END TO END ENCRYPTION
The end to end is a technique of secure and safe communication that prevents any third party users like the internet service providers or telecom providers to access the data when transmitted from the sender to the receiver. This system prevents prying eyes from accessing the cryptographic keys used to decrypt the message or data. E2EE incorporates transport-level security (a cryptographic protocol used for secured communication) which maintains the confidentiality and integrity of the data sent. Originally, when E2EE was introduced in 2003, it acted as a layer of security for GSM (Global System For Mobile Communication) and TETRA. Now after 2014 onwards, the meaning of E2EE changed. The messages are encrypted for the provider of the communication service along with encryption during transit. The encryption process can be carried out with the help of the asymmetric key cryptographic algorithm called the Diffie Hellman Key Algorithm(allows communication between two parties over an insecure channel). E2EE is much stronger as compared to standard encryptions. For example, when we communicate through platforms(like Gmail or HotMail) that do not use E2EE, there are chances that the company may access the data in the transit, as decryption keys are available with them too.
To understand the working of End-To-End Encryption, let’s consider the following example: Suppose, person B wants to send a message to person A through the internet but in private. Receiver A has both public and private keys and sender B has the private key. Only the receiver will have access to the private key. First, the public key is used to encrypt the message. This will turn the plaintext of the message to ciphertext. Next, the receiver A will be able to decode the message using his private key. An important aspect here is that both the public and private keys should be related to each other mathematically and the public key should be the exact opposite of the private key. Although on its way, the message may be seen by the company or even some third party malicious users, they can’t decipher the ciphertext into plaintext again. If person A wants to send a reply, he will repeat the same process and the message will be sent privately to B.
The most widely used social media platform-WhatsApp uses the SIGNAL PROTOCOL for end-to-end encryption. All messages including group chats, statuses, voice recordings, and all types of documents are end to end encrypted. This ensures and upholds the integrity of the data shared through WhatsApp.
The Signal Protocol- Initially known as Text Secure Protocol, this protocol is a cryptographic protocol for safe end-to-end conversion through voice calls over the internet. It was developed by Open Whisper Systems. As security concerns are growing day by day, many social media platforms like WhatsApp, Facebook Messanger, and Google Allo are adopting this protocol. Following the signal protocol for E2EE, one can ensure the privacy and trustworthiness of his message. Public Key Fingerprints (that are used to identify longer public keys) can also be verified using this protocol. This considerably lowers the chances of a man-in-the-middle attack.
Double Ratchet Algorithm- A part of the Signal Protocol, this algorithm was also developed by Open Whisper Systems in 2013. Its working is based on the Diffie Hellman asymmetric algorithm where the sender and receiver use the same shared secret key. Each time a message is sent, a new set of double ratchet keys are generated.
ADVANTAGES OF E2EE
End-to-end encryption is one of the most widely used encryption standard used for secure communication. Advantages of E2EE are:
1. It ensures the privacy of our data that we share through the internet using different platforms. Though our mobile phones and computer systems are becoming safe from viruses and threat attacks, the security of the messages has always been a concern for us. E2EE makes it impossible for prying eyes to tamper our messages, documents, and voice messages.
2. When people know that their conversation is end-to-end encrypted, they talk more freely with each other. It is just like talking in reality as both the sender and receiver know that their message will not be altered by any other third party in transit.
THREATS TO E2EE:
Despite these advantages, E2EE has some disadvantages and threats too.
1. These days, smartphones are a common medium of communication with others. They contain the maximum amount of our data in plaintext. E2EE does not secure endpoint communication. There are chances that the attackers might hack our smartphones. In that case, E2EE will not be able to help us!
2. The next loop is unencrypted backups. Once we have a data backup in case of data loss, then there is no further E2EE of this restored data. For the best results, one should use offline backup techniques.
3. E2EE uses public-key cryptography. That means there is one secret key and a public key, which can be shared with anyone. It is essential to ensure that our device is communicating with the intended receiver’s device. This verification is necessary to ensure that there is no man in the middle attack intended in between.
So, while communicating digitally, we must ensure that the platform used is a genuine one and the party we are communicating with is known and trustworthy. Also, one should disable online backups before starting any online communication.
