• Blog

What is end-to-end encryption & how does it work?

In recent years, we’ve become increasingly aware of the hidden costs of the convenience we get from Big Tech.
 
From Google’s shady data mining practices, to Colonial Pipeline’s infrastructure fail, to peeping toms in our inboxes, it’s clear that it’s up to consumers and businesses to protect ourselves from overreaching Big Tech.
 
The National Security Agency calls for the defense industrial base (DIB) to use end-to-end encryption to secure data. Other industries, as well as individuals, should follow suit. But what is end-to-end encryption? How does end-to-end encryption (e2ee) differ from other forms of data protection and why is it more secure?
 
This piece will focus on providing answers to these questions.


 

An example of how end-to-end encryption works
End-to-end encryption: What it is and how it works

Encryption in transit and encryption at rest are standard these days, but they aren’t enough to protect your data. With encryption at rest, your data sits unprotected on servers. Once a hacker infiltrates the server, they can camp out there indefinitely, reading the messages.
 
End-to-end encryption by contrast provides the gold standard for protecting communication. In an end-to-end encrypted system, the only people who can access the data are the sender and the intended recipient(s) – no one else. Neither hackers nor unwanted third parties can access the encrypted data on the server.
 
In true end-to-end, encryption occurs at the device level. Messages and files are encrypted before they leave the phone or computer and aren’t decrypted until they reach their destination. Hackers can’t access data on the server because they don’t have the private keys required to decrypt the data. Instead, secret keys are stored on the individual user’s device.
 
This process, creating a public-private key pair, is known as asymmetric cryptography. Separate cryptographic keys secure and decrypt the message. Public keys are widely disseminated and are used to lock or encrypt a message. Private keys are only known by the owner and are used to unlock or decrypt the message.

In end-to-end encryption, the system creates public and private cryptographic keys for each person who joins.

An example

Let’s say Alice and Bob create accounts on the system. The end-to-end encrypted system provides each with a public-private key pair, whereby their public keys are stored on the server and their private keys are stored on their device.
 
Alice wants to send Bob an encrypted message. She uses Bob’s public key to encrypt her message to him. Then, when Bob receives the message, he uses his private key on his device to decrypt the message from Alice.
 
When Bob wants to reply, he simply repeats the process, encrypting his message to Alice using Alice’s public key.
 
description of end-to-end encryption

Can end-to-end encryption be hacked?

Security is a chain that is only as strong as the weakest link. Bad guys will attack the weakest parts of your system because they are the parts most easily broken. Given that data is most vulnerable when stored on a server, hackers’ techniques are focused on gaining access to servers.
 
The Department of Homeland Security writes:
 
Given that attackers will go after low hanging fruit like where the data is stored, a solution that does not protect stored data will leave information extremely vulnerable.
 
When practitioners use end-to-end encryption however, the data is always encrypted on the server. Even if a hacker were to access it, all they would see is jibberish.
 
The DHS sums it up:
 
Attacking the data while encrypted is just too much work [for attackers].
 

Why end-to-end encryption is important and what it protects against

You don’t want someone camped out in your network, reading your messages. E2EE keeps your data secure. This not only protects your data from hackers, but also protects your privacy from Big Tech.
 
Service providers like Google (Gmail), Yahoo, or Microsoft hold copies to the decryption keys. This means these providers can read users’ email and files. Google has used this access to profit off of users’ private communications via targeted ads.
 
By contrast, in well-constructed end-to-end encrypted systems system providers never have access to the decryption keys.

What are the advantages of end-to-end encryption

The NSA recently issued guidelines for using collaboration services. The NSA’s number one recommendation is that collaboration services employ e2ee. The NSA notes that by following the guidelines it defines, users can reduce their risk exposure and become harder targets for bad actors.

The advantages of end-to-end encryption
 

  1. Ensures your data is secure from hacks: Ensures your data is secure from hacks: With end to end encryption, you are the only one who has the private key to unlock your data. It doesn’t matter if the server is breached; your data is safe.
  2. Protects your privacy: When you use providers like Google and Microsoft, your data is decrypted on their servers. This means they can read it. And if they can access your data, so can hackers.
  3. Protects admins: Admins aren’t honey pots. They don’t control data access, so they can’t be leveraged as a single point of vulnerability.

 
The U.S. State Department, too, recognizes the strength of end-to-end encryption. Their ITAR Carve out for Encrypted Technical data establishes that defense companies can now share unclassified technical data outside the U.S. with authorized persons, as long as the data is properly secured with end-to-end encryption. End-to-end encrypted data is not considered an export and an export license is not required.
 
The NSA’s and State Department’s statements acknowledge that e2ee provides a significant advantage to users over traditional forms of encryption. This is the future of cybersecurity and it’s available now.

PreVeil and end-to-end encryption

At PreVeil, end-to-end encryption is at the core of how we protect users’ email and files. Today, hundreds of defense companies and small businesses rely on PreVeil to protect their customers’ most sensitive data.
 
Learn more about how PreVeil uses end-to-end encryption to protect your data. Download our architectural whitepaper today.