End-to-end encryption
Lua error in package.lua at line 80: module 'strict' not found. End-to-end encryption (E2EE) is a system of communication where only the people communicating can read the messages. No eavesdropper can access the cryptographic keys needed to decrypt the conversation, including telecom providers, Internet providers and the company that runs the messaging service.[1] Since no third-parties have knowledge of the data being communicated or stored, surveillance and tampering are impossible. For example, companies that use end-to-end encryption can’t hand over texts of their customers’ messages to the authorities.[2]
In E2EE systems, data is encrypted at the participating endpoints using either a pre-shared secret (such as PGP), a one-time secret derived from a pre-shared secret (such as DUKPT) or a secret negotiated in situ (such as OTR).[citation needed]
Contents
Examples
Examples of end-to-end encryption include PGP and S/MIME for email; OTR, iMessage or Signal for instant messaging; Tresorit, MEGA or SpiderOak for cloud storage; ZRTP or FaceTime for telephony; and TETRA for radio.
As of 2016, typical server-based communications systems do not include end-to-end encryption. These systems can only guarantee protection of communications between clients and servers, not between the communicating parties themselves. Examples of non-E2EE messaging systems are Google Talk, Yahoo Messenger, Facebook, and examples of non-E2EE storage systems are Dropbox and Google Drive. In the case of instant messaging, users may use a third party client (e.g. Pidgin) to implement an end-to-end encryption scheme (e.g. OTR) over an otherwise non-E2EE protocol.[citation needed]
Some non-E2EE systems, for example Lavabit and Hushmail, have described themselves as offering "end-to-end" encryption when they did not.[3] Some systems which normally offer end-to-end encryption have been discovered to contain a back door, which causes negotiation of the encryption key between the communicating parties to be subverted, for example Skype.[4][5]
Challenges
Man-in-the-Middle attacks
End-to-end encryption ensures that data is transferred securely between endpoints. But, rather than try to break the encryption, an eavesdropper may impersonate a message recipient (during key exchange or by substituting her public key for the recipient's), so that messages are encrypted with a key known to the attacker. After decrypting the message, the snoop can then encrypt it with a key that she shares with the actual recipient, or his public key in case of asymmetric systems, and send the message on again to avoid detection. This is known as a man-in-the-middle attack.[1][6]
Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, one could rely on certification authorities or webs of trust.[7] An alternative technique is to generate unique one-time strings of characters based on the two users’ public keys or shared key. The two people communicating compare their phrases using a trusted communication channel before starting their conversation. If the characters match, they can be reassured there’s no man in the middle.[1]
Endpoint security
The end-to-end encryption paradigm does not directly address risks at the communications endpoints themselves, such as the technical exploitation of clients, poor quality random number generators, or key escrow.[citation needed]
See also
References
- ↑ 1.0 1.1 1.2 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
