E2EE and privacy
In many messaging systems, including email and many chat networks, messages pass through intermediaries and are stored by a third party, from which they are retrieved by the recipient. Even if the messages are encrypted, they are only encrypted 'in transit', and are thus accessible by the service provider, regardless of whether server-side disk encryption is used. Server-side disk encryption simply prevents unauthorized users from viewing this information. It does not prevent the company itself from viewing the information, as they have the key and can simply decrypt this data. This allows the third party to provide search and other features, or to scan for illegal and unacceptable content, but also means they can be read and misused by anyone who has access to the stored messages on the third-party system, whether this is by design or via a backdoor. This can be seen as a concern in many cases where privacy is very important, such as businesses whose reputation depends on their ability to protect third party data, negotiations and communications that are important enough to have a risk of targeted 'hacking' or surveillance, and where sensitive subjects such as health, and information about minors are involved. It is important to note that E2EE alone does not guaranteeEtymology of the term
The term "end-to-end encryption" originally only meant that the communication is never decrypted during its transport from the sender to the receiver. For example, around 2003, E2EE has been proposed as an additional layer of encryption for GSM or TETRA, in addition to the existing radio encryption protecting the communication between the mobile device and the network infrastructure. This has been standardised by SFPG for TETRA. Note that in TETRA E2EE, the keys are generated by a Key Management Centre (KMC) or a Key Management Facility (KMF), not by the communicating users. Later, around 2014, the meaning of "end-to-end encryption" started to evolve when WhatsApp encrypted a portion of its network, requiring that not only the communication stays encrypted during transport, but also that the provider of the communication service is not able to decrypt the communications either by having access to the private key, or by having the capability to undetectably inject an adversarial public key as part of a man-in-the-middle attack. This new meaning is now the widely accepted one.Modern usage
As of 2016, typical server-based communications systems do not include end-to-end encryption. These systems can only guarantee the protection of communications between clients and servers, meaning that users have to trust the third parties who are running the servers with the sensitive content. End-to-end encryption is regarded as safer because it reduces the number of parties who might be able to interfere or break the encryption. In the case of instant messaging, users may use a third-party client or plugin to implement an end-to-end encryption scheme over an otherwise non-E2EE protocol. Some non-E2EE systems, such asChallenges
Man-in-the-middle attacks
End-to-end encryption ensures that data is transferred securely between endpoints. But, rather than try to break the encryption, an eavesdropper may impersonate a message recipient (during key exchange or by substituting their public key for the recipient's), so that messages are encrypted with a key known to the attacker. After decrypting the message, the snoop can then encrypt it with a key that they share with the actual recipient, or their public key in case of asymmetric systems, and send the message on again to avoid detection. This is known as a man-in-the-middle attack (MITM).Authentication
Most end-to-end encryption protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, one could rely on certification authorities or a web of trust. An alternative technique is to generate cryptographic hashes (fingerprints) based on the communicating users’ public keys or shared secret keys. The parties compare their fingerprints using an outside (out-of-band) communication channel that guarantees integrity and authenticity of communication (but not necessarily secrecy), before starting their conversation. If the fingerprints match, there is in theory, no man in the middle. When displayed for human inspection, fingerprints usually use some form of Binary-to-text encoding. These strings are then formatted into groups of characters for readability. Some clients instead display aEndpoint security
The end-to-end encryption paradigm does not directly address risks at the communications endpoints themselves. Each user's computer can still be hacked to steal his or her cryptographic key (to create a MITM attack) or simply read the recipients’ decrypted messages both in real time and from log files. Even the most perfectly encrypted communication pipe is only as secure as the mailbox on the other end. Major attempts to increase endpoint security have been to isolate key generation, storage and cryptographic operations to a smart card such as Google's Project Vault. However, since plaintext input and output are still visible to the host system, malware can monitor conversations in real time. A more robust approach is to isolate all sensitive data to a fully air gapped computer. PGP has been recommended by experts for this purpose. However, as Bruce Schneier points out, Stuxnet developed by US and Israel successfully jumped air gap and reached Natanz nuclear plant's network in Iran. To deal with key exfiltration with malware, one approach is to split the Trusted Computing Base behind two unidirectionally connected computers that prevent either insertion of malware, or exfiltration of sensitive data with inserted malware.Backdoors
A backdoor is usually a secret method of bypassing normal authentication or encryption in a computer system, a product, or an embedded device, etc. Companies may also willingly or unwillingly introduce backdoors to their software that help subvert key negotiation or bypass encryption altogether. In 2013, information leaked byCompliance and regulatory requirements for content inspection
While E2EE can offer privacy benefits that make it desirable in consumer-grade services, many businesses have to balance these benefits with their regulatory requirements. For example, many organizations are subject to mandates that require them to be able to decrypt any communication between their employees or between their employees and third parties. This might be needed for archival purposes, for inspection by Data Loss Prevention (DLP) systems, for litigation-related eDiscovery or for detection ofSee also
* Comparison of instant messaging protocols * – a table overview of VoIP clients that offer end-to-end encryption *References
Further reading
* {{DEFAULTSORT:End-To-End Encryption Cryptography Telecommunications Secure communication Internet privacy