Sensitive data that travels over a network are securely encrypted from the point of data entry to the point where the data is processed. Sensitive data may be user name, password, credit card number, etc. The network can be the Internet, wireless, WAN and local LAN. Data are normally entered via the browser or a client application and the data will need to reach the application server to be processed or stored in the database.
So, doesn’t HTTPS performs data encryption from one point to another? Well, in most cases, only partially. In a multi-tier architecture, it is usually the dedicated Web Server that is handling the HTTPS. The link from the Web Server to the Application server or the Database server is most likely in the clear. If the Web Server is compromised, a simple net-sniffing will reveal all the data that is posted.
The “end-to-end” promise means that messages are encrypted in a way that allows only the unique recipient of a message to decrypt it, and not anyone in between. In other words, only the endpoint computers hold the cryptographic keys, and the company’s server acts as an illiterate messenger, passing along messages that it can’t itself decipher.
But, if the company’s server can never see the key, then how does it get onto the device when the user installs the app in the first place?
The answer is possible because of another crypto trick known as public-key encryption. In public key cryptosystems, a program on your computer mathematically generates a pair of keys. One, called the private key or secret key, is used for decrypting messages sent to you and never leaves your device. The other, called the public key, is used for encrypting messages that are sent to you, and it’s designed so that only the corresponding private key can decrypt those messages. That key can be shared with anyone who wants to encrypt a message to you.
Even end-to-end encryption isn’t necessarily impervious from snooping. Rather than try to actually break the encryption, for instance, an eavesdropper may try to impersonate a message recipient so that messages are encrypted to their public key instead of the one the sender intended. After decrypting the message, the snoop can then encrypt it to the recipient’s actual public key and send it on again to avoid detection; this is what’s known as a man-in-the-middle attack. To combat that tactic, some end-to-end encryption programs generate unique one-time strings of characters based on the two users’ public keys. The two people communicating read out that passphrase to each other before starting their conversation. If the characters match, they can be reassured there’s no man in the middle. Of course, there are still two vulnerable points left in even perfect end-to-end encryption systems: the ends. Each user’s’ computer can still be hacked to steal his or her cryptographic key or simply read the recipients’ decrypted messages.
End to end encryption in WhatsApp
Whatsapp integrated the open-source software Textsecure, created by privacy-focused non-profit Open Whisper Systems, which scrambles messages with a cryptographic key that only the user can access and never leaves his or her device. The result is practically uncrackable encryption for hundreds of millions of phones and tablets that have Whatsapp installed—by some measures the world’s largest-ever implementation of this standard of encryption in a messaging service.
In the app, private keys will be generated and stored on the user’s device and will no longer be accessible to WhatsApp. In addition, each message or session uses a different private key (called ‘perfect forward secrecy’) which means that no single key gives access to all the data sent by someone in the past or future. The WhatsApp server does of course store a user’s public key, which is necessary to build a directory of users so that people can contact each other across the service. In PKI encryption, this public key is useless for accessing encrypted content and is merely a way for two users to communicate with one another without the risky need to send each other a private key, for instance a conventional asymmetric key such as a passcode. None of the above requires WhatsApp users to configure anything – it’s just turned on by default.
WhatsApp offers a third security layer designed to stop the possibility of man-in-the -middle attacks in which someone impersonates the recipient of a message without the sender realising. This involves two people comparing a unique identifier, either by scanning a QR code or comparing a 60-digit number (which is not an encryption key, just an ID)