Sign In
Learn bits
Science & Tech.
Mahesh

25/01/24 06:50 AM IST

End-to-end encryption

In News
  • Information is wealth, and an important way to protect it is encryption.
Encryption
  • Fundamentally, encryption is the act of changing some consumable information into an unconsumable form based on some rules. There are different kinds of such rules.
  • For example, (with particular settings) the Data Encryption Standard (DES) encrypts the words “ice cream” to AdNgzrrtxcpeUzzAdN7dwA== with the key “kite”. If the key is, say, “motorcycle”, the encrypted text becomes 8nR+8aZxL89fAwru/+VyXw==.
  • The key is some data using which a computer can ‘unlock’ (decrypt) some ‘locked’ (encrypted) text, knowing the set of rules used to ‘lock’ it.
Working
  • Say I write down AdNgzrrtxcpeUzzAdN7dwA== on one piece of paper and “kite” on another piece of paper, crumple them both, and throw them at my friend across the room.
  • Suddenly a man I didn’t notice in the middle of the room leaps up to snatch the piece of paper saying AdNgzrrtxcpeUzzAdN7dwA== and runs away with it. Because this fellow doesn’t know the key (“kite”), he won’t know what the piece of paper says.
  • This is how encryption protects information, digitally.
E2E encryption
  • E2E is encryption that refers to particular locations between which information moves.
  • Say you are chatting with your friend on a messaging app. When you send a message, it first goes to a server maintained by the company that built the app; based on its instructions, the server routes the message to your friend.
  • In this setup, two important forms of encryption are encryption-in-transit and E2E encryption.
  • Encryption-in-transit means before a message is relayed from the server to you (or vice versa), it is encrypted.
  • This scheme is used to prevent an actor from being able to read the contents of the message by intercepting the relay.
  • In E2E encryption, the message is encrypted both in transit and at rest – i.e. when being relayed from your phone to the server (or vice versa) and when it is sitting inside the server.
  • It is only decrypted when your friend receives the message.
Symmetric and asymmetric encryption
  • There are several ways to encrypt information depending on the level of secrecy and protection required.
  • If some information is to remain encrypted for 100 years, a computer must require more than 100 years to decrypt it without the key.
  • One broad distinction is between symmetric and asymmetric encryption.
  • In symmetric encryption, the key used to encrypt some information is also the key required to decrypt it. DES is a famous example of a symmetric encryption protocol.
  • In a stronger version of DES, called Triple DES, the key a user provides is split into three parts. Let’s say they are “mot”, “orcy”, and “cle”.
  • Then, the message – “ice cream” – is encrypted by the first part (“mot”); the result is decrypted by the second part (“orcy”); and its result is again encrypted by the third part (“cle”). The garbled text thus produced is then transmitted to the recipient along with the key.
  • Symmetric encryption is useful when the sender and the recipient are the same person, for example when you encrypt the hard drive of your computer.
  • The Advanced Encryption Standard (AES), which you might have noticed when setting your WiFi password, is also a symmetric encryption algorithm.
  • In asymmetric encryption, if the message “ice cream” is encrypted using the key “motorcycle”, it can be decrypted using a different key that corresponds to “motorcycle” in a predetermined way.
  • For example, say you and your friend agree that if you use the key “motorcycle” to encrypt the message, your friend will use the key “helmet” to decrypt it, and if you use “banana” to encrypt, your friend will use “pineapple” to decrypt.
  • You and your friend go to a party and find yourself standing far from each other, and you wish to send them a message.
  • So you encrypt “ice cream” with “banana” as the key, and you shout out the encrypted text to your friend along with the word “banana”. Your friend now knows that they should decrypt the text using the key “pineapple” to reveal the underlying message.
  • In this situation, using asymmetric encryption, you have been able to reveal the encryption key without compromising your or your friend’s privacy.
  • Asymmetric encryption will work as long as the private key and the correspondence between the public key and the private key are kept secret.
  • In advanced implementations of asymmetric encryption, this correspondence is ‘stored’ in the solution of a mathematical problem that even a computer would require a long time to solve.
  • It is useful when the sender and the recipient are different. The level of protection it confers is greater the longer the key is.
Hash Functions
  • The hash function is responsible for encrypting a message. These functions are expected to have many properties. Here are three for example:
  • The function should accept an input message and produce an encrypted version – called the digest – in a way that, given the digest, doesn’t reveal what the message could be.
  • It should accept a message of any length and produce a digest of a fixed length, irrespective of how long or short the message is. This way, the length of the original message can’t be deduced from the length of the digest.
  • It should produce unique digests for unique messages.
  • For example, the hash function the DES algorithm uses has many steps, at the heart of which is a table called an S-box: it converts a six-bit value into a four-bit value.
  • DES is a type of symmetric cipher called a block cipher, meaning it operates on fixed-length blocks of information at a time, in this case 64 bits, with 56-bit keys. (The bits refer to the message converted to binary.)
  • A hash function called the Feistel function begins by splitting a block into two parts. In each part, it selects 16 bits and appends them to the end, extending the 32-bit block to 48 bits.
  • This is fed to a XOR logic gate as one input, the other being a 48-bit subkey that’s derived from the key.
  • The XOR gate’s output is then split into eight parts, each of which is remixed in a different S-box. The outputs of the eight S-boxes are finally arranged in a specified pattern.
  • The messaging app WhatsApp uses the Curve25519 algorithm to create public keys for messages.
  • Curve25519 uses the principles of elliptic-curve cryptography (ECC), which in turn is based on some concepts in algebraic geometry.
  • ECC’s advantage is that it can provide the same level of security as another asymmetric encryption algorithm but with a shorter key.
Can E2E encryption be ‘cracked’?
  • Messaging apps with E2E encryption promise that even their parent companies won’t be able to read messages sent and received by its users.
  • However, the informational content of the messages can still be accessed in other ways.
  • A common example is the man-in-the-middle (MITM) attack.
  • This is related to the example earlier of an unnoticed man in the middle of the room jumping up to intercept your message to your friend.
  • In that instance, the man didn’t have the key and couldn’t decrypt the message.
  • In an MITM attack, this man is the attacker and he has been able to acquire the key to decrypt the message, either by hacking your device to obtain the encryption key as well as the correspondence between the encryption and decryption keys or by hacking your friend’s device to acquire the decryption keys.
  • MITM attacks can be prevented by using and comparing fingerprints. Each fingerprint is some data that uniquely identifies a key.
  • Users can compare the fingerprints of their public keys in a separate channel (i.e. different from the one susceptible to an MITM attack) to make sure an attacker doesn’t intercept a message, modify it, re-encrypt it with a different key and send it to the intended recipient.
  • Another issue with E2E encryption is that it could induce complacency in a user who believes an attacker can’t access, say, an image they’re sending over a messaging app in any other way.
  • Since the image may be stored on the sender’s device, an attacker can hack the device to obtain it.
  • Finally, the company that installs E2E encryption on its products can install a backdoor or an exception that allows the company to surmount the encryption and access the messages.
  • Such a thing may be required by law, such as companies being expected to retain and, in the event of litigation, share that information with lawyers.
  • If the goal is to surveil a user, an actor can do so if they can access the messages’ metadata, i.e. data about the messages, such as when they were sent, to which user, how often at different times, from which location, etc., instead of the messages themselves.
Source- The Hindu

More Related Current Affairs View All

23 Sep

Quad grouping

'Prime Minister Narendra Modi arrived in the United States, where he will participate in the fourth Quad Leaders Summit in Wilmington, Delaware.' Quad s the grouping of four de

Read More

21 Sep

India Achieves Tier 1 Status in Global Cybersecurity Index 2024

' India has secured Tier 1 status in the Global Cybersecurity Index (GCI) 2024, published by the International Telecommunication Union (ITU).' The GCI is a comprehensive assessm

Read More

21 Sep

A new White Revolution

'Operation Flood, launched in 1970, ushered in the White Revolution and transformed the dairy sector in India.' Dairy cooperatives procured 660 lakh kg of milk per day in 2023-2

Read More

India’s First Ai-Driven Magazine Generator

Generate Your Custom Current Affairs Magazine using our AI in just 3 steps