What is end to end encryption?
Given the frequency of attacks on enterprise emails and files, many CISOs look to end-to-end encryption to protect their company data. End-to-end encryption (e2ee) means that the data is only decrypted on the user endpoints. The data is never decrypted in transit to and from the server nor at rest when stored on the server. This protection ensures that no one can see a user’s data except the user and the recipient. As a result, end-to-end encryption provides the most secure way for the enterprise to securely communicate online.
Here’s a diagram showing how Alice and Bob can securely exchange a message using end-to-end encryption.
How it works
End-to-end encryption works by using a combination of a public key and a private key, also known as asymmetric encryption. In end-to-end encryption, each user has a public key and a private key. The private key lives on user’s their personal devices and is only available to them. Their public key lives on the server and is available to anyone on the system.
Let’s say Alice and Bob create accounts on the system. Bob wants to send Alice an encrypted message. To do this in an end-to-end encrypted system, Bob digitally pulls down Alice’s public key from the server and encrypts his message to her with her public key. Then, when Alice receives the message, she takes the private key on her device to decrypt the message from Bob and reads it.
Let’s take a look at how this works:
The message from Bob to Alice might go through several email servers along the way. Although the companies owning the server might try to read the message, they will be unable to because end-to-end encryption has ensured that they lack the private key to decrypt the message. Only Alice will be able to decrypt the message as she is the only one with the private key that can decrypt the message.
When Alice wants to reply, she simply repeats the process, encrypting her message to Bob using Bob’s public key.
Professor Matt Green of Johns Hopkins University has written that the real challenge of asymmetric encryption turns out to be the distribution of users’ public keys without relying on a trusted central service. Without any type of authentication, an attacker could impersonate a message recipient by substituting their public key for the real recipient’s public key.
End-to-end encryption prevents an attacker from ‘listening in’ on data exchanges while they’re in transit. However, what prevents an attacker from assuming the identity of a user by impersonating their public key? This type of impersonation describes a Man In the Middle (MITM) Attack.
Let’s say Mike altered the ‘from’ description and changed Bob’s message to say, “Send Mike $100”. Mike could then sign the message with Alice’s public key. How do we know that the message wasn’t changed?
This authenticity is provided by having Bob digitally sign the email to Alice using his private key. When Alice receives the message from Bob , she can verify the digital signature on the message came from Bob by using his public key. As the digital signature is based on Bob’s private key, Bob is the only one who could create the signature. As such, there is no way to spoof it.
Lest you think this example of tampering with messages is theoretical, you need to only look to the recent example of the eFail attack in 2018 in which it was shown that attackers could alter a message by injecting malicious code into the body of the email. This attack was enabled because the email messages sent through OpenPGP and s/MIME did not require checking if the message had been altered before the recipient opened the message.
However, these attacks could have been prevented had they used digital signatures. In our scenario, if Mike had altered the message to Alice, it would arrive with the digital signature altered. In this case, the altered signature would prove that the message had been tampered with as it couldn’t be verified using Bob’s public key.
Security practitioners often point out that security is a chain that is only as strong as the weakest link. Bad guys will attack the weakest parts of your system because they are the parts most likely to be easily broken. Given that data is most vulnerable when stored on a server, hackers’ techniques are focused on gaining access to servers.
As the Department of Homeland Security has written:
Given that attackers will go after low hanging fruit like where the data is stored, a solution that does not protect stored data will leave information extremely vulnerable.
End-to-end encryption however protects stored data. In fact it secures and protects data throughout its journey. As such, end-to-end encryption is the safest option for data security available.
As the DHS goes on to state in its report,
Attacking the data while encrypted is just too much work [for attackers].
In May 2019, WhatsApp was compromised by a weaponized phone call from Israeli spyware company NSO that enabled the attacker to install malware on the recipient’s device. WhatsApp promptly created an update to patch this vulnerability.
In an editorial on this attack, Bloomberg’s Leonid Bershidsky wrote that:
End-to-end encryption is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security.
But Bershidsky grossly misstated the problem. The weakness that enabled the hack was not end-to-end encryption itself but rather a separate problem with the audio call feature in WhatsApp. The two are not related.
While the editor was widely pilloried for his statement, many could be left with the impression that end-to-end encryption is not safe. However, many technologist jumped into the conversation to confirm the importance of end-to-end encryption and it’s ability to safeguard conversations.
Technology writer Graham Cluley said the argument from Bershidsky was “Ridiculous”
and Costin Raiu of Kaspersky stated the article as ‘largely pointless’.
Unfortunately, in spite of the outcry to the contrary, some professionals are still unsure about the security of end-to-end encryption.
At the beginning of June 2019, the Trump administration was in the press for considering banning end-to-end encryption. The ban would end the use of the encryption standard as used in services like Apple Message and WhatsApp.
The Trump Administration was seeking this ban because without end-to-end-encryption, it would be easier for law enforcement and intelligence agents to access suspects’ data.
Banning end-to-end encryption though would also make it easier for hackers and spies to steal Americans’ private data. If the government has a backdoor to bypass end-to-end encryption then so can anyone who is smart enough to reverse-engineers the process.
Numerous data breaches have occurred on data stored in the cloud. Billions of records have been hacked over the past few years from many large name companies like Yahoo or Verizon. This has only been possible though because the data was not encrypted.
However, when data is secured with end-to-end encryption, these types of attacks are not possible.
Let’s explain these advantages more fully.
Ensures data is not hacked: End-to-end encryption improves data security because it provides an ironclad method for securing the enterprise user’s information. Rather than relying on taller walls to protect the server, end-to-end encryption relies on the use of public keys to secure data on the server. Servers will inevitably be attacked so the only way to ensure data security is to make the data unreadable by attackers. End-to-end encryption provides this assurance.
Your data remains private: By using end-to-end encryption, you know that no one can read your messages. Other services like Gmail and Yahoo have access to your data. These companies can read your messages and sell the data they glean. With end-to-end encryption, this is not possible.
Messages are trusted: By using end-to-end encryption, users have the ability to digitally sign their messages. This ensures that recipients know that the message is who the header says it’s from. End-to-end encryption provides this level of trust.
Prevents MITM Attacks: MITM attacks enable someone in the middle to read the message either on the server or while the message is in transit. With end-to-end encryption, messages are encrypted throughout their journey and can only be read by the sender and recipient.
These are among the many security advantages users and enterprises will accrue when they use PreVeil’s secure email and file sharing platform.