End-to-end-encryption (E2EE) is the most secure method of sending messages over the air. It is a technology that means no-one, not even the government, should be able to access any of the information sent.
Designed to beat hackers
The entire system is designed to prevent tampering and surveillance using an encrypted version of the message. The information being sent is encrypted using a unique key, which is known only to the sender and recipient and is held within the message itself. This means that any attempts to decipher the message will fail because the intruder would not have access to the decryption key.
How does it work?
With an E2EE system, the encryption key is known only to the receiver. This can only be read by the receiving device, and the device or application being used adopts the decryption key within. The encryption is achieved using a string of pre-configured symbols known as a pre-shared key (PGP). Devices can also derive a secret key during the sending using a Diffie-Hellman key-exchange protocol (OTR). E2EE is used in S/MIME emails, WhatsApp instant messages and Wire video messaging, as well as many other apps.
Are all messaging systems using E2EE?
Although it is the safest and most secure form of messaging, not all providers and apps use it. Most server-based messaging systems only have limited forms of encryption, usually just between the devices and the server. So the message is stored on the third party server in normal text. And there has been a criticism of some services for not having E2EE as standard in their messaging applications.
Is it 100% secure?
No system is ever 100% secure. For example, a hacker can pretend to be the receiver, by swapping his own public key for that of the receiver. The messages will then be encrypted with a key only he knows. Once he has decrypted the message, he can then send it on to the original recipient using a key he shares with them. Sending it on reduces the chance of the hacker being detected. Such instances are known as man-in-the-middle attacks.
Preventing message hacking
In order to prevent attacks on messaging security most E2EE protocols have a form of endpoint authenticity specifically designed to stop it. One such method generates a digital fingerprint between the sharing parties. This is then compared to an external channel and validates the sharing of messages. If the fingerprints are a match at both ends, the man-in-the-middle cannot intervene. Most digital fingerprints use a hexadecimal code string, where the characters are grouped to make them easier to read. QR codes are another form of digital fingerprint that can be scanned into the user’s device to guarantee authenticity.
Device security is needed
No matter how secure the messages are, once they reach the receiver’s device they are open to being hacked. The user’s computer can still be hacked to obtain the key, and intercept future messages. Or they can just read the messages already received. Maintaining the security of the device is just as important as securing the message in transit.
And in 2013, leaked information revealed that Skype, who utilize E2EE, had written a back door into the program software. The back door was used by Microsoft to provide user information to the US National Security Agency (NSA).
Related articles published in Cardholders Data security:
Image : Shutterstock