End-to-End Encryption Flashcards
End-to-End Encryption
System where only the communicating users can read the messages, ensuring no intermediary (like a server) can access the message content
Why is E2EE important in instant messaging?
It prevents servers, routers or intermediaries from accessing the content of messages, protecting user privacy
What is a typical architecture of instant messaging without E2EE?
- Bob and Alice send messages through a central server
- Messages between each user and the server are encrypted
- Messages are stored and processed in plaintext on the server
What additional data can servers still access with E2EE?
Metadata (sender, receiver, timestamps)
What is the Double Ratchet Algorithm?
A protocol ensuring forward secrecy by frequently changing symmetric keys during a conversation.
Why is forward secrecy important in E2EE?
It ensures that if one session key is compromised, past or future messages will remain secure
What are residual challenges in E2EE?
- Authentication of endpoints: Verifying the communicating users
- Endpoint security: Protecting devices and keys from being compromised
- Backdoors: Trust issues with the systems or protocols
What are some risks related to encrypted backups?
- Encryption keys are stored on the cloud (messages in icloud)
- Media and messages in Google Drive may not be protected by E2EE
What is the “Chat Control” legislation?
Proposed laws aiming to balance individual privacy with online policing to combat child sexual abuse content
What cryptographic techniques are used in E2EE protocols?
- Public-key encryption
- Symmetric encryption
- Hash functions (authentication and integrity)
What is an example of a messaging app using E2EE?
WhatsApp and Signal both implement E2EE to protect message content.
