P L RAJ IAS & IPS ACADEMY - AN INSTITUTION FOR IAS, IPS AND TNPSC EXAMINATION

END-TO-END ENCRYPTION – SCI & TECH

News: End-to-end encryption: What it is, how it works, and why you need it

What's in the news?

● End-to-end encryption, a powerful technology that scrambles your data so that only you and your intended recipient can read it.

End-to-end encryption (E2EE):

● Encryption is a way of protecting data from unauthorised access or tampering.

● It works by transforming the data into a secret code that only the intended recipient can decipher.

● It is useful for various cases, such as securing online communications, storing sensitive information, and verifying digital identities.

Types of Encryption:

There are two main types of encryption:

1. Symmetric:

● It uses the same key to encrypt and decrypt the data.

● In symmetric encryption, the key used to encrypt some information is also the key required to decrypt it.

2. Asymmetric:

● It uses a pair of keys - one public and one private.

● The public key can be shared with anyone, but the private key must be kept secret.

Encryption and End-to-end Encryption:

● The term encryption is generally used when referring to the privacy of stored data, while end-to-end encryption protects data as it’s transferred between a location – which is crucial wherever there’s a rapid exchange of information.

● In an E2EE-enabled app, only the person on each end – the sender and receiver – can read any exchanged messages.

○ This is because messages get encrypted on your device before being sent and only are decrypted when they reach your intended recipient.

Applications of End-to-end Encryption:

● End-to-end encryption is used to secure communications. Some of the popular instant-messaging apps that use it are Signal, WhatsApp, iMessage, and Google messages.

● It is also used to secure passwords, protect stored data and safeguard data on cloud storage.

● It is often used to help companies comply with data privacy and security regulations and laws. For example, an electronic point-of-sale (POS) system provider would include E2EE in its offering to protect sensitive information, such as customer credit card data.

● End-to-end encryption has long been used when transferring business documents, financial details, legal proceedings, and personal conversations.

● It can also be used to control users’ authorisation when accessing stored data.

Concerns with End-to-end Encryption:

● Metadata

● Compromised endpoints

● Complexity in defining the endpoints

● Too much privacy