ETSI identifies problems with ubiquitous encrypted traffic


ETSI’s Industry Specification Group on Encrypted Traffic Integration (ISG ETI) concluded the first part of its work by identifying the problems associated with the ubiquitous encrypted traffic in communication networks.

In the group’s first report, ETSI GR ETI 001, entitled Integration of encrypted traffic (ETI); Statement of the problem, ISG ETI identifies the impact of encrypted traffic on stakeholders and how the objectives of these stakeholders interact. The rise in the use of encryption is putting networks and users at risk, while offering promises of security.

The use of encryption as the default approach to improve communication security has become increasingly common. While there are often benefits, in many scenarios the use of encryption exposes users to threats of malicious traffic which, since it goes unrecognized and obscured by the encryption, can no longer be filtered. by the network operator to protect the end user. . The use of end-to-end encryption can restrict the ability of network management, anti-fraud, cybersecurity, and regulatory oversight systems to handle data and communications in, out and out of networks.

Encryption protects traffic flowing over a network from unauthorized inspections. However, encryption by itself does not protect communication endpoints from attack and reduces the ability of firewalls, in combination with other network management systems, to suppress malicious traffic. Without being too dramatic, the rise of a ubiquitous encryption model allows many of the worst elements of societal and human behavior to go unnoticed, as networks of trust are unable to protect users.

The role of ETSI ISG ETI is to enable all the positive attributes of ubiquitous encryption to be valued, while allowing networks to function. This requires a better understanding of the problem, as evidenced by the GR ETI 001.

Scott Cadzow, Vice President of ETSI ISG ETI
The next step is to develop a set of requirements for the use of encryption, in order to provide a balance that allows the operation of the network, while giving the user an assurance of confidentiality. This needs analysis should be ready by the end of 2021.

Source link


About Author

Comments are closed.