The Internet Engineering Task Force (IETF) has defined pervasive monitoring, otherwise known as unwarranted surveillance and analysis of Internet traffic and even the subversion of cryptographic keys, as an attack and wants future versions of IETF-sponsored protocols to be designed to mitigate it.
The standards body released RFC 7258 this week, six months after the topic was brought up during the organization’s IETF Plenary Meeting and discourse on IETF mailing lists was sorted and documented.
“The IETF community’s technical assessment is that [pervasive monitoring] is an attack on the privacy of Internet users and organizations,” the IEFT said. “The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make [pervasive monitoring] significantly more expensive or infeasible.”
Covert surveillance carried out by governments and criminal hackers includes the dragnet gathering of metadata, according to the IETF. gr
The IETF also called out the gathering of application content, active and passive wiretaps and traffic analysis that includes the correlation, timing or measuring of packet sizes, and the subversion of crypto standards under the umbrella of pervasive monitoring.
“An attack may change the content of the communication, record the content or external characteristics of the communication, or through correlation with other communication events, reveal information the parties did not intend to be revealed,” the IETF said. “It may also have other effects that similarly subvert the intent of a communicator.”
The IETF makes it clear in its document that it future standards cannot discriminate between attacks regardless of the motivations of the attackers.
“We cannot defend against the most nefarious actors while allowing monitoring by other actors no matter how benevolent some might consider them to be, since the actions required of the attacker are indistinguishable from other attacks.” The IETF said. “The motivation for [pervasive monitoring] is, therefore, not relevant for how PM is mitigated in IETF protocols.”
The IETF also seems to concede that intelligence agencies and criminals won’t be deterred by mitigations put into standards, acknowledging instead that the actions outlined by the group would only raise the cost of attacks and perhaps throw back the covers on covert intrusions.
The group called for an extensive review of the security and privacy properties of its standards and will mitigate pervasive monitoring in a similar fashion as to how it mitigates vulnerabilities in protocols. The group hopes to see mitigations for pervasive monitoring in architectural decisions made early in the process.
“Those developing IETF specifications need to be able to describe how they have considered PM, and, if the attack is relevant to the work to be published, be able to justify related design decisions,” the IETF said. “This does not mean a new ‘pervasive monitoring considerations’ section is needed in IETF documentation. It means that, if asked, there needs to be a good answer to the question ‘Is pervasive monitoring relevant to this work and if so, how has it been considered?’”