End to End Encryption (E2EE) - Computerphile

Recently the Home Secretary of the UK government was on the breakfast news or something and he talked about how criminals are using end-to-end

encryption

to essentially evade detection and this is now unacceptable, in a sense, It is very true. is unacceptable, criminal activity is unacceptable, but what they are suggesting is that we find a way to remove this

encryption

or that we find a way to allow only certain parties, such as trusted government parties, to have access to it, before declaring it as a craziness. Let's see what that means and what end-to-end encryption is and if that is feasible, let's imagine that I am using WhatsApp or Facebook Messenger or some other end-to-end encrypted messenger with you so that you have a phone. here, it could be a phone, it could be a computer, it's not really important, some device with a screen, that's why I'm not employed to design these things, it's you, but this time I'll call you Alice because we always do.

That makes you a robot. So we have Alice and Bob here having a communication between two phones. There will be some communication mechanism between these two devices. It could be SMS or you know, GSM phone signal or it could be. something like wi-fi over the internet, in all these cases there will usually be an intermediary server that takes care of this transport, these phones are not able to connect to each other on their own, apart from things like nfc, where you get very close , so there's going to be a server here that I'm just going to label s, which in the case of WhatsApp is going to be a WhatsApp server and obviously it's going to be a server for whatever product you're using now, whenever Bob sends a message to Alice.

By definition, it will go through the server because that is what transmits the messages to Alice. He knows how to communicate with Alice. You know what her phone number is. It has a list of your contacts and things you know. Is that how it works. This could be a phone provider and there will be, you know, phone antennas and things in this mix, but it's not important, so this message here will come this way from Bob and go to Alice like this, the problem is. If we want to encrypt this channel correctly, we want certain people not to be able to read it.

If I'm sitting on a router somewhere on the Internet, we don't want me to go. Oh, that's a nice message with your credit card details. I have that right, so that's what we're trying to avoid here because that's how email works. Yeah, you can sit there and absolutely, and people encrypt the channels, it's nothing new. We have seen it for a long time. These techniques, like public key cryptography and some of these ciphers, have been around for many years, so how do we do it right? There are actually two options: the first is that Alice could negotiate some shared secret key with the server we'll call that key. k to s so Alice can use that key to talk to the server and she could send a message encrypted by kas to the server and say please can you forward this message to bob bob will have another key with the kbs server and that's what he uses to communicate obviously here Alice doesn't know what kbs is and Bob doesn't know what k-a-s is the server decrypts a message using kas it knows and then re-encrypts it with kbs and forwards it to bob now this is not over End to end encryption because it's obviously been decrypted halfway in a sense, that's a good thing, if I'm a terrorist or a criminal and I send a message, this server could do some kind of rudimentary checks to make sure that I'm not. doing something inappropriate, but for obvious reasons many people don't like this idea, what encryption does is replace these two keys with a key that only alice and bob know.

The idea is that this server is happy to retransmit the packets and but has no idea what they contain and this also works very well for this server because when someone says can you give us this data, they can reasonably say no, no because not want to, but because in reality, can't the process we use for this something called key exchange? The obvious problem here is that at some point Alice and her server have to share a key without an encrypted channel when she connects for the first time, they don't have this key. However, it is true, so how do we get the key?

There is a bit of a chicken and egg problem. The solution was proposed by Diffient Hellman, which is Diffie-Hellman key exchange. Well, we're not going to get into the details of Diffie's math. hellman in this video, but I'll just say that Alice and Bob have public and private components of this key, they share the public ones and then use the private ones secretly to create a shared key that no one else can know, that's essentially how it works, it's a way to even through the server produce a shared key k a b that no one else knows about, so now they have this shared communication channel, so when you connect for the first time it will send some identifiers to the server and set a public and a private. key pair and then from that point on, every time you want to connect with someone new, it will generate one of these keys which is called ephemeral, which means it basically generates one for almost every message, if not every message, for some of these applications.

The important thing is that the server, although they transmitted these messages, is not involved in this key exchange process and cannot inject itself into the medium, which means that it does not know what kab is and cannot physically decrypt the message when a minister or someone in the media says what we really want to do is allow some kind of government entry into this system. You can reasonably say that that's not possible because you would have to inject something in the middle of this key exchange that would completely undo it. Let's think about the different ways we could do this and see if they are practical.

Well, the first is that we could go back to this system here so that Alice can talk to the server securely using a key exchange that we can. have Bob talk to the server securely for a key exchange and the advantage would be that if let's say a judge ordered a warrant on some of this data, the company would have it on their servers probably decrypted and they could send it in certain sense, I'm not opposed to that at all because I really have nothing to hide, that's the obvious argument, but the problem is that if this server ever gets hacked, everyone's messages, emails and pictures will be deleted on the internet.

I've seen that happen many times, we can't be sure, but this is safe, so in a sense what we're doing is introducing a very large point of failure that could be catastrophic just so that the few people who do things illegally, Could we serve a court order on those people? Another alternative, but it is suggested in a way, is this type of back door, now in a sense, it is already a back door, this double key mechanism, but when we talk about a back door, what we do. What we're really talking about is some mathematical property of this key exchange that no one else knows about, that means we could actually decrypt the messages, that's the idea again, this is a big problem, it's a problem because if someone else, a criminal, discovers this flaw, then Once again, all our photos are posted on the Internet and it seems unlikely to me that the majority of people who find this flat would post it right away, they would happily sit on it and see what interesting things they can discover. of that kind of concern, so again I have some concerns about that approach, as long as we don't have a back door then there's no way for them to get in there, well, so yes and no, the problem is that the messages have to be decrypted somewhere because they have to present themselves on your screen for Alice to receive this message.

Her mobile app receives the message using kab, decrypts it and then it's on the screen right at that moment someone just steals the phone, runs out and reads. messages or phone errors, um, and it routinely reads messages, forwards them in this age of fairly secure end-to-end encryption, the much more likely target of the attack is not the encryption itself, it's just the dots finals, so I have your phone here, and you kindly left me the PIN code and I can scroll through your messages and read them well. They are not encrypted because that encryption was removed once it reached this endpoint.

It's basically automatically decrypted, so yes, to have a good user experience, it essentially has to hide all that encryption and present you with a nice set of readable messages, so in a sense your security depends on your PIN code and the OS. running on your phone or your handheld device, um, and if they're vulnerable, then you'll know, really the end-to-end encryption is completely bypassed, this is adding content directly to my normal view, the problem is the area in which you have to add this content. It's really very narrow, I think it's the equivalent of