How Cybersecurity and End-to-End Encryption Protects Your Information
Author: Patrick Lin
Editors: Shannon Tan and Kira Tian
Artist: Christie Peng
In an era when personal data is both vulnerable and valuable, people are more concerned about their private information than ever before. Nowadays, almost every piece of information sent through the internet is encrypted automatically. Some messaging service providers take security even one step further so that the service providers cannot decrypt the messages between their users. This is done by using a system called end-to-end encryption.
When Alice and Bob, common placeholder names used in cryptology, share any information to each other through the internet, the data has to travel through a series of network devices to reach the other person. Since the data does not go to the other person directly, there is a chance of the data being compromised by an unwanted party. In order to avoid this situation, the data needs to be encrypted, such that even if the unwanted party takes it, they would not be able to decrypt and understand the message.
The 2 cryptographic systems used to encrypt and decrypt messages are called symmetric cryptography and asymmetric cryptography. Symmetric cryptography includes techniques such as Advanced Encryption Standard and Twofish, while asymmetric cryptography includes techniques such as Rivest-Shamir-Adleman and Elliptic-Curve Cryptography. The difference between symmetric and asymmetric cryptography is that symmetric cryptography uses the same exact key to encrypt and decrypt the data, while asymmetric cryptography uses different pairs of keys to encrypt and decrypt data.
End-to-end encryption can be achieved using both symmetric and asymmetric cryptography with symmetric cryptography using a pre-shared secret and asymmetric cryptography creating a shared secret at the start of the communications session. In symmetric cryptography, the shared secret or key to encrypt and decrypt data must be known by both Alice and Bob beforehand. If Alice and Bob did not share a key, they would have to exchange keys through a secure channel so that the key does not become compromised. This method becomes very messy when more participants start trying to share a key with each other and when participants exchange keys frequently. In asymmetric cryptography, the shared secret does not need to be known by Alice and Bob beforehand. Instead, Alice and Bob each have their own public and private key. The public key can be shared with the public and is used to encrypt data. The private key cannot be shared with the public and is used to decrypt the data the public-key encrypted. In a basic asymmetric key encryption scheme, Alice can share her public key so that Bob can encrypt his messages when he sends them to Alice. When the message is sent, Alice can use her private key so that she can decrypt the message she receives from Bob. This simplifies encrypting and decrypting communication when there are more than 2 participants and allows for a different key to be used in every single message to make the communication even more secure.
End-to-end encryption is important because it allows communication to only be seen by both ends. That means, even if Alice and Bob use a third-party messaging service, the service provider or the middleman would not be able to read any of the messages sent between Alice and Bob. The middleman would simply act as an unknowing messenger, such that even if the middleman was compromised, the communication would still be secure. The only entry point into the communication would be the ones at the end of the encryption.
Citations:
Allan, Michelle. “6 Types of Encryption That You Must Know About!” GoodCore Blog,
GoodCore, 30 Oct. 2019, www.goodcore.co.uk/blog/types-of-encryption/.
Greenberg, Andy. “Hacker Lexicon: What Is End-to-End Encryption?” Wired, Conde Nast,
25 Nov. 2014, www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/.
Rouse, Margaret. “What Is Asymmetric Cryptography and How Does It Work?”
SearchSecurity, TechTarget, 20 Mar. 2020,
searchsecurity.techtarget.com/definition/asymmetric-cryptography.