You have probably heard about encryption thanks to Whatsapp which recently rolled out an ‘end-to-end encryption and went ahead to become one of the largest platform offering secure messaging for over a billion users globally.
Encryption is the scrambling of information turning it into gibberish before sending it to the recipient. The receiver has the key to decrypt data restoring it back into readable information. The aim of encryption is to protect information from unauthorized access.
Where does encryption come from?
One of the surprising facts is that encryption has long been used since the medieval ages. The concepts of encoding messages that inspired modern encryption date back to around 55BC. Back then, an encryption technique popularly known as Caesar cipher was used by the famous Roman, Julius Caesar, in his private correspondence. The encryption involved substituting letters of the alphabet making the message basically gibberish to those who did not understand the secret-code. For example, if the cipher used a right shift of 1, M would be replaced by N, U would become V and so on so that the word “Mum” becomes “Nvn” – which is impossible to decipher unless you know the rules. Whereas the use of Caesar’s cipher recorded substitution system was the first to go on record, other encryptions are known to have been used earlier.
In modern times coding information through such systems has become more intricate and fast. But primarily, modern digital encryption use arithmetic algorithms to scramble data.
The aim of encryption is to code sender’s information to make it unreadable by unauthorized parties in such a way that even though the data is intercepted, it cannot be decoded without the decryption keys.
In the context of end-to-end encryption as used in Whatsapp, the content of transmission, in this case, messages, calls, and shared files are coded such that only the recipient’s device can decode it, thereby protecting it from interception while in transit. This is attained through ensuring that only the recipient’s device has the decryption keys needed to decode the sent message. There are two types of keys that are used in encryption: public keys and private keys.
Public Keys and Private Keys
An encryption key can be simply defined as a series of bits that decrypt the text. The public key and private keys, as the terms refer, are incredibly complex access codes that are generated by devices such as smartphones, laptops, iPhone including others.
The keys at a cursory glance are extremely complex and difficult to understand but algorithms and other digital systems are there to do the complex technical work for you.
When you install Whatsapp on your phone and register yourself, there are three public keys that are generated by your device namely; Identity Key, Signed Pre Key and One-time Pre Key. These keys proceed to be stored on the Whatsapp application server where they are used to encrypt messages that you receive from senders. A device can have various public keys assigned to them depending on the number of apps and programs it holds.
Here’s a basic description of how this works; when David sends a text to Liam, David’s device will use the Public keys of Liam’s device to encrypt the text before delivering it to Liam. In order to make sure that David sends a text that can only be read by Liam, the private key comes into play. The private key is particular to every device and is stored only on the specific device. For this reason, when David sends a text to Liam, the Public Keys in Liam’s device helps to encrypt it and sends it to Liam’s device where it is decrypted using the Private key.
Other applications of encryption in our day to day activities are sending an encrypted email where only the recipient who has the encryption key can read it. Likewise, shopping online through encrypted internet connection protect your personal information as well as credit card information from hackers, identity thieves, scammers, spies and other unauthorized users. Furthermore, encrypted data stored in the cloud is safe. iPhones are also encrypted to protect their data in case they get misplaced.
Just like everything else encryption too has a downside in that with this technically sophisticated automated feature, the authorities can no longer rely on chats and calls to avert security threats since there communication is encrypted and therefore impossible to intercept.
Law enforcement and intelligence officials are worried that some tech companies are rolling out new encryption systems which they are unable to unlock data since they do not hold the keys. For instance, Apple which features end-to-end encrypted messages, photos, and videos, has used IOS to automatically encrypt data for iMessage and Facetime stored on the devices with a key stored locally on the user’s device.
As a result, government officials are pushing for a “backdoor” point of access through which they can they can unlock encrypted information if they have a court order. These officials argue that encrypted information is protecting criminals and terrorists by hiding their communication from investigators.
However, according to encryption experts and tech companies opening an access point will weaken the encryption system leaving it vulnerable to hackers. They also argue that opening the door to one is opening a door to all, and hackers will also find a way to get in.
Additionally, Ransomware attacks also known as Denial of Service (DOS), that bar user from using their computers until they pay some ransom, are on the rise.
Properly Securing your Application’s Encryption
Here are some tips that can help you ensure that your encryption is secure:
- Avoid using older encryption algorithms like DES (Data Encryption Standard) or triple DES for symmetric encryption instead, use AES (Advanced Encryption Standard) which is the most preferred symmetric algorithms
- Use the highest key length you can support to make the encryption hard to crack for those who can’t access a back door.
- Encrypt in as many layers as possible to make it difficult for an attacker to crack the encrypted algorithm
- Store encryption keys securely. Have a secure key management system
- be careful to ensure that encryption implementation is done correctly