What is end-to-end encryption
End-to-end encryption provides a method of secure communication where the only people who can access a given email or file are the sender and the intended recipient(s). This security behind end-to-end encryption is enabled by the creation of a public-private key pair. This process, also known as asymmetric cryptography, employs separate cryptographic keys for securing and decrypting the message. Public keys are widely disseminated and are used to lock or encrypt a message. Private keys are only known by the owner and are used to unlock or decrypt the message.
End-to-end to encryption differs from the vulnerable methods for securing content provided by Gmail, Yahoo or Microsoft. Each of these providers can access the content of your data on its servers because they hold copies to the decryption keys. As such, these providers can read your email. In Google’s case, its possession of decryption keys has enabled them in the past to provide the Google account holder with targeted ads.
At PreVeil end-to-end encryption occurs at the device level. That is, every message or file is encrypted before it leaves your phone or computer and isn’t decrypted until it reaches its destination. Neither PreVeil nor any third party can decrypt your email because only you have the decryption keys. Since your email is never decrypted in the cloud, you are protected even if the cloud is breached.
End-to-end encryption: The Gold Standard
End-to-end encryption is considered the gold standard for securing data and ensuring that sensitive data is not hacked. End-to-end encryption also lies at the core of PreVeil’s technology for securing email and file data protection. By using end-to-end encryption, PreVeil’s security architecture ensures that email and file contents stay protected even if passwords are stolen, IT Admin accounts are compromised, or servers are breached.
How does end-to-end encryption work?
The system creates public and private cryptographic keys for each person who joins the system. The user’s private key belongs to the user and lives on their personal device. The user’s public key lives on the server.
Let’s say Alice and Bob create accounts on the system. The math behind end-to-end encryption provides each with a public-private key pair.
Bob wants to send Alice an encrypted message. To do this in an end-to-end encrypted system, Bob digitally pulls down Alice’s public key from the server and encrypts his message to her with her public key. Then, when Alice receives the message, she takes the private key on her device to decrypt the message from Bob and reads it.
The message from Bob to Alice might go through several email servers along the way. Although the companies owning the server might try to read the message, they will be unable to because end-to-end encryption has ensured that they lack the private key to decrypt the message. Only Alice will be able to decrypt the message as she is the only one with the private key that can decrypt the message.
When Alice wants to reply, she simply repeats the process, encrypting her message to Bob using Bob’s public key.
But how do we know that the message to Alice really came from Bob? Theoretically, since end-to-end encryption ensures public keys are available to everyone, Mike could alter the from description and change Bob’s message to say, “Send Mike $100”. Mike could then sign the message with Alice’s public key. How do we know that the message wasn’t changed?
This authenticity of the end-to-end encrypted message is provided by having Bob digitally sign the email to Alice using his private key. When Alice receives the message from Bob , she can verify the digital signature on the message came from Bob by using his public key. As the digital signature is based on Bob’s private key, Bob is the only one who could create the signature. As such, there is no way to spoof it.
Lest you think this example of tampering with messages is theoretical, you need to only look to the recent example of the eFail attack in 2018 in which it was shown that attackers could alter a message by injecting malicious code into the body of the email. This attack was enabled because the email messages sent through OpenPGP and s/MIME did not require checking if the message had been altered before the recipient opened the message.
However, these attacks could have been prevented had they used digital signatures. In our scenario, if Mike had altered the message to Alice, it would arrive with the digital signature altered. In this case, the altered signature would prove that the message had been tampered with as it couldn’t be verified using Bob’s public key.
How does end-to end encryption improve data security
Ensures data is not hacked: End-to-end encryption improves data security because it provides an ironclad method for securing the enterprise user’s information. Rather than relying on taller walls to protect the server, end-to-end encryption relies on the use of public keys to secure data on the server. Servers will inevitably be attacked so the only way to ensure data security is to make the data unreadable by attackers. End-to-end encryption provides this assurance.
Protects data from phishing and spoofing: By using end-to-end encryption along with digital signatures, users are assured that the messages they receive are from the individual defined on the message header. Using this method of end-to-end encryption along with digital signatures ensures that messages cannot be spoofed, and data cannot be phished. Recipients know who the messages are from.
Messages are trusted: Since recipients know the actual sender of the messages, they can now trust the messages in their inbox. Recipients know that the message is who the header says it’s from. End-to-end encryption provides this level of trust.