ETSI Encrypted Traffic Integration Group Moves Exploratory Work on Cryptographic and Key Management Models

By Chad Cox

Embedded Computing Design

August 04, 2022

News

ETSI announced the continuance of research on its Industry Specification Group Encrypted Traffic Integration (ISG ETI) to mid-2024 to explicitly target cryptographic and key management models.

The Industry Specification Group will bolster relations to other ETSI groups, including CYBER, Lawful Interception, Network Function Virtualization and Fifth-generation fixed network (F5G) for ensurance that the "trust contract" and "zero trust model" are viable in deployed networks.

ETSI will integrate the Encrypted Traffic Integration to broaden  ties to the application domain, ensuring that any peculiarities of applications can be judged in the "trust contract" and "zero trust model" contexts. The integration will incorporate collaboration with the eHealth, Intelligent Transport and Smart-city groups within ETSI.

The new term sees the continuation of the management team from the first term, although there’s a role swap: Scott Cadzow of C3L, steps into the role of Chair, and Tony Rutkowski of CIS, steps into the role of Vice-Chair.

ISG ETI work with include guidance on the implementation of the EU Council Resolution on "Encryption: Security through encryption and security despite encryption"

Expected final publication of the report is projected in Q3. The working group will also add “direct support from the ETSI CYBER technical committee on aspects of encryption for the NIS2 directive.”

Considerable progress has been made on the development of mitigation strategies. According to ETSI, “these strategies focus on progressing the networked domain to the adoption of the zero-trust model, in which an end-to-end link is built up from several trusted links.”  

All links and active entities are pushed to pronounce itself in the trust chain from original source to final destination, resulting in a "trust contract" between the user and the complete set of network entities, provided they are within the chain. The links adapt to the security and trust chain by user actions taken.

ISG ETI created the groups problem statement, “the impact of encrypted traffic on stakeholders and how the objectives inter-relate”, published as ETSI GR ETI 001 (2021-06).

In the next couple of years, the group is expected to proceed to a position of identifying specific cryptographic and key management models. This will ensure stakeholders across the communications chain have appropriate, often restricted access. An ongoing review of the ever evolving legislative environment will be included in the working group tasks.

For more information, visit www.etsi.org/.