Industry Specification Group (ISG) Encrypted Traffic Integration (ETI) Activity Report 2023

Chair: Scott Cadzow, Cadzow Communications Consulting

Defining requirements and identifying use cases of Encrypted Traffic Integration techniques, to mitigate against threats to networks and users arising from the deployment of encrypted traffic.

A paradigm of ‘encrypted by default’ has been adopted by many network and service providers, without taking due account of any threats to network resilience and security. Any network management oversight that’s accepted for non-encrypted traffic – together with the ability to secure and protect enterprise networks and data centres – may be lost when an all-encrypted paradigm is adopted.

ETSI’s Industry Specification Group on Encrypted Traffic Integration (ISG ETI) aims to develop insights on the evolutionary path of this paradigm, as well as its impact on network resilience and on security where attackers may take advantage of encryption to spread malicious code or exfiltrate sensitive data through networks. A primary goal of the group is to better describe the issues and to establish essential requirements to allow for retention of network controls and protection, thus giving guarantees of security and resilience despite the growth of such a paradigm.

The group seeks to challenge the rationale used for pervasive encryption, namely that only the end point of a communication channel can be trusted. In practical terms, pervasive end-to-end encryption bypasses many of the trusted entities that enable networks to operate, and may as a result irretrievably degrade the trust of the network. This has an often negative impact on aspects of security whilst promoting only one dimension – that of confidentiality. Trusted routing, content optimised channels and support for attestation of identity are all among important dimensions that over-stressing confidentiality misses, and that the end-to-end paradigm fails to account for.

As a pre-standardization activity, the work of ISG ETI is intended to frame security concerns arising from widespread adoption of encryption by default, and to build the foundation of a longer-term response to threats to networks and users.

Through the development of Group Specifications and Group Reports, ISG ETI defines requirements and identify the use cases of Encrypted Traffic Integration techniques to mitigate against threats to networks and users arising from the deployment of encrypted traffic. These detailed specifications of mitigation measures are being developed with a view to their further development in ETSI Technical Committees that are identified as appropriate for their adoption. 

The work of ISG ETI reinforces the use of encryption technologies as part of the overall arsenal of security capabilities in networks, whilst maintaining the societal responsibility aspects of applying such capabilities. Published in March 2023, Group Report ETI 002 ‘Requirements definition and analysis’ aims to make networks more transparent in the way security techniques are deployed. An enabler for more transparent security techniques, it focuses on the widespread adoption of the Zero Trust model, closely tied to explicit declarations of which specific security functions are being provided. The issue addressed in the ETSI report is part of the wider drive in cybersecurity to understand how the network functions, in a transparent and explicable manner. The report adopts some ongoing work on identity management and discovery for IoT, as well as work on the middlebox security protocols of the ETSI cybersecurity committee.

The report will be accompanied by a new Group Specification – currently in development – on integration strategies and techniques that allows a network manager (as an authorized user) to access encrypted traffic for management or other lawful purposes. Publication is anticipated in mid-2024.

Work meanwhile started during the year on a new Guide (to be published as Group Report ETI 009) to the pre- and post- conditions of moving towards Zero Trust as a model in support of ETI. Intended to give a balanced and impartial summary of the pros and cons of Zero Trust, it considers legacy equipment and service integration as well as the ideal ‘clean-slate’ approach. It is intended that this group report will inform work across ETSI.

A survey of the ETI ecosystem – including bodies and activities for Encrypted Traffic concepts, techniques and capabilities – is maintained in a regularly updated Wiki (https://etiwiki.etsi.org).

See the full list of ISG ETI Work Items currently in development here.