END-TO-END ENCRYPTION

• E2E encryption, short for End-to-End encryption, pertains to specific points in the journey of information transmission.
• For instance, consider a chat conversation on a messaging app. When you send a message, it initially travels to a server maintained by the app's company. Following the app's instructions, the server directs the message to your friend. Within this framework, two critical encryption forms come into play: encryption-in-transit and E2E encryption.
• Encryption-in-transit ensures that before a message is forwarded from the server to you (or vice versa), it undergoes encryption. This method is employed to thwart any attempt by an unauthorized entity to read the message's contents by intercepting the relay.
• On the other hand, E2E encryption goes a step further. It encrypts the message both during transit (from your phone to the server or vice versa) and when it resides within the server. Decryption only occurs when your friend receives the message.

4. Methods of Information Encryption

Protecting information involves employing various encryption methods, selected based on the desired level of secrecy and security duration. One key distinction lies between symmetric and asymmetric encryption.

Symmetric Encryption

• In symmetric encryption, the key used for encryption is identical to the one needed for decryption. Notable examples include the Data Encryption Standard (DES) and Triple DES.
• Triple DES involves splitting the user-provided key into three parts, sequentially encrypting and decrypting the message with each part. This method is suitable when the sender and recipient are the same, as in encrypting a computer's hard drive. The Advanced Encryption Standard (AES) is another symmetric encryption algorithm widely used.

Asymmetric Encryption

• Asymmetric encryption involves distinct keys for encryption and decryption. If a message is encrypted with one key, it can only be decrypted using a corresponding key in a predetermined manner.
• Public and private key pairs are utilized. The public key is shared openly, while the private key remains confidential. This method is effective when the sender and recipient are different, ensuring privacy.
• The effectiveness of asymmetric encryption relies on keeping the private key secret. Advanced implementations involve mathematical problems for key storage, making it computationally challenging to breach. Longer keys enhance security.

Curve25519 Algorithm and Elliptic-Curve Cryptography (ECC):

• Messaging apps like WhatsApp employ the Curve25519 algorithm to generate public keys for messages. Curve25519 utilizes principles from elliptic-curve cryptography (ECC), grounded in algebraic geometry.
• ECC offers equivalent security to asymmetric encryption but with shorter key lengths, making it computationally efficient.

While End-to-End (E2E) encryption offers robust privacy assurances, certain vulnerabilities may expose user data or compromise the security of encrypted messages.

Man-in-the-Middle (MITM) Attacks

• E2E encryption is susceptible to MITM attacks, where an unauthorized party intercepts the communication. Attackers may obtain encryption keys by hacking devices, compromising the correspondence between encryption and decryption keys, or other means.
• Prevention involves using and comparing fingerprints—unique identifiers for keys. Users can verify key authenticity by comparing fingerprints through a separate channel, minimizing the risk of interception and message tampering.

 Device Hacking and Malware

• E2E encryption does not safeguard against attacks on individual devices. If an attacker gains access to a sender's or recipient's device, they may exploit vulnerabilities to obtain unencrypted data.
• Malware can infiltrate devices through various means, including SMS, providing unauthorized access to messages before encryption occurs.

Company-Installed Backdoors

• Companies implementing E2E encryption may, under legal or other pressures, install backdoors or exceptions to access encrypted messages. This could be mandated by law enforcement or for purposes of data retention and legal compliance.
• Instances like the Edward Snowden revelation exposed companies, such as Skype, installing backdoors for government agencies to access E2E-encrypted messages.

Complacency and Metadata Surveillance

• Users may become complacent with E2E encryption, assuming absolute security. However, certain vulnerabilities, such as storing images on devices, can be exploited by attackers who compromise the device.
• Metadata, information about messages (timing, frequency, recipients, locations, etc.), may still be accessible. While not revealing message content, metadata surveillance can provide insights into user behaviour.