At issue is end-to-end encryption, which can hamper network management, anti-fraud operations, cybersecurity and regulatory monitoring.
ETSI’s Industry Specification Group on Encrypted Traffic Integration (ISG ETI) is looking into the problem, and has made public an ‘Encrypted traffic integration problem statement’, which shows the impact of encrypted traffic on stakeholders and how these stakeholders’ objectives interrelate.
“The use of encryption as the default approach to enhance the security of communications has become increasingly common,” according to ETSI. “While there are often benefits, in many scenarios, the use of encryption exposes users to threats from malicious traffic which, since it is not recognised because it is hidden by encryption, can no longer be filtered out by the network operator to protect the end user.”
While encryption protects traffic in a network from unauthorised inspection, encryption in itself does not protect the communicating end points from attack and reduces the ability of firewalls, with other network management systems, to remove malicious traffic.
“Without being over-dramatic, the rise of a pervasive encryption model allows many of the worst elements of societal and human behaviour to go unobserved, because trusted networks are not able to help to protect users,” said ETSI. “The role of ETSI ISG ETI is to enable all the positive attributes of pervasive encryption to be enhanced, whilst allowing the networks to operate. This requires a deeper understanding of the problem.”
The organisations next step is to develop a set of requirements for the use of encryption, to offer a balance that allows network operation, while giving the user an assurance of confidentiality, it said. This shoul dbe complete by the end of the year.
Download ETSI’s encryption problem statement here