Understanding End-to-End Encryption (E2EE)
End-to-End Encryption (E2EE) is a technology which protects the confidentiality of data that flows online between two points in a network.
Background
Data is transferred online in various ways like voice call, chat messages, email or credit card/debit card transaction, etc. When we transfer the data from one source to another in a network, it passes through many unknown servers, routers, and devices before reaching its intended destination, thus, posing risk of being hacked in the midway. End-to-End Encryption (E2EE) is a new security feature that keeps the people’s information out of the hands of hackers and cyber-criminals. In a communication system with end-to-end encryption feature, once the data leaves the starting point, it gets encrypted, and then it can be decrypted only at its intended destination and nowhere in between.
Mechanism
Encryption technology involves scrambling or jumbling of the data being transferred in such a way that it can be deciphered only by the sender and the receiver. In the first step, when a sender sends a message, it is in the form of Plaintext that is ordinary readable text. Second, as soon as the data gets onto the network, it gets encrypted that is a process of converting ordinary readable text into a code with the help of special keys (a very long string of numbers generated by the software). Third when the same data reaches its intended destination, it is decrypted that is a process of converting back the coded data to readable text with the help of special keys. Finally, the intended receiver gets the message in the form of Cipher text that is the readable text obtained after decryption.
How Whatsapp encrypts the data?
In April 2016, Whatsapp added end-to-end encryption feature to all of its messages, enabling it by default on all conversations. For its encryption process, Whatsapp uses the “The Signal Protocol”, designed by Open Whisper Systems. When the message is transferred, it gets encrypted with the help of Message Key AES256 in Cipher block chaining (CBC) Mode, and then it requires HMAC-SHA256 code as authentication for being decrypted. The Message Key changes for each message being transmitted, such that it cannot be reconstructed from the session. This in turn ensures that except sender and intended receiver, nobody else in between, not even Whatsapp can decipher your message.
How End-to-End Communication system differs from other typical server-based communications?
The typical server-based communications system involves large number of third parties for servers. Thus, they guarantee only the protection of communications between clients and servers and one has to trust the third-parties for privacy protection. End-to-end encryption technology is much safer because it do away with the requirement of third parties.
Conclusion
With exponential growth in number of internet users, privacy protection is the top priority in the digital world. Nowadays, several messaging apps like Whatsapp & Telegram are being used for transferring private messages, photos, videos, voice messages and documents. Therefore data privacy becomes important. Also, in an era of cashless economy, privacy is imperative to banks, allowing us to securely manage our finances online. Since End-to-End encryption technology ensures safe transfer of data, it can prove to be a game changer for digital economy. But there are also chances for the credentials of technology proving otherwise. This technology is also used by several militant groups in the world. Generally, investigating agencies are able to combat the activities of terrorist organisations because they decipher their messages in advance. But end-to-end technology has made it very difficult for the agencies to do so.