Report from the IAB workshop on Management Techniques in Encrypted Networks (M-TEN)

Workshop Scope and Discussion The workshop was organized across three, all-group discussion slots, one per day. The following topic areas were identified and the program committee organized paper submissions into three main themes for each of the three discussion slots. During each discussion, those papers were presented sequentially with open discussion held at the end of each day.

"Where we are" - Requirements and Passive Observations The first day of the workshop agenda focused on the existing state of the relationship between network management and encrypted traffic from various angles. Presentations ranged from discussing classifiers using machine-learning to recognize traffic, to advanced techniques for evading traffic analysis, to user privacy considerations. After an introduction that covered the goals of the workshop and the starting questions (as described in ), there were four presentations, followed by open discussion.

Traffic classification and network management Many existing network management techiques are passive in nature: they don't rely on an explicit signals from end hosts to negotiate with network middleboxes, but instead rely on inspecting packets to recognize traffic and apply various policies. Traffic classification, as a passive technique, is being challenged by increasing encryption. Traffic classification is commonly performed by networks to infer what applications and services are being used. This information is in turn used for capacity and resource planning, Quality-of-Service (QoS) monitoring, traffic prioritization, network access control, identity management, and malware detection. However, since classification traditionally relies on recognizing unencrypted properties of packets in a flow, increasing encryption of traffic can decrease the effectiveness of classification. The amount of classification that can be performed on traffic also provides a useful insight onto how "leaky" the protocols used by applications are, and points to areas where information is visible to any observer, which may be malicious or not. Traditionally, classification has been based on experts crafting specific rules, but there is also a move toward using maching learning to recognize patterns. "Deep learning" machine learning models generally rely on analyzing a large set of traffic over time, and have trouble reacting quickly to changes in traffic patterns. Models that are based on closed-world data sets also become less useful over time, as traffic changes. describes experiments that showed that a model that performs with high accuracy on an initial data set became severely degraded when running on a newer data set that contained traffic from the same applications. Even in as little time as one week, the traffic classification would become degraded. However, the set of features in packets and flows that were useful for models stayed mostly consistent, even if the models themselves needed to be updated. Models where the feature space is reduced to fewer features showed better resiliency, and could be retrained more quickly. Based on this, recommends more work and research on determining which set of features in IP packets are most useful for focused machine learning analysis. also recommends further research investment in Artificial Intelligent (AI) analysis for network management.

Preventing traffic analysis Just as traffic classification is continually adapting, techniques to prevent traffic analysis and obfuscate application and user traffic are continually evolving. An invited talk from the authors of shared a novel approach with the workshop for how to build a very robust system to prevent unwanted traffic analysis. Usually traffic obfuscation is performed by changing the timing of packets or adding padding data. The practices can be costly and negatively impact performance. DITTO demonstrated the feasibility of applying traffic obfuscation on aggregated traffic in the network with minimal overhead and in line speed. While traffic obfuscation techniques are today not widely deployed, this study underlines, together with the need for continuous effort to keep traffic models updated over time, the challenges of classification of encrypted traffic as well as opportunities to further enhance user privacy.

Users and privacy The Privacy Enhancements and Assessments Research Group is working on a document to discuss guidelines for how to measure traffic on the Internet in a safe and privacy-friendly way (). These guidelines and principles provide another angle onto the discussion of passive classification and analysis of traffic. Consent for collection and measurement of metadata is an important consideration in deploying network measurement techniques. This consent can be explicitly given as informed consent, or can be given by proxy or be only implied. For example, a user of a network might need to consent to certain measurement and traffic treatment when joining a network. Various techniques for data collection can also improve user privacy, such as discarding data after a short period of time, masking out aspects of data that contain user-identifying information, reducing the accuracy of collected data, and aggregating data.

Discussion The intents and goals of users, application developers, and network operators align in some cases, but not others. One of the recurring challenges that came up was not having a clear way to understand or communicate intents and requirements. Both traffic classification and traffic obfuscation attempt to change the visibility of traffic without cooperation of other parties: traffic classification is a network attempting to inspect application traffic without coordination from applications, and traffic obfuscation is an attempt to hide that same traffic as it transits a network. Traffic adaptation and prioritization is one dimension in which the incentives for cooperation seem most clear. Even if an application is trying to prevent leaking metadata, it could benefit from signals from network about sudden capacity changes that can help it adapt its application quality, such as bitrates and codecs. Such signalling may not be appropriate for the most privacy-sensitive applications, like Tor, but could be applicable for many others. There are existing protocols that involve explicit signaling between applications and networks, such as ECN , but that has yet to see wide adoption. Managed networks (such a private corporate networks) was brought up in several comments as a particularly challenging area for being able to meet management requirements while maintaining encryption and privacy. These networks can have legal and regulated requirements for detection of specific fraudulent or malicious traffic. Personal networks that enable managed parental controls have similar complications with encrypted traffic and user privacy. In these scenarios, the parental controls being operated by the network may be as simple as a DNS filter, an can be made ineffective by a device routing traffic to an alternate DNS resolver.

"Where we want to go" - Collaboration Principles The second day of the workshop agenda focused on the emerging techniques for analysing, managing or monitoring encrypted traffic. Presentations ranged from discussing advanced classification and identification, including machine-learning techniques, for the purposes of manging network flows, monitoring or monetising usage. After an introduction that covered the goals of the workshop and the starting questions (as described in ), there were three presentations, followed by open discussion.

First party collaboration for network management It is the intention of encryption to create a barrier between entities inside the communication and everyone else, including network operators when we are talking about end-to-end encryption of traffic. Any attempt, therefore, to overcome that intentional barrier requires an intent to collaborate between the inside and outside entities. Those entities must, at a minimum, agree on the benefits to overcoming the barrier (or solving the problem), that costs are proportional to the beenfits, and to additional limitations, or safeguards, against bad behaviour by collaborators including the inclusion of other non-insiders . The internet is designed interoperably, which means an outside entity wishing to collaborate with the inside might be any number of intermediaries and not, say, a specific person that can be trusted in the human sense. Additionally the use of encryption, especially network or transport encryption, introduces dynamic or opportunitistic or perfunctory discoverability. These realities both point to a need to interrogate the reason why any outside entity might make an engineering case to collaborate with the user of an encrypted network, and whether the tradeoffs and potential risks are worth it to the user. However the answers cannot be specific and the determinations or guidance need to be general as the encryption boundary is inevitably an application used by many people. Tradeoffs must make sense to users who are unlikely to be thinking about network management considerations. Harms need to be preemptively reduced because in general terms few users would choose network management benefits over their own privacy if given the choice. Additionally there appear to be little if any actual evidence that encryption is causing user-meaningful network problems. Since alignment on problem solving is a prerequisite to collaboration on a solution it does not seem that collaboration across the encryption boundary is called for.

Second and third party collaboration for network management Even with the wide-scale deployment of encryption in new protocols and techniques that prevent passive observers of network traffic from knowing the content of exchanged communications, important information such as which parties communicate and sometimes even which services have been requested may still be able to be deduced. The future is to conceal more data and metadata from passive observers and also to minimize information exposure to second parties (were the user is the first party) by, maybe counterintuitively, introducing third-party relay services to intermediate communications. As discussed in , the relay is a mechanism to separate, using additional levels of encryption, two important pieces of information: knowledge of the identity of the person accessing a service is separated from knowledge about the service being accessed. By contrast a VPN uses only one level of encryption and does not separate identity (first party) and service (second party) metadata. Relay mechanisms are termed "oblivious", there is a future for specifications in privacy-preserving measurement (PPM), and protocols like Multiplexed Application Substrate over QUIC Encryption (MASQUE) are discussed in the IETF. In various schemes users are ideally able to share their identity only with the entity they have identified as a trusted one. That data is not shared with the service provider. However this is more complicated for network management, but there may be opportunities for better collaboration between the network and, say, the application or service at the endpoint. A queriable relay mechanism could preserve network management functions that are disrupted by encryption, such as TCP optimisation, quality of service, zero-rating, parental controls, access control, redirection, content enhancement, analytics and fraud prevention. Instead of encrypted communication between only two between the ends and passive observation by all on-path elements, intermediate relays could be trusted parties with limited information for the purposes of collaboration between in-network intermediary services' support.

Visible, optional network management In encrypted communications, out of all of the possible network management functions that might be ameliorated by proxying the ability to control congestion has been researched in depth. These techniques are realized based on TCP performance enhancing proxies (PEP) that either entirely intercept a TCP connection or interfere with the transport information in the TCP header. However, beside the challenge that new encrypted protocol limited any such in-network interference, these techniques can also have negative impact on the evolvability of these protocols. Therefore, instead on manipulating existing information, a new approaches was presented where additional information is send using a so-called side-car protocol independent of the main transport protocol that is used end-to-end . E.g. side car information can contain additional acknowledgements to enable in-network local retransmission faster end-to-end retransmission by reducing the signaling round trip time. Taking user privacy benefits for granted, there is a need to investigate the comparable performance outputs of various encrypted traffic configurations such as use of an additional "side-car" protocol, or explicit encrypted and trusted network communication using MASQUE in relation to existing techniques based TCP performance enhancing proxies (PEP), etc.

Discussion One size fits all? On the issue of trust, different networks or devices are going to have different requirements for the level of trust that they have in devices, users or each other, and vice versa. For example, imagine networks with really different security requirements, like protecting children in a home versus a national security institution. How could one network architecture solve the needs of all use cases? Does our destination have consequences? It seems sometimes that there may be consequences many years down the line of ubiquitous, strong encryption of network traffic because it will cause a reaction by intermediaries to find ways to poke holes in what are supposed to be long-term solutions for user privacy and security. Can we bring the user along? While there has been a focus on the good reasons for why people might collaborate across the encryption barrier, there will always be others who want to disrupt that because they are motivated to exploit the data for their own gain, and sometimes this is called innovation. What high-level policy mitigations hvae done is to expose how powerless end users are to corporate practices of data harvesting. And yet interfaces to help users understand these lower layer traffic flows to protect their financial transactions or privacy haven't been achieved yet. That means that engineers are having to make inferences about what users want. Instead we should be making these relationships and tradeoffs more visible.

"How we get there" - Collaboration Use cases The third day focused on techniques that could actually be used to improve management of encrypted networks. A central theme of all of the presentations about potential proposed paths forward included some element of collaboration between networks and subscribing clients that simultaneously want both privacy and protection. Thus, the central theme in the third day became negotiation and collaboration.

Establishing expected contracts to enable security management When thinking about enterprise networks where client behavior is potentially managed, proposes "Improving network monitoring through contracts", where contracts describe different states of network behavior. Because network operators have a limited amount of time to focus on problems and process alerts, contracts and states let the operator focus on a particular aspect of a current situation or problem. The current estimate for the number of events an SOC operator can handle is about 10 per hour. Operators must work within the limits imposed by their organization, and must pick between options that frequently only frustrate attackers -- entirely preventing attacks is potentially impossible. Finally, operators must prioritize and manage the most events possible. Validating which alerts are true positives is challenging because lots of weird traffic creates many anomalies and not all anomalies are malicious events. Identifying what anomalous traffic is rooted in malicious activity with any level of certainty is extremely challenging. Unfortunately, applying the latest machine learning techniques has only produced mixed results. To make matters worse, the large amounts of Internet-wide scanning has resulted in endless traffic that is technically malicious but only creates an information overload and challenges event prioritization. Any path forward must succeed in freeing up analyst time to concentrate on the more challenging events. The proposed contract solution is to define a collection of acceptable behaviors categorized into a envelope of different states that might include IP addresses, domain names, and indicators of compromise. Deviation from a contract might indicate that a system is acting outside a normal mode of behavior, or even that a normal mode of behavior is suddenly missing. An example contracts might be "this system is expected to update its base OS once a day", and if this doesn't occur then this expectation has not been met and the system should be checked as it failed to call home to look for (potentially security related) updates. Within the IETF, the Manufacturer Usage Description Specification (MUDD) {?RFC8520} specification is one subset of contracts. Note that contracts are likely to only succeed in a constrained, expected environment maintained by operational staff, and may not work in an open internet environment where end users are driving all network connections.

Zero Knowledge Middleboxes The world is not only shifting to increased encrypted traffic, but is also encrypting more and more of the metadata (e.g. DNS queries and responses). This makes network policy enforcement by middleboxes significantly more challenging. The result is the creation of a significant tension between security enforcement and privacy protection. A goal for solving this problem should include not weakening encryption, should enable networks to enforce their policies, and should ideally not require newly deployed server software. Existing solutions fail with at least one of these points. A cryptographic principle of a "zero knowledge proof" (ZKP) may be one path forward to consider. A ZKP allows a third party to verify that a statement is true, without revealing what the statement actually is. Applying this to network traffic has been shown to allow a middlebox to verify that traffic to a web server is actually compliant with a policy without revealing the actual contents. This solution meets the above three criteria. Using ZKP within TLS 1.3 traffic turns out to be plausible. An example engine was built to test ZKP using encrypted DNS. Clients were able to create DNS requests that were not listed within a DNS block list. Middleboxes could verify, without knowing the exact request, that the client's DNS request was not in the prohibited list. Although the result was functional, the computational overhead was still too slow and future work will be needed to decrease the ZKP imposed latencies.

Red Rover - A collaborative approach to content filtering The principle challenge being studied is how to deal with the inherit conflict between filtering and privacy. Network operators need to implement policies and regulations that can originate from many locations (e.g. security, governmental, parental, etc). Conversely, clients need to protect user's privacy and user security. Safe browsing, originally created by Google, is one example of a mechanism that tries to meet both sides of this conflict. It would be beneficial to standardize this and other similar mechanisms. Operating systems could continually protect their users by ensuring that malicious destinations are not being reached. This would require some coordination between cooperating clients and servers offering protection services. These collaborative solutions may be the best compromise between the tension of privacy vs protection based services .