End to end encryption for the enterprise
End-to-end encryption (E2EE) is the most secure way to communicate privately and securely online. It is also at the core of what we do at PreVeil. It is how we ensure that messages created on your device are only ever read by the intended recipient. By encrypting your messages with end-to-end encryption, no one in the middle can read your messages.
Yet many people we talk to have a fuzzy understanding of what end-to-end encryption is, how it works and the advantages it affords. We thought it would be helpful to answer some of the typical questions and objections we hear.
End-to-end encryption explained
One of the questions we hear frequently at PreVeil is ‘What does end to end mean’ ?
End-to-end simply defines a way of encrypting data so that it can only be decrypted on the endpoints. Data on the server is never decrypted. Attackers can never access the conversation because they do not have the keys to decrypt the data.
In practical terms, this means that only the sender and the recipient(s) can decrypt the message.
This is a profoundly different way of protecting your data than is used by services like Gmail and Microsoft. Both of these platforms are able to access the servers where your data is stored. As a result they can read your messages.
How end-to-end encryption works
The best way to implement encryption is to rely on asymmetric encryption which uses a public key and a private key. Also known as public key encryption, asymmetric encryption involves a private key that belongs to the user and lives on their personal device. The user’s public key lives on the server and is available to anyone on the system.
Let’s say Alice and Bob create accounts on the system. Bob wants to send Alice an encrypted message. To do this in an end-to-end encrypted system, Bob digitally pulls down Alice’s public key from the server and encrypts his message to her with her public key. Then, when Alice receives the message, she takes the private key on her device to decrypt the message from Bob and reads it.
Let’s take a look at how this works:
The message from Bob to Alice might go through several email servers along the way. Although the companies owning the server might try to read the message, they will be unable to because end-to-end encryption has ensured that they lack the private key to decrypt the message. Only Alice will be able to decrypt the message as she is the only one with the private key that can decrypt the message.
When Alice wants to reply, she simply repeats the process, encrypting her message to Bob using Bob’s public key.
The Challenge of Authenticity in End-to-End Encryption
Professor Matt Green of Johns Hopkins University has written that the real challenge of asymmetric encryption turns out to be the distribution of users’ public keys without relying on a trusted central service. Without any type of authentication, an attacker could impersonate a message recipient by substituting their public key for the real recipient’s public key.
End-to-end encryption prevents an attacker from ‘listening in’ on data exchanges while they’re in transit. However, what prevents an attacker from assuming the identity of a user by impersonating their public key? This type of impersonation describes a Man In the Middle (MITM) Attack.
Let’s say Mike altered the ‘from’ description and changed Bob’s message to say, “Send Mike $100”. Mike could then sign the message with Alice’s public key. How do we know that the message wasn’t changed?
This authenticity is provided by having Bob digitally sign the email to Alice using his private key. When Alice receives the message from Bob , she can verify the digital signature on the message came from Bob by using his public key. As the digital signature is based on Bob’s private key, Bob is the only one who could create the signature. As such, there is no way to spoof it.
Lest you think this example of tampering with messages is theoretical, you need to only look to the recent example of the eFail attack in 2018 in which it was shown that attackers could alter a message by injecting malicious code into the body of the email. This attack was enabled because the email messages sent through OpenPGP and s/MIME did not require checking if the message had been altered before the recipient opened the message.
However, these attacks could have been prevented had they used digital signatures. In our scenario, if Mike had altered the message to Alice, it would arrive with the digital signature altered. In this case, the altered signature would prove that the message had been tampered with as it couldn’t be verified using Bob’s public key.
Is end-to-end encryption safe? Can it be hacked?
Security practitioners often point out that security is a chain that is only as strong as the weakest link. Bad guys will attack the weakest parts of your system because they are the parts most likely to be easily broken. Given that data is most vulnerable when stored on a server, hackers’ techniques are focused on gaining access to servers.
As the Department of Homeland Security has written:
Given that attackers will go after low hanging fruit like where the data is stored, a solution that does not protect stored data will leave information extremely vulnerable.
End-to-end encryption however protects stored data. In fact it secures and protects data throughout its journey. As such, end-to-end encryption is the safest option for data security available.
As the DHS goes on to state in its report,
Attacking the data while encrypted is just too much work [for attackers].
End-to-end encryption and WhatsApp
In May 2019, WhatsApp was compromised by a weaponized phone call from Israeli spyware company NSO that enabled the attacker to install malware on the recipient’s device. WhatsApp promptly created an update to patch this vulnerability.
In an editorial on this attack, Bloomberg’s Leonid Bershidsky wrote that:
End-to-end encryption is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security.
But Bershidsky grossly misstated the problem. The weakness that enabled the hack was not end-to-end encryption itself but rather a separate problem with the audio call feature in WhatsApp. The two are not related.
While the editor was widely pilloried for his statement, many could be left with the impression that end-to-end encryption is not safe. However, many technologist jumped into the conversation to confirm the importance of end-to-end encryption and it’s ability to safeguard conversations.
Technology writer Graham Cluley said the argument from Bershidsky was “Ridiculous”
and Costin Raiu of Kaspersky stated the article as ‘largely pointless’.
Unfortunately, in spite of the outcry to the contrary, some professionals are still unsure about the security of end-to-end encryption.
Banning end-to-end encryption?
At the beginning of June 2019, the Trump administration was in the press for considering banning end-to-end encryption. The ban would end the use of the encryption standard as used in services like Apple Message and WhatsApp.
The Trump Administration was seeking this ban because without end-to-end-encryption, it would be easier for law enforcement and intelligence agents to access suspects’ data.
Banning end-to-end encryption though would also make it easier for hackers and spies to steal Americans’ private data. If the government has a backdoor to bypass end-to-end encryption then so can anyone who is smart enough to reverse-engineers the process.
Why end-to-end encryption is important
Numerous data breaches have occurred on data stored in the cloud. As the chart below shows, billions of records have been hacked over the past few years from many large nam ecompanies like Yahoo or Verizon. This has only been possible though because the data was not encrypted.
Indeed, your data is most vulnerable place when stored on a disk, in memory or on some device in the cloud.
Platforms such as WhatsApp, iMessage and Signal are well known applications that rely on end-to-end encryption for messages. Individuals who use these applications are assured that neither governments nor enterprises can review their communications.
What are the advantages of end-to end encryption?
There are numerous advantages to end-to-end encryption over the standards used today to protect data.
Ensures data is not hacked: End-to-end encryption improves data security because it provides an ironclad method for securing the enterprise user’s information. Rather than relying on taller walls to protect the server, end-to-end encryption relies on the use of public keys to secure data on the server. Servers will inevitably be attacked so the only way to ensure data security is to make the data unreadable by attackers. End-to-end encryption provides this assurance.
Your data remains private: By using end-to-end encryption, you know that no one can read your messages. Other services like Gmail and Yahoo have access to your data. These companies can read your messages and sell the data they glean. With end-to-end encryption, this is not possible.
Messages are trusted: By using end-to-end encryption, users have the ability to digitally sign their messages. This ensures that recipients know that the message is who the header says it’s from. End-to-end encryption provides this level of trust.
Prevents MITM Attacks: MITM attacks enable someone in the middle to read the message either on the server or while the message is in transit. With end-to-end encryption, messages are encrypted throughout their journey and can only be read by the sender and recipient.
These are among the many security advantages users and enterprises will accrue when they use PreVeil’s secure email and file sharing platform.