End-to-end encryption by default

Universal encryption is difficult and expensive, but unfortunately necessary. – Nicholas Weaver, Wired

What sets Kullo apart from most other alternatives that offer ‘secure’ messaging? The end-to-end encryption.
But let us discuss what this means, and why it is important.

When transmitting data via the internet, there are several ways to do so:

  • unencrypted
  • partly encrypted
  • end-to-end encrypted

Unencrypted data transfer

How data is transmitted is defined in the message protocol. A protocol is much like a recipe, it defines the rules of the data exchange. Many widespread network protocols in use were not designed with encryption in mind, so unsurprisingly, a lot of data is still sent across the internet unencrypted. While browsing the website of the New York Times for instance, the data transmitted between you and their servers is not encrypted.

New York Times Screenshot

Transport encrypted transfer

Websites that handle sensitive data (usually websites where you have a user account) usually have some sort of encryption in place, a well-known protocol employed by most websites is SSL, which encrypts all traffic between the website (i.e. server) and the user. This the main difference in visiting http://www.mybank.com and https://www.mybank.com. Transport encryption means that the data is transferred in encrypted form only between certain nodes, and then being stored locally in unencrypted form.

Let’s focus on communication service providers: For a host of reasons, most communication protocols employ encryption only for subsections of the message route, decrypting and encrypting the messages along the way at certain nodes. Almost all ‘encrypted’ communication services use encryption on the way between the client and servers and vice versa. However, since the data is decrypted and encrypted at least once, these services do have access to the full contents of the messages on their servers.

A prime example of this would be online email providers like Google Mail. While an email is encrypted when you send it to the Gmail servers, it has to be decrypted somewhere on their servers. Google is in the advertising business, and Gmail is free because your emails are scanned automatically to create targeted advertising.

Furthermore, services like spam filtering, fast search (through indexing) and antivirus protection are only possible if the emails are accessible for the provider. This does not mean that Google Employees are reading your emails or would be able to on a whim. Yet, when using a service is only partly encrypted, the user always has to trust the company that provides the service (Google, Facebook, Whatsapp) which has its their reputation and with it its survival on the line. It does however mean that mean that in theory, the company is able to access and hand over your messages if, for instance, they get a request to do so from a government or law enforcement agency.

But next to the necessity of trusting the provider, any server that contains your data in unencrypted for also poses an additional security risk: In this article on Wired from which the quote at the top of this post originates, Nicholas Weaver explains why end-to-end encryption is not only necessary for privacy, but for security reasons.

If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgacom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.

Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

The increased awareness for internet security has caused the Internet Engineering Task Force (IETF) to launch plans to encrypt all internet traffic eventually.

So what is the answer to this problem? End-to-end encryption.

End-to-end encrypted data transfer

Genuine end-to-end encryption is very rare. In effect, it means that there are only two places where your messages are available in unencryted form: your device and the device of the recipient. This has been implemented nicely in several instant messaging solutions that focus on synchronous communication, but few if any asynchronous messaging solutions offer it. Among tech aficionados, the email encryption methods PGP and S/MIME are quite popular, but they have to be set up by someone with some encryption knowledge.

We believe that this is the only way sensitive information should be transmitted, and therefore the Kullo protocol implements end-to-end encryption by default.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.