Re-Thinking Network Monitoring in End-to-End Encrypted Environments: Visibility, Security, and Privacy Trade-offs

Main Article Content

Mission Franklin
Osaki Miller Thom-Manuel

Abstract

End-to-end encryption (E2EE) has become increasingly prevalent across modern digital communications, significantly enhancing user privacy and data security. However, this widespread adoption poses significant challenges for traditional network monitoring, which has historically relied on payload inspection to identify threats, performance issues, and policy violations. This paper re-examines the role of network monitoring in E2EE-dominated environments, exploring the inherent trade-offs among visibility, security, and privacy. We analyse limitations of conventional approaches and discuss emerging alternatives, such as traffic metadata analysis, machine learning-based classification, and encrypted traffic feature extraction (Liu et al., 2025), that aim to infer meaningful insights without decrypting content (Baldini et al., 2020). Additionally, we address the ethical and legal implications of increased inspection tactics, emphasising the need for privacy-preserving mechanisms that balance organisational security needs with individuals’ rights to confidentiality. By proposing a structured framework for evaluating monitoring strategies under encryption constraints, this work contributes a holistic perspective to the design of next-generation network observability tools that reconcile security demands with privacy principles.

Article Details

How to Cite
Franklin, M., & Thom-Manuel, O. M. (2026). Re-Thinking Network Monitoring in End-to-End Encrypted Environments: Visibility, Security, and Privacy Trade-offs. Faculty of Natural and Applied Sciences Journal of Scientific Innovations , 7(2), 68–75. https://doi.org/10.63561/fnas-jsi.v7i2.1239
Section
Articles

References

Abelson, H., Anderson, R., Bellovin, S. M., Benaloh, J., Blaze, M., Diffie, W., & Weitzner, D. J. (2015). Keys under doormats: Mandating insecurity by requiring government access to all data and communications. Journal of Cybersecurity, 1(1), 69–79. https://doi.org/10.1093/cybsec/tyv009

Aceto, G., Ciuonzo, D., Montieri, A., & Pescapé, A. (2019). Mobile encrypted traffic classification using deep learning: Experimental evaluation, lessons learned, and challenges. IEEE Transactions on Network and Service Management, 16(2), 445–458. https://doi.org/10.1109/TNSM.2019.2899085

Alwhbi, I. A., Zou, C. C., & Alharbi, R. N. (2024). Encrypted network traffic analysis and classification utilizing machine learning. Sensors, 24(11), 3509. https://doi.org/10.3390/s24113509

Baldini, G., Hernandez-Ramos, J. L., Nowak, S., Neisse, R., & Nowak, M. (2020). Mitigation of privacy threats due to encrypted traffic analysis through a policy-based framework and MUD profiles. Symmetry, 12(9), 1576. https://doi.org/10.3390/sym12091576

Cybersecurity Insiders. (2024). 2024 state of network threat detection. https://www.cybersecurity-insiders.com/state-of-network-threat-detection-2024-report/

Dwork, C. (2008). Differential privacy: A survey of results. In M. Bugliesi, B. Preneel, V. Sassone, & I. Wegener (Eds.), Proceedings of the 5th International Conference on Theory and Applications of Models of Computation (pp. 1–19). Springer.

Elshewey, A. M., & Osman, A. M. (2025). Enhancing encrypted HTTPS traffic classification based on stacked deep ensemble models. Scientific Reports, 15, Article 12345. https://doi.org/10.1038/s41598-025-21261-6 (verify article number)

European Union Agency for Cybersecurity (ENISA). (2020). Encryption and lawful access. https://www.enisa.europa.eu

IBM. (2026). What is end-to-end encryption? https://www.ibm.com/think/topics/end-to-end-encryption

Kahn Gillmor, D. (2016). Principles for encryption and government access. Berkman Klein Center for Internet & Society.

Kühlewind, M., Trammell, B., & Fairhurst, G. (2018a). Managing congestion exposure in the Internet. IEEE Communications Magazine, 56(9), 108–114.

Kühlewind, M., Trammell, B., Bühler, T., Fairhurst, G., & Gurbani, V. (2018b). Challenges in network management of encrypted traffic. arXiv. https://arxiv.org/abs/1810.09272

Liu, Z., Wei, Q., Song, Q., & Duan, C. (2025). Fine-grained encrypted traffic classification using dual embedding and graph neural networks. Electronics, 14(4), 778. https://doi.org/10.3390/electronics14040778

Mengmeng, G., Ruitao, F., Likun, L., Xiangzhan, Y., Vinay, S., Xiaofei, X., & Liu, Y. (2025). Enmob: Unveil the behavior with multi-flow analysis of encrypted app traffic. Cybersecurity, 8, Article 26. https://doi.org/10.1186/s42400-024-00301-0

Papadogiannaki, E., & Ioannidis, S. (2021). A survey on encrypted network traffic analysis applications, techniques, and countermeasures. ACM Computing Surveys. https://doi.org/10.1145/3476399

Pei, C., Du, H., & Sun, X. (2025). Classifying encrypted traffic using quad-directional convolution on pulse sequences. Cybersecurity, 8, 79. https://doi.org/10.1186/s42400-025-00386-1

Rezaei, S., & Liu, X. (2019). Deep learning for encrypted traffic classification: An overview. IEEE Communications Magazine, 57(5), 76–81. https://doi.org/10.1109/MCOM.2019.1800819

Sattar, S., Khan, S., Ismail, M., & Alimkulova, J. (2025). Anomaly detection in encrypted network traffic using self-supervised learning. Scientific Reports, 15, Article 26585. https://doi.org/10.1038/s41598-025-08568-0

Sharma, A., & Habibi Lashkari, A. (2025). A survey on encrypted network traffic: Identification/classification techniques, challenges, and future directions. Computer Networks, 257, 110984. https://doi.org/10.1016/j.comnet.2024.110984

Sherry, J., Lan, C., Popa, R. A., & Ratnasamy, S. (2015). BlindBox: Deep packet inspection over encrypted traffic. In Proceedings of the ACM SIGCOMM Conference (pp. 213–226).

Shokri, R., & Shmatikov, V. (2015). Privacy-preserving deep learning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 1310–1321).

Singh, K., Kashyap, A., & Cherukuri, A. K. (2025). Interpretable anomaly detection in encrypted traffic using SHAP with machine learning models. arXiv. https://arxiv.org/abs/2505.16261 (verify availability)

Wong, D. (2021). Real-world cryptography. Manning Publications.

Zang, X., Wang, T., Zhang, X., Gong, J., Gao, P., & Zhang, G. (2024). Encrypted malicious traffic detection based on natural language processing and deep learning. Computer Networks, 250, 110598. https://doi.org/10.1016/j.comnet.2024.110598

Zeleke, S. N., Jember, A. F., & Bochicchio, M. (2025). Integrating explainable AI for effective malware detection in encrypted network traffic. arXiv. https://arxiv.org/abs/2501.05387 (verify availability)