Encrypted Client Hello (ECH) Protocol

The Encrypted Client Hello (ECH) Protocol: is an advanced security protocol designed to significantly enhance user privacy by encrypting the fundamental communications between clients and servers at the start of a connection. ECH encrypts the entire Client Hello message, including the Server Name Indication (SNI), ensuring that the user's destination is not revealed to network observers. While enhancing user privacy is a desirable goal, many corporate security experts believe that the increased privacy provided by ECH may limit their ability to effectively detect and prevent cyber threats. The widespread adoption of this security protocol could significantly reduce companies' ability to identify and block connections to malicious domains.

Late last year: a team at Corrata observed a rise in ECH domain detections. While these numbers were relatively small, they sparked significant interest, leading to questions about whether this indicates an imminent spread of ECH, and to what extent the ability of common security tools to monitor large portions of internet traffic will be affected in the near future.

To understand how ECH works: more deeply, it's important to note that the lock icon and the presence of HTTPS in the browser's address bar indicate the website's use of the internet encryption standard TLS (Transport Layer Security), which secures communications between the user's device and the web server. The vast majority of internet traffic relies on TLS 1.3, and ECH was designed as an important addition to this standard to improve privacy. ECH uses Hybrid Public Key Encryption (HPKE) to encrypt the inner ClientHello message and relies on DNS over HTTPS (DoH) to fetch the public key required for encryption, providing enhanced protection for initial connection data.

Without the ECH protocol: the domain name the client is trying to visit is revealed before the encrypted connection is fully established. This means that any entity capable of monitoring the user's internet traffic – such as mobile network operators, Internet Service Providers (ISPs), corporate security teams, and malicious actors – can see the connection's destination, even when the user and server take other security measures.

How ECH Works and Its Impact on Security

ECH encrypts: the entire Client Hello message (the first message a client sends in the TLS handshake process) so that only the gateway to the intended server, which holds the corresponding private key, can decrypt this inner message and securely complete the handshake process. Network observers can no longer see the specific domain the user is trying to access. ECH is an evolution of the previous Encrypted SNI (ESNI) protocol, as it encrypts the entire ClientHello message instead of just the SNI, providing more comprehensive privacy protection and increasing the protocol's flexibility in handling DNS caching issues.

The importance of this lies: in the fact that vital cybersecurity tools, such as Secure Web Gateways and Next-Generation Firewalls, rely on this traditional visibility to detect and prevent access to content that may pose a threat, such as phishing sites or malware downloads. In addition to security teams, Internet Service Providers have a commercial interest in understanding how subscribers use the internet, and governments seek to monitor and restrict access to illegal, harmful, or unacceptable content.

Visibility is particularly essential: for banks and other highly regulated sectors, as they are often required to monitor incoming and outgoing internet traffic. In the current situation, these organizations can selectively decrypt traffic without accessing sensitive data such as employees' Personally Identifiable Information or health records. However, if ECH blocks these filtering tools, banks would have to decrypt all internet traffic to remain compliant with regulations, which could reduce user privacy in the process.

ECH Adoption and Security Challenges

Corrata's analysis: of ECH adoption and its impact on enterprise users showed mixed results. Although overall protocol adoption remains very low (over 9% of the top one million domains support ECH, but less than 0.01% of TLS connections used the protocol), malicious actors are already exploiting the anonymity feature ECH provides. Data indicates that 17% of all ECH-enabled websites are risky, and Chrome users who have enabled encrypted DNS are most vulnerable. Notably, Firefox began supporting ECH in version 118, and it was enabled by default in version 119 and later versions (Source: Mozilla Support), and Google Chrome is also currently strengthening its support for the protocol (Source: Cloudflare Blog).

To operate efficiently: the ECH protocol requires traffic to flow through a Content Delivery Network (CDN) that supports the protocol. Currently, Cloudflare is the leading and sole CDN widely supporting ECH, and the company has played a pivotal role in driving the protocol's adoption. It's worth noting that Apple's iOS does not yet support ECH. When using ECH via Cloudflare, a common server name like cloudflare-ech.com appears for all connections, enhancing user privacy by obscuring the true domain name from intermediaries (Source: Cloudflare Blog).

We have found that over: 90% of phishing detections use Cloudflare's infrastructure. In addition to the anonymity level provided by the ECH protocol, these sites benefit from other Cloudflare features. For example, a "captcha" page can direct traffic from desktop devices to a legitimate site while traffic from mobile devices is sent to a fake site. However, it's important to note that ECH is not a tool designed to circumvent censorship or blocking by Internet Service Providers, as DNS queries (even encrypted ones) and server IP addresses remain visible and can be exploited for blocking (Source: Kyodo Tech).

We should expect an increase: in ECH's popularity over time, given the opportunities and incentives for both the server and client sides to drive adoption. On the client side, Safari could support the standard, or Chrome could enable encrypted DNS by default. On the server side, it would require a comprehensive migration to Cloudflare (which is unlikely) or default support from other CDNs. ECH adoption is positive for CDNs, as the complexity of implementation means more websites will choose to use CDN services, and CDNs will become the sole infrastructure player with wide-ranging visibility into internet traffic.

Currently: security teams can feel some relief that community concerns about enterprise internet traffic becoming entirely invisible have not yet materialized. However, it would be irresponsible to expect this situation to continue long-term, given the significant market opportunities ECH adoption presents for the CDN industry. The threat posed by this protocol must be taken seriously. Tracking ECH and understanding the level of secrecy it provides is no longer an option for enterprise security teams. Our data shows that while there is certainly potential for ECH to become an obstacle for defenders, it's time to prepare rather than panic.