the encrypted communication.
Over the decades following the 1850 conference, an unending array of new telecommunication technologies and uses emerged. The most significant was radiocommunication. Later in the 20th century, Morse binary code was replaced by more complex versions that could be processed by digital computers with the traffic messages routed automatically as packets to create virtual internets. The challenges of encrypted traffic integration became more complex, even though the fundamental problems changed little.
Following an explosion of new radio-based messaging internets globally in the 1920s, the use of encryption increased significantly. No less than the legendary U.S. cryptologist William F. Friedman produced what appears to be the first encrypted traffic integration report for the 1927 Radio treaty conference in Washington.
During the 1980s as digital internets and their complexity grew rapidly, industry and government worked together to provide new solutions for encrypted traffic integration that were adopted by standards bodies, operators, and government authorities. The principal one undertaken over several years and advancing an array of far-reaching new platforms and identity management practices – that was also woven into new international treaty instruments – was known as Secure Data Network System (SDNS). One of the key components of SDNS was layered protection consisting of a Transport Layer Security protocol or TLS, and Network Layer Security Protocol. Technical standards were adopted internationally in 1994.
A number of developments, especially global deregulation of network and application provisioning, resulted in limited use of the SDNS platforms for encrypted traffic integration – even though components such as TLS and encrypted digital identity certificates were extensively pursued in modified forms in public networks and commercial products over the past 30 years. However, a combination of encryption enhancing capabilities enabled by the ubiquitous proliferation of powerful microchip-based computer processors were exploited by user communities for many unacceptable purposes. The harmful activities included not only attacks on the networks and equipment, but also an array of criminal pursuits. The academic efforts to autonomously deploy increasingly “perfect end-end encryption” on a large scale on the today’s communication platforms has dramatically magnified encrypted traffic integration challenges.
Risks of Encryption
These developments led to the creation a year ago of ETSI’s Industry Specification Group on Encrypted Traffic Integration (ETI). ETI was tasked with identifying problems arising from pervasive encrypted traffic in communications networks, assembling the related ecosystem and ontology, and developing a structured set of requirements that helps mitigate the adverse effects.
In the group’s first report, ETSI GR ETI 001, Encrypted Traffic Integration (ETI); Problem Statement, ISG ETI identifies the impact of encrypted traffic on stakeholders and how these stakeholders’ objectives interrelate. The rise of the use of encryption places networks and users at risk, even whilst offering promises of security.
The use of encryption as the default approach to enhance the security of communications has become increasingly common. While there are often benefits, in many scenarios, the use of encryption exposes users to threats from malicious traffic which, since it is not recognized because it is hidden by encryption, can no longer be filtered out by the network operator to protect the end user. The use of end-to-end encryption can restrict the ability of network management, anti-fraud, cybersecurity, and regulatory monitoring systems to manage data and communications flowing into, through, and out of networks.
Encryption protects traffic flowing through a network from unauthorized inspection. Nevertheless, encryption in itself does not protect the communicating end points from attack and reduces the ability of firewalls, in combination with other network management systems, to remove malicious traffic. Without being over-dramatic, the rise of a pervasive encryption model allows many of the worst elements of societal and human behaviour to go unobserved, because trusted networks are not able to help to protect users.
ETSI’s Industry Specification Group on Encrypted Traffic Integration (ETI)
The role of ETSI ISG ETI is to enable all the positive attributes of pervasive encryption to be enhanced, whilst allowing the networks to operate. This requires a deeper understanding of the problem, as evidenced in the GR ETI 001 Report. The body of the report consists of three sections: roles of encryption in networks, model of the ETI problem, and a technical view of the problem that includes a stakeholder model that includes adversarial, non-adversarial, and network management stakeholders. The report also includes several contemporary EU encryption related obligation examples, although there are many others that abound throughout the world.
The ETI Group also works closely with the ETSI TC CYBER experts who have produced an array of technical specifications to mitigate harms of pervasive encryption using the Middlebox Security Protocol (MSP) in its various manifestations. The work includes encryptions in generic, fine-grained TLS control, TLS 1.3 and IP Sec in enterprise networks, and protection of Middleboxes using the Critical Security Controls. External to ETSI, the ETI group has also been collaborating with agencies dealing with challenges in both the EU Resolution on Encryption, as well the U.S. government’s project to address visibility challenges with TLS 1.3.
The next step in the ETI Group’s work is to develop a set of requirements for the use of encryption, to offer a balance that allows network operation, while giving the user an assurance of confidentiality.
A. M. Rutkowski
Chair ETSI ETI ISG (Encrypted Traffic Integration Industry Specification Group).