What is End to End Encryption (E2EE) & How Does it Work?

With total privacy high on the agenda for many business professionals, keeping what’s important away from prying eyes, end-to-end encryption (E2EE) is one of the most secure ways to communicate privately and securely online. It’s a term that has become ubiquitous with many platforms, but what is end to end encryption?

E2EE allows only the communicating end points to see the data sent clearly so that a user can send a message or documents privately to another user, as well as ensure private audio and video calls between two parties remain secure. This means anything in between these end points cannot access the data and it stays encrypted. This ensures only the intended parties will see this data, preventing anyone from intercepting private messages and data when being sent. This also includes the third-party software platform being used, helping achieve a secure connection.

However, many companies whilst claiming to use E2EE may not be as secure as you might think. Enterprise and Government users need to ensure that end to end encrypted data is true to its premise and not a variation of this. Choosing a secure platform that provides E2EE as intended is crucial, so how can you tell what is end to end encrypted data and what isn’t?

What is End to End Encrypted Data?

End to end encrypted data is any type of data that is sent between users, including communications and documents, that is encrypted and decrypted only at the end points. The end points refer to the software being used by those communicating, such as a smartphone app or desktop application. The message is created and encrypted on one end, and then sent to a user on the other end to decrypt and access. It’s only at these ‘end points’ that the data is clear and can be read. The servers being used during this cannot interpret the encrypted data during transit, meaning software companies cannot see the details contained. However, this is only where true E2EE is being provided.

Some companies whilst promoting end to end encrypted data practices, may not provide this at all. For example, some may treat the server as an end point rather than a real end user. This means that an encrypted message is sent but intercepted at a mid-point, before being sent to another user for decryption. This is called transit encryption or hop-by-hop encryption and is not the same as full E2EE. This represents bad industry practice and means users may not be getting the service they thought.

To ensure you are getting intended E2EE, you should use software that provides data exchanging between communicating parties that is encrypted and decrypted only at the end points – no transit encryption or where the server is the end point. The whole idea of E2EE is to allow users to send encrypted data and communication on their side that can only be decrypted by the intended receiver, not by a server or other unintended party. Otherwise, the risk of data interception by bad actors is high. Some companies will have the corresponding keys available on their server to decrypt messages whilst advising they offer end to end encryption. Whilst partly true, they fail to disclose the full journey of your data’s journey between you and the intended party.

How E2EE Works

If the software E2EE is being provided on uses modern and state-of-the-art cryptographic algorithms, the following steps will be taken:

  • Mutual Authentication –during account setup when using software for the first time, the exchange and validation of public keys/certificates are generated. It ensures that both parties are communicating to the right user when needed with the help of the provider.
  • Authenticated Key Exchange – before any encryption takes place, a set of cryptographic keys needs to be established between the communicating parties. These need to be:
    • Established directly between the end points, without the involvement of any middleman.
    • Authenticated via digital signatures generated with the private keys of the users.
    • Established in an ephemeral way only for that particular data.
  • E2EE via authenticated encryption – using a strong symmetric cypher, such as AES 256, the encryption takes place in an authenticated encryption mode such as Cipher Block Chaining (CCM) or Galois/Counter mode (GCM).

What are the Advantages of E2EE?

There are two main advantages of using end-to-end encryption in its truest form.

Reduced hacking risk – thanks to only the end users having the encryption key, this means fewer people have access to the data unencrypted. In the event of hacking or compromised data, anything encrypted will stay this way without the corresponding keys. E2EE always ensures only the intended parties can see the data decrypted.

Superior privacy and safety online – E2EE provides full control of your data, meaning business users can ensure no unintended use. This ensures privacy that other services that do not provide E2EE cannot match. If you are using software that uses hop-by-hop encryption, it means they can access and read the data on their server if they want to. This is also true even after deleting any messages.

Why E2EE Alone is Not Enough

With technology developing rapidly and those looking to take advantage using more sophisticated techniques to intercept data, having just end-to-end encryption to rely on is not enough to protect your interests. From both casual to business users, taking necessary precautions is vital.

Here at RealTyme, we take your data privacy seriously and provide a service with E2EE at its core, but with additional features that other software cannot provide.

Higher Privacy – service providers can utilize traffic analysis and metadata for their own advantage. WhatsApp is an example of a platform that uses E2EE but can still leak significant amounts of data on the server end. The RealTyme platform has no access to your metadata. (Link to Privacy blog)

Higher Data Protection – having a lack of data at rest encryption and secure data backup on the end device may result in data leaking despite E2EE. This can occur in software that only provides E2EE in transit but stays clear on the device to any potential malware or spyware, such as on an iPhone. Even the iCloud backup data can be compromised in this scenario. RealTyme provides much higher data protection to avoid this happening to you. (Link to End Point Protection Blog)

Ultimate Data Sovereignty – other services may provide E2EE for payload data in transit, but this leaves other metadata unprotected. This is available to service providers on the server side, meaning ultimate data sovereignty is not possible. E2EE needs to be coupled with protected and controlled deployments via on-premises/private-cloud installations. We provide this with the RealTyme platform for an unrivalled service. (Link to Data Sovereignty blog)

Learn more about our services at RealTyme and discover true end-to-end encryption for those who take data privacy seriously. Request an invite by booking a demo today.