Feature

Mobile Data Encryption vs. Performance – do you really have to choose?

It seems as though almost every day there is a new security breach related to data traveling over the Internet. ‘Every day’ might be an exaggeration of reality, but if it happens to be your data that is stolen or viewed illegally it wouldn’t matter other than the one time it happened.  End users are looking for more ways to protect the information they send over the Internet and the percentage of data traversing a mobile network is growing every day.  And this usage continues to grow at exponential rates.  Bart Salaets, Service Provider Solution Architect EMEA, at F5 Networks shines some light on the issue.

ChallengesYou might be asking yourself “what’s the average person to do?”, “should I take matters into my own hands or wait for the operator to do something?”

Let’s consider the case study of public reaction to the Facebook purchase of WhatsApp earlier this year for a possible answer to one scenario.  Users didn’t seem overly concerned about the privacy of the information exchanged via WhatsApp, until Facebook entered the picture.  We all know how unnerving those Facebook ads are that seem to appear an instant after you search for anything on the web! Even though Facebook vowed to not change the privacy of WhatsApp after the acquisition closed, the immediate negative public response was amazing:

Relatively unknown startups - Threema and Telegram had immediate subscription increases

Threema doubled their user base on the day of announcement.  Although initial numbers were small, consider the implications with 80% of these new users in Germany – the largest consumer of WhatsApp in the world

Telegram downloads went from 300,000 – 400,000/day to 800,000 – 1,000,000/day.

Although only a small percentage of WhatsApp’s user base was impacted, the trend is making a clear statement that users do understand the challenge of securing their data and are willing to take steps for a solution.  This poses both a challenge and an opportunity to the mobile operators whose networks these services traverse.

If you haven’t heard of Threema and Telegram, what’s important to understand is what they have in common, encryption.  Threema uses end-to-end encryption and public keys that are verified offline between the conversation partners.  Additionally, header information detailing who the information is transferred too is encapsulated in a separate transport encryption layer.  Telegram offers two versions of encryption.  All chats are encrypted via client – server/server-client encryption and secret chats offer the more secure end-to-end encryption mentioned above for Threema.

This one example is provided to show how things can change overnight in the mobile application world.  As an operator, the quality of the customer experience can suffer dramatically at the hand of these changes impacting the ability to differentiate and stay relevant in the industry landscape.

The OTT application scenario shown above is only one small piece of the ever-increasing traffic on mobile networks.  Adding real time entertainment (Netflix, YouTube, etc.), web browsing and social networks, Skype/Facetime type applications, etc. and the end user performance and security challenges increase.

But what happens if everything is suddenly encrypted?  At the simplest level, this does not create a performance challenge for the network, but it does limit the operators’ ability for service differentiation and quality of service offers based on application.  The risk is that OTT partnerships become less valuable to the OTT player if all the operator can be is a one-size-fits-all pipe.  This is the true challenge that needs solving.

If everything is encrypted end-to-end, the mobile operator no longer has the ability to offer context aware performance levels based on the application, or can they?  The good news is there are solutions on the market today trying to solve this problem.  Although traditional deep packet inspection cannot be the answer in a fully encrypted world, this is a partial solution.  Combining DPI with inspection of the SSL negotiation usually reveals the identity of the content provider such as Facebook, Skype, YouTube, etc. and as a result allows development of an offer to the end user based on the appropriate quality of experience for this content.  By being aware of the context of the user’s actions the operator can prioritise the bandwidth and quality expectations accordingly.  Addition of heuristical analysis may further help to identify whether traffic is pure web browsing, video downloads, a voice call, etc. but this analysis is never fully reliable.

The situation continues to become more complicated for mobile operators and customers alike.  But there are tools, and more coming on line every day, that allow the operator to provide service differentiation and optimisation of their network in order to provide the appropriate quality of experience to the end user.