“Technical Committee CYBER” of the European Telecommunications Standards Institute (ETSI)
The BigBrotherAward 2019 in the “Technology” Category goes to the “Technical Committee CYBER” of the European Telecommunications Standards Institute (ETSI), represented by the Chairman Alex Leadbeater, for its effort to mandate the “Enterprise Transport Security” protocol (ETS)1 as part of a new technical standard for encryption on the Internet in order to establish a predetermined breaking point in secure connections.
But let’s start from the beginning:
Encrypted connections, e.g. during online banking or shopping, have become standard practice. We can tell that we are using them by two signs: First, a padlock symbol is shown in the browser’s address bar. Second, the web address starts with “https”. The communication channel between browser and server is now secured by means of “Transport Layer Security”, or TLS for short. The currently used version 1.2 of the TLS protocol is more than ten years old, and since then, attack vectors have been discovered that can be used by criminals or government agencies to break the encryption. A new standard is required.
For more than two years, international committees such as the “Internet Engineering Task Force”, or IETF, have met with expert cryptographers to design an encryption standard than can be considered secure for the years to come. The result of this is version 1.3 of Transport Layer Security, or TLS. Most browsers have already implemented a preliminary version of it. So far, so good, so secure. If it wasn’t for ETSI.
Because while the consultation on TLS 1.3 was still ongoing, representatives of the financial industry and others took the floor and argued that they had strict compliance requirements that made it necessary to log the content even of encrypted communication such as exchanges between financial advisers and customers, e.g. to prove that they act lawfully. They claimed that they need key escrow – a duplicate key in order to be able to read everything, even if it was encrypted for third parties. Actually, they could read the clear text on their own servers, but for an IT department it is easier to tap into the data in one central location.
Naturally, European secret services were delighted with the idea of key escrow. First and foremost the British GCHQ who is represented via members of the National Cyber Security Centre in the “Technical Committee CYBER” of the European Telecommunications Standards Institute (ETSI), our awardee.
The IETF, however, had expressly decided against including key escrow in their standard TLS 1.3. Nevertheless, the ETSI wanted to have its own way and developed a special version of TLS, the so-called Enterprise TLS, or ETS.
ETS comes with key escrow. It is encryption with a predetermined breaking point. When using the stronger TLS 1.3, a browser and a server negotiate new keys regularly. When using ETS however, a fixed key is deposited with the server operator. This might be legitimate for banks as they are usually dealing with their “own” communication content.
The catch with the ETS standard is that government agencies can oblige server operators to configure such a fixed key and to hand it over so that officials can decrypt all communications with a website at a later date. This would include messages sent. Should this duplicate key fall into the hands of criminals, they could intercept passwords and other sensitive information.
There is another special nastiness: Browsers and hence users have no way of telling this “broken” encryption standard from the real thing. The key symbol is displayed in either case, and for the browser it is very difficult to find out if a fixed key has been escrowed.
Despite all the warnings from the IETF and other experts, the members of our awardee, the “Technical Committee CYBER” have created a second standard that is likely to be used in practice. Whoever uses it will put users at a grave risk of being spied on while they are assuming that their communication is secured.
For these reasons we advise all developers and technical decision-makers to avoid ETS like the plague and to use the much more secure TLS 1.3 protocol. Sadly, non-technical users have almost no way to influence this decision. This second, insecure encryption standard called ETS wreaks havoc on online security. All we can say is an ironic “thanks for nothing”.
Congratulations, Technical Committee CYBER of ETSI, on the BigBrotherAward 2019!
1 formerly “Enterprise TLS” (eTLS)
- heise.de: Europäische Standards-Organisation warnt USA vor TLS 1.3 (Web-Archive-Link)
- fm4.orf.at: Umstrittener Internet-„Sicherheitsstandard“ eTLS wird umbenannt (Web-Archive-Link)
- heise.de: IETF an ETSI: Finger weg von TLS (Web-Archive-Link)
- „TC CYBER realizes that such enterprise use cases may differ from IETF’s focus on perfecting a Transport Layer Security protocol for end-to-end traffic invisibility.“ (Web-Archive-Link)
- ETSI TS 103 523-3 V1.1.1 (2018-10) Middlebox Security Protocol; Part 3: Profile for enterprise network and data centre access control (PDF)