End-to-end encryption

From Wikipedia, the free encyclopedia
Jump to: navigation, search

End-to-end encryption (E2EE), which is non-certified or uncertified, is a digital communications paradigm of uninterrupted protection of data traveling between two communicating parties without being intercepted or read by other parties except for the originating party encrypting data to be readable only by the intended recipient, and the receiving party decrypting it, with no involvement in said encryption by third parties. The intention of end-to-end encryption is to prevent intermediaries, such as Internet providers or application service providers, from being able to discover or tamper with the content of communications. End-to-end encryption generally includes protections of both confidentiality and integrity.

Examples of end-to-end encryption include PGP and S/MIME for email, OTR for instant messaging, Tresorit for cloud storage, ZRTP for telephony, and TETRA for radio.

Typical server-based communications systems do not include end-to-end encryption. These systems can only guarantee protection of communications between clients and servers, not between the communicating parties themselves. Examples of non-E2EE systems are Google Talk, Yahoo Messenger, Facebook, and Dropbox. Users may, however, utilize a third party instant messaging client (such as Pidgin) which supports OTR, allowing users to implement their own end-to-end encryption scheme over non-E2EE protocols. Some non-E2EE systems, for example LavaBit and SecretInk, have even described themselves as offering "end-to-end" encryption when they do not.[citation needed] Some systems which normally offer end-to-end encryption have been discovered to contain a back door, which causes negotiation of the encryption key between the communicating parties to be subverted, for example Skype.[citation needed]

The end-to-end encryption paradigm does not directly address risks at the communications endpoints themselves, such as the technical exploitation of clients, poor quality random number generators, or key escrow.

Example: TETRA[edit]

A classic deployment of E2EE is demonstrated by its use within the Terrestrial Trunked Radio (TETRA) standard, as defined by the Security Fraud Prevention Group (SFPG) of the Tetra MoU.[1]

In this context E2EE allows security-aware users to retain control over access to their communications. Unlike TETRA air-interface encryption (an example of Link encryption) users do not have to share key-variables with network operators (e.g. 'Airwave',[2] 'A.S.T.R.I.D',[3] 'C2000'[4]). In this way the user traffic (in this case voice or data) travels through the public network encrypted from the transmitting user terminal until it reaches the receiving user terminal where it is decrypted.

If only air-interface encryption were used, interception of the user traffic would be possible at any point after the air-interface encryption had been removed (i.e. at any point other than the TETRA air-interface) and the traffic entered the trunked network. This exposes the user traffic to any weaknesses of the trunked network and implicitly requires trust between the user and the network operator. In this way E2EE is particularly suited to situations where users do not trust network operators or government infrastructures.

In the TETRA deployment of E2EE the management, distribution and updating of encryption key-variables and crypto-associations (links between network address and key-variables) is facilitated by use of a Key Management Centre (KMC). The KMC is under user-control, although it is connected to the trunked-network to allow the user to manage E2EE terminals by the use of encrypted key-management messages (KMMs). These KMMs allow the user to achieve Over-The-Air rekeying (OTAK).

The key-variables and crypto-associations allows the user (by use of the KMC) to partition the trunked-network address space into 'encrypted' and 'non-encrypted' channels. It is possible to define sets of key-variables called crypto-groups, and it is further possible to define which crypto-group any particular encrypted channel uses. Furthermore, it is possible for the operator of the KMC to partition their user-fleet into user-groups (groups of users who receive the same crypto material).

This lets the KMC user determine which parts of their user-fleet can communicate with one another and allows the user organisation to achieve crypto-separation between different groups of users.

See also[edit]


  1. ^ A presentation by Brian Murgatroyd to the SFPG Archived September 27, 2007 at the Wayback Machine
  2. ^ Airwave: Home Archived August 28, 2008 at the Wayback Machine
  3. ^ http://www.astrid.be Archived May 29, 2014 at the Wayback Machine
  4. ^ C2000 Archived June 29, 2006 at the Wayback Machine

External links[edit]

  • How-To Geek Why most web-services don't use end-to-end encryption.