The encryption end to end is a message encoding method based on asymmetric encryption algorithms and the decentralization of cryptographic keys. What does all this mean? In this article, we will see together what end-to-end encryption is, and how it works and why you should use it for all the services for which it is available.
Let's start with the basics. The encryption is the science that studies how to edit a message to make it understandable only to those who know the encryption method. Cryptography is as old as the world; man has always sought and invented methods to communicate in a safe and secret way. The oldest and simplest method of cryptography is called symmetric cryptography: two people use the same code, in ‘key’ jargon, to encrypt and decrypt the messages they exchange.
In computer science and online, symmetric cryptography is weak. As complex as the encryption key may be, it can be intercepted and stolen. To overcome this problem, in 1976, Whitfield Diffie and Martin Hellman invented an alternative method, called asymmetric cryptography. In this case, the two people who communicate do not use only one key, but two pairs of keys: one public and one private. The public pair may not be protected because security depends on the private key pair. The operation is as follows: Anna wants to send a message to Tony, Anna enters the message with Tony's public key; Tony receives and decrypts the message with his private key. Messages can be decrypted only with the private key corresponding to the public one that was used for encryption.
This technique to protect the privacy and communications of Internet users bases its strength on a double pair of cryptographic keys necessary to encrypt and decrypt messages traveling from one end of the communication to the other. Each user, in fact, will use a public key and a private key, bound together in an indissoluble manner.
The private key is destined to remain on the device of the two "communicants" and will be used to decrypt incoming messages; the public key, instead, will be shared with the interlocutor and will be used to encrypt the outgoing messages. Here's how it works in practice. In a communication protected by end-to-end cryptography between Marco and Anna, the messages sent by the first will be encrypted using the public key of the second, and vice versa. In this way, communications, while traveling through “discovered” and potentially interceptable channels, will be readable only by the device that hosts the private key linked to the public key used in the encryption process.
To increase the security of conversations, the system that manages the communication channel - for example, WhatsApp - does not control the creation of private keys, which are generated and stored directly on the devices of the people who communicate. For this reason, this encryption method is called end to end, which we can translate as "from beginning to end": only interested people can decrypt messages, and the flow of communication does not involve third parties. End to end encryption became public knowledge in 2016 when it was introduced by WhatsApp to protect conversations among its users.
When we add a contact, the WhatsApp apps of the two devices connect and create two pairs of interdependent keys. The private keys remain on the respective devices and are invisible even to WhatsApp itself. When you send a message with WhatsApp, the company server receives it and directs it to the recipient, but is unable to decrypt it and read it. This is the great strength of end to end cryptography applied to instant messaging apps and, in general, to online communication! This feature translates into two great advantages for the user:
1. If a hacker attacks the messaging service servers, such as WhatsApp, he will not be able to discover private keys or access your messages.
2. Your messages are visible only on your terminal and on that of the recipient, so you have the security that WhatsApp does not record your conversations and does not share them with other organizations (not even with the police).
End to end encryption is very secure but not foolproof. In fact, there are no foolproof security systems. If a hacker cannot decrypt a message encoded with end-to-end encryption, he can access conversations in other indirect ways. For example, he can use social engineering techniques to access the online storage account where the user saves the conversation back up. Or it can infect the device with a keylogger, a virus that records the inputs entered with the keyboard.
Security is a concept to be understood not as absolute (safe or unsafe), but as gradual: a system is more or less secure based on the levels of security we add to it. From this point of view, the application of end-to-end encryption to instant messaging services is a big step forward. For the same reason, you should install good cybersecurity software on your smartphone.
Simple, choose apps, and messaging services that use end-to-end encryption, such as WhatsApp and Telegram. In these applications, end to end encryption is enabled by default; you don't have to do anything. Interestingly, many other famous apps do not use this technology: Facebook Messenger, Google Hangouts, Skype, Snapchat, Viber, and Yahoo.
End-to-end cryptography (abbreviated on some occasions with the acronym e2e) proves to be particularly valuable for rendering harmless man-in-the-middle attack attempts. These hacker attacks aim to steal personal data and information by "intercepting" communications between two or more users. As the name suggests, the attacker is positioned in the middle between the sender and the recipient using the same communication routes used by the two main actors. In this way, the messages sent by the sender will pass through the hacker before arriving at the recipient: in this way, the hacker will be able to archive the information he wants and exploit it to his liking.
As seen above, end-to-end cryptography is able to neutralize this type of attack by transforming messages into a sequence of meaningless strings that can be deciphered only if the cryptographic keys are owned. For this reason, it is so used by instant messaging applications: the various WhatsApp, Messenger, and Telegram protect the communications of their users (and their privacy) by shielding them behind the encryption and making them, in fact, illegible to the eyes of any hacker.
Jan 17, 2020