End to end encryption for the enterprise
End-to-end encryption (E2EE) is at the core of what we do at PreVeil. It is how we ensure that messages created on your device are only ever read by the intended recipient. Yet many people we talk to have a fuzzy understanding of what end-to-end encryption is, how it works and the advantages it affords. We thought it would be helpful to answer some of the typical objections we hear.
End-to-end encryption explained
One of the questions we hear frequently is ‘What does end to end mean’ ?
End-to-end simply explains a way of encrypting data so that outsiders can’t access the conversation. This security is possible because data is only ever decrypted at the endpoints. Hackers cannot access data on the server because they do not have the keys to decrypt the data. Instead, decryption keys are stored with the individual user on their device.
Here’s a video that provides an overview on end-to-end encryption:
How end-to-end encryption works
End-to-end encryption can be enabled through either symmetric or asymmetric encryption. In symmetric encryption, the sender and recipient use the same key to decrypt the message. They can exchange the key or provide each other with a copy by meeting up or exchanging the key over the phone. But this kind of exchange is challenging to implement on a wide scale.
An easier way to implement end-to-end encryption is to use asymmetric encryption which uses two different keys: a public key and a private key. Also known as public key encryption, asymmetric encryption involves a private key that belongs to the user and lives on their personal device. The user’s public key lives on the server and is available to anyone on the system.
Let’s say Alice and Bob create accounts on the system. Bob wants to send Alice an encrypted message. To do this in an end-to-end encrypted system, Bob digitally pulls down Alice’s public key from the server and encrypts his message to her with her public key. Then, when Alice receives the message, she takes the private key on her device to decrypt the message from Bob and reads it.
Let’s take a look at how this works:
The message from Bob to Alice might go through several email servers along the way. Although the companies owning the server might try to read the message, they will be unable to because end-to-end encryption has ensured that they lack the private key to decrypt the message. Only Alice will be able to decrypt the message as she is the only one with the private key that can decrypt the message.
When Alice wants to reply, she simply repeats the process, encrypting her message to Bob using Bob’s public key.
The Challenge of Authenticity in End-to-End Encryption
End-to-end encryption prevents an attacker from ‘listening in’ on data exchanges while they’re in transit. However, what prevents an attacker from assuming the identity of a user by impersonating their public key?
Professor Matt Green of Johns Hopkins University has stated that the real challenge of end-to-end turns out to be the distribution of users’ public keys without relying on a trusted central service. Without any type of authentication, an attacker could impersonate a message recipient by substituting their public key for the real recipient’s public key.
This describes a Man In the Middle (MITM) Attack.
Let’s say Mike altered the ‘from’ description and changed Bob’s message to say, “Send Mike $100”. Mike could then sign the message with Alice’s public key. How do we know that the message wasn’t changed?
This authenticity of the end-to-end encrypted message is provided by having Bob digitally sign the email to Alice using his private key. When Alice receives the message from Bob , she can verify the digital signature on the message came from Bob by using his public key. As the digital signature is based on Bob’s private key, Bob is the only one who could create the signature. As such, there is no way to spoof it.
Lest you think this example of tampering with messages is theoretical, you need to only look to the recent example of the eFail attack in 2018 in which it was shown that attackers could alter a message by injecting malicious code into the body of the email. This attack was enabled because the email messages sent through OpenPGP and s/MIME did not require checking if the message had been altered before the recipient opened the message.
However, these attacks could have been prevented had they used digital signatures. In our scenario, if Mike had altered the message to Alice, it would arrive with the digital signature altered. In this case, the altered signature would prove that the message had been tampered with as it couldn’t be verified using Bob’s public key.
Why end-to-end encryption is important
End-to-end encryption is important because it provides users and recipients security for their email and files from the moment the data is created by the user until the moment it is received by the recipient. Unlike most commercial email and file sharing services, services that use end-to-end encryption can never read your data because data is never decrypted on the server. Indeed, your data is most vulnerable place when stored on a disk, in memory or on some device in the cloud.
Services like Gmail, Yahoo or Microsoft enable the provider to access the content of users’ data on its servers because these providers hold copies to the decryption keys. As such, these providers can read users’ email and files. In Google’s case, its possession of decryption keys has enabled them in the past to provide the Google account holder with targeted ads.
Platforms such as WhatsApp, iMessage and Signal are well known applications that rely on end-to-end encryption for messages. Individuals who use these applications are assured that neither governments nor enterprises can review their communications.
What are the advantages of end-to end encryption?
Ensures data is not hacked: End-to-end encryption improves data security because it provides an ironclad method for securing the enterprise user’s information. Rather than relying on taller walls to protect the server, end-to-end encryption relies on the use of public keys to secure data on the server. Servers will inevitably be attacked so the only way to ensure data security is to make the data unreadable by attackers. End-to-end encryption provides this assurance.
Protects data from phishing and spoofing: By using end-to-end encryption along with digital signatures, users are assured that the messages they receive are from the individual defined on the message header. Using this method of end-to-end encryption along with digital signatures ensures that messages cannot be spoofed, and data cannot be phished. Recipients know who the messages are from.
Messages are trusted: Since recipients know the actual sender of the messages, they can now trust the messages in their inbox. Recipients know that the message is who the header says it’s from. End-to-end encryption provides this level of trust.