What is End-to-end encryption?

In the past, terms such as end-to-end encryption (E2EE) were things known only by the “geeks” who worked in the back-end of programs for security. The majority of people would not know what it means or even bother to find out. It was something that people felt they did not want to know. In today’s world of internet security and a digital lifestyle, E2EE is an important part of daily life. It protects your sensitive personal information, keeps your credit card details secure during transactions, and even prevents your calls being tapped or tracked.

Concerns of privacy compromise are global

Hackers are around every corner, and the concern for the protection of sensitive data is global, with billions of people looking to keep their information from the prying eyes of hackers, governments, and other dangerous entities. All communications, from internet calls and instant messaging to private phone calls, are a potential for hacking, and E2EE is what keeps them secure and free from interception.

Explaining encryption in layman’s terms

Before going into the “end-to-end” part of the system, the first thing to know is what encryption is. While there is a battle going on for data security and online privacy, it all boils down to the data you send over the internet, or other forms of media, being secure. When you send information over the internet, on an insecure connection, it is open to being intercepted by anyone with a computer and internet connection, and the ability to look for it. You have no control over who can see your information. This is what makes many applications like VOIP free. You make free calls to other VOIP users, and your call is routed through hundreds of different servers all over the world, where your data can be intercepted by hackers, government agencies, or even terrorists. And this is where the encryption comes in.

Encrypting data for security

Data encryption turns your data into a form of scrambled information that requires the intended recipient to unscramble it. While it is in transit, it is impossible for anyone to read it, until it reaches the designated receiver, where it is turned back into normal words or readable data. This is known as decryption. So, to complete the glossary of terms: unencrypted data is called “plaintext”, encrypted data is called “cyphertext”, and the information that travels along with the cyphertext to encrypt it is known as an encryption algorithm. To scramble the data requires an encryption key, and without that key, the data cannot be decrypted. The key is a long string of numbers embedded into the software.

Asymmetric encryption versus symmetric encryption

Symmetric encryption is where a single key is used by both parties when sending a message. The message is encrypted and sent to the receiver. The required key is also sent to the receiver in a separate, hidden message. This is then used at the receiver’s end to decrypt the message. While the message cannot be read without the key, sending it through an unsecured channel makes it vulnerable, and it can be intercepted and used to read the message. An asymmetric encryption uses two keys. One key is public and is known to both users. The other key is private, and is known only to the individual user, and is not sent as data. It remains permanently with the user. When a message is sent, it is encrypted using the receiver’s “public” key and sent to the receiver. When it is received, the user uses his private key to unlock the data of the encryption algorithm that was encoded as the public key. This means that only the user’s private key can unlock the algorithm needed to decrypt the message, making it much more secure.

This is how E2EE works, as an implementation of the asymmetrical encryption process. As the name suggests, the data can only be read by the two people at either end of the message. When sending a message to many apps, the data is only encrypted once it has passed through the application provider’s server, and it is only encrypted to prevent hackers accessing the data in transit. However, that means that the app provider can also read the message, which means it is not secure. End-to-end encryption means that the data is encrypted before it is sent to the server, and can only be decrypted by the receiver. The service provider does not have access to the decryption key or algorithm, and therefore cannot decrypt the message. This restricts the access to the data to just the sender and receiver, and it cannot be forced open, even at the request of law enforcement agencies.

Messaging apps use E2EE

E2EE is used to encrypt most messages sent over major messaging applications such as WhatsApp, iMessage, etc. And this is important now with the advent of mobile banking and mobile wallets, as many are now being linked to messaging apps, and other apps, to allow customers to pay for something through that app, using their mobile wallet. Therefore, if you thought it was not necessary to use E2EE for simple messaging apps, then you were wrong. Send your bank data through an app, and you need E2EE to keep it secure. Moreover, do you really want a big brother regime, where all your messages and calls can be intercepted and spied on? Whether it involves hackers or governments, your data is yours and should be secure from everyone else, regardless of who they may be.

Related articles published in Mobile payment :

Source : http://searchsecurity.techtarget.com/definition/end-to-end-encryption-E2EE

Image : Shutterstock