[go: up one dir, main page]
Scribd
Upload
14 views4 pages

NSF CP

The document discusses the importance of end-to-end encryption for securing user data from third parties, including service providers and hackers. It explains the Diffie-Hellman key exchange algorithm as a method for establishing shared secret keys between users while highlighting its vulnerability to man-in-the-middle attacks. Additionally, it emphasizes the need for authentication mechanisms to ensure secure communication.

Uploaded by

Elmar Suleymanov
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
14 views4 pages

NSF CP

The document discusses the importance of end-to-end encryption for securing user data from third parties, including service providers and hackers. It explains the Diffie-Hellman key exchange algorithm as a method for establishing shared secret keys between users while highlighting its vulnerability to man-in-the-middle attacks. Additionally, it emphasizes the need for authentication mechanisms to ensure secure communication.

Uploaded by

Elmar Suleymanov
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

End-to-end Encryption

Now that we have our messages transferring instantly from client to server and back,
let’s discuss how we can make our data secure over the network. Various algorithms
and protocols are working on the internet these days to make the exchange of
confidential information secure. Messaging applications do implement encryption, but
not each one of them makes the encryption end-to-end. This means that not even the
server can decrypt our messages. But why do we need to make the application that
secure?

1. Need for End to End Encryption

The answer is simple - to make the user’s private information hidden from any third
party user. This may be the government, hackers or any other intelligence agency. The
service provider may or may not allow third-parties like the government to access the
data as in the case of any criminals or terrorist activities. But what if the servers get
hacked? The information might then be in the wrong hands. In such cases, the users
prefer to choose end-to-end encryption, where even the service provider cannot access
decrypted data.

End-to-end encryption implies some other important details. Consider


two WhatsApp users communicating through instant messaging.
Their data passes through a WhatsApp server while transiting from
one user to the other. For other services that offer encryption, the
data is encrypted during transfer but is protected only from outside
intruders like hackers. The service can intercept the data at their
servers and use them. They can potentially hand the data to third
parties or to law enforcement authorities.
3. Diffie-Hellman Key Exchange Algorithm

Today we will be discussing the Signal Protocol in detail. But before that, we need to be
aware of the Diffie-Hellman key exchange mechanism. With simple encryption, the
messages are usually encrypted only between the users and the server, making use of
some cryptographic keys, hence making data vulnerable at the server. We want these
keys only to exist between the users and not the server. But how is this possible?
Suppose we have two Clients - Alice and Bob.

o Alice and Bob agree to use two common prime numbers (g & n)
provided by the server.
o Now, these are combined using some mathematical calculations with
the Private keys of Alice and Bob => a + g = ag and b + g = bg.
o We exchange these Ephemeral/Public Keys ag and bg via server.
o Combine the exchanged keys with the Private keys of Alice and Bob
respectively to form a Shared Secret Key => ag+b = agb and bg+a
= bga at both ends.
o Now the attacker might be aware of g, n, ag & bg as these are being
shared publicly, but not a & b since these are private keys only available
to Alice and Bob.
o It is too difficult for any intruder to split up the public
components ag and bg.
o Any attacker can combine ag+bg = abgg (extra bit) - too hard to figure
out.
This mechanism was developed by Whitfield Diffie and Martin Hellman to derive the
cryptographic keys instead of exchanging them completely in public. It is explained
using colors since it is not possible to separate colours once mixed. Similarly, it is hard
to figure out the secret keys using the only public components, once combined
mathematically with the prime numbers provided by the server.

4. Problems with Diffie-Hellman Key Exchange


Although the mechanism provides us with a secure way to create cryptographic keys as
end-to-end, it does not authorize the users. Hence, we might have some third party
pretending to be the intended recipient and he/she will be able to access or modify the
messages, by creating another pair of shared secret keys with Alice and Bob
respectively. This is usually known as a Man-in-the-middle attack.

To perform authentication, this algorithm is integrated with other algorithms that provide
authentication (ECDH) or derived multiple times mathematically (X3DH). That is when
RSA came to rescue. The sender not only performs Diffie-Hellman but also shares
his/her signature to ensure that only he/she has sent that message.

Encryption is a way of scrambling data so that only authorized


parties can understand the information. In technical terms, it
is the process of converting human-readable plaintext to
incomprehensible text, also known as ciphertext. In simpler
terms, encryption takes readable data and alters it so that it
appears random. Encryption requires the use of
a cryptographic key: a set of mathematical values that both
the sender and the recipient of an encrypted message agree
on.

You might also like