End-to-end encryption (E2EE) is a technology standard for protecting sensitive data — such as electronic financial transactions — by converting it into an unintelligible form while it’s being transferred from one end system or device to another.
As per the U.S. National Institute Standards and Technology definition, it is a form of communications encryption “in which data is encrypted when being passed through a network, but routing information remains visible.” As with all types of data encryption, the encrypted message cannot be read or tampered with by third parties, only the sender and the intended recipient(s) can decrypt and access the data.
How does end-to-end encryption work?
In E2E encryption, a communication system creates two sets of cryptographic keys, one public and one private, for each user. This process is known as asymmetric cryptography, because while a user’s public and corresponding private keys are related, they’re still considered distinct:
Public keys encrypt or lock the data through large numerical values created by an algorithm. Every user has their own public key, and it’s shared with every other user on the system, application or network.
Private keys decrypt or unlock the data that was secured by their paired public key. Private keys are unique, belong only to the owner and are not shared with other users.
In E2EE, the actual encryption occurs at both endpoints at the device level, whether it’s a mobile device, point of sale device or personal computer. You can think of the E2EE process as occurring over five steps:
Key generation – When a user joins a system, they receive unique public and private cryptographic keys
Key exchange – Whenever two users need to share information, they exchange public keys
Encryption – The sender’s device encrypts the information using the recipient’s public key
Transmission – The encrypted information is transmitted over a network or communication channel to the recipient’s device
Decryption – The recipient’s device uses their own private key to decrypt the message back to its original readable format or plaintext
For an end-to-end encryption example, consider that John wants to send Jane payment information: The information that John sends is first encrypted using Jane’s public key.
That data remains encrypted while in transit, even while it is stored on a server. In this state, it is unreadable — and therefore unusable — by any unauthorized third party, including John and Jane’s internet service providers (ISP), their application service providers or any other entities or services.
Hackers are also unable to access the information as, even if they intercept the transmission or break into the server, they don’t have the unique private key needed to decrypt the data.
Once the data reaches Jane’s device, it is decrypted by her related private key, and Jane is able to access the information. If Jane needs to send a response to John, her message will be encrypted using John’s public key.
Public keys are validated by being embedded in a certificate that is signed by a recognized certificate authority (CA).
How does E2EE differ from other types of encryption?
As a form of asymmetric encryption, E2EE uses two different cryptographic keys. In contrast, other encryption methods are symmetric, which means they use only one secret cryptographic key to encrypt and decrypt data.
The encryption process itself is similar. The cryptographic key used in symmetric encryption — also known as single-key encryption — is generated by an algorithm and can be a scramble of text or randomly generated numbers. Without the right encryption key, the encrypted message is unreadable and unusable.
However, symmetric encryption is less secure than asymmetric encryption, and if a third party is able to get ahold of the cryptographic key, they can decrypt any message they intercept.
E2EE also differs from two other standards of encrypting data: encryption in transit and encryption at rest:
Encryption in transit
Information is encrypted while in transit between an endpoint device and a server. While this protects the information, if it is intercepted while in transit, the information is vulnerable while at rest on the server.
Encryption at rest
Information is encrypted while on a server, with the decryption keys either centrally managed or located on the same server. Not only does this not protect information while in transit, but this single point of protection often makes the server vulnerable to attack.
Both encryption in transit and encryption at rest can use either symmetric or asymmetric encryption. And while they’re better than no form of encryption, they share vulnerabilities that are better addressed by E2EE.
E2EE is similar in function to point-to-point encryption (P2PE), where sensitive information is encrypted and decrypted only at endpoints and cannot be understood by unauthorized users. However, P2PE solutions have an added level of protection, as they must be assessed by a P2PE Qualified Security Assessor to be accepted as a PCI-validated P2PE solution, which confirms that all the devices, applications and processes used to encrypt and decrypt payments data are secure.
Learn more about P2PE and PCI-validation payment solutions in our complete point-to-point encryption guide page.
Encrypted data cannot be “hacked” or otherwise accessed without use of the right cryptographic key. However, there are workarounds where hackers or other cybercriminals can exploit vulnerabilities:
A hacker may execute a man-in-the-middle (MITM) attack where they will attempt to impersonate a message recipient. They’ll either attempt the impersonation during a public key exchange or substitute their public key for the intended recipient’s. In that way, they’re able to use their own private key to decrypt the message.
A hacker could also attack either of the endpoint devices. Once they gain access to a device, they could steal a cryptographic key to later attempt a MITM attack. They could even just read the decrypted messages on the device from log files or as they’re accessed in real time by the user.
Some networks may have backdoors, which are secret means of access that are built into a system and can bypass regular encryption or authentication protections. A developer may create a backdoor for easier access to an operating system or application, but one could also be installed as malware by malicious actors.
Why E2EE is important
End-to-end encryption is an important means of keeping sensitive information secure. Even in the event of a data breach on a server, stolen information cannot be read, accessed or otherwise used without the right decryption key.
Not only does E2EE protect your information from hackers, but a well-constructed E2EE system will also ensure that service providers like Google, Yahoo or Microsoft do not have access to the decryption keys. This means service providers are unable to access any of the sensitive information of their users.
Not only is good data protection vital for keeping financial information and other sensitive data safe, it is an essential right. The United Nations Human Rights Council recognized the right to data privacy in 2017.
Advantages of E2EE
Ensures the protection of sensitive information. Because data is encrypted between two endpoints, it is inaccessible outside of either device. This ensures protection for your information while in transit and while it’s on a server.
Prevents the tampering of keys. As the private key is never shared, it does not have to be transmitted for decryption. This ensures that the key cannot be compromised. And if the message itself is somehow tampered with, the public key will be unable to decrypt the message, protecting the receiver from its compromised content.
Offers compliance with regulatory laws. Certain transactions, such as financial transactions, have industry requirements for encryption-level data security. E2EE is one of the means of meeting those requirements.
Disadvantages of E2EE
Slower than symmetric encryption. Though the speed difference is fairly negligible, symmetric encryption keys are faster than asymmetric encryption. Also, if the endpoints aren’t clearly defined, the decryption can be complicated and delayed.
The metadata is still viewable. The metadata of the message — such as the date, time, sender or receiver — can still be read by third parties. While this will not compromise the information itself, it can provide important details to bad actors or hackers.
The devices are still vulnerable. If an endpoint device is compromised, a hacker could easily see the information after it is decrypted or even before it is ever encrypted.
Vulnerable to man-in-the-middle attacks. MITM attacks can succeed if the hacker has both a stolen public key and a private key taken from a compromised endpoint.
Examples of how E2EE is used
End-to-end encryption is used whenever data security or privacy is necessary, to protect sensitive information such as personal conversations, financial information, medical conditions or legal matters. E2EE is often used to help companies comply with data privacy and security laws and regulations. It continues to be used by governments as well as in the finance, healthcare and communications industries.
Some common E2EE examples include:
Email platforms like Microsoft Outlook, Hushmail and Mailfence and messaging systems like Signal, WhatsApp, Telegram, Wire and even Facetime all use E2EE to ensure no one but the sender and the recipient can read texts or listen to audio.
An electronic point-of-sale (POS) system provider could utilize E2EE when transferring sensitive information, such as customer credit card data.
Merchants can use E2EE to comply with the Payment Card Industry Data Security Standard (PCI DSS) to better protect card numbers, magnetic stripe data and security codes — though they will have to work closely with their acquirer or payment brand to ensure they are in full compliance.
While E2EE is a secure form of asymmetric encryption, it doesn’t offer the same level of security as validated point-to-point encryption (P2PE) solutions. Only P2PE solutions that have been assessed by a P2PE Qualified Security Assessor can be accepted as a PCI-validated P2PE solution, which confirms that all the devices, applications and processes used to encrypt and decrypt payment data are secure.
ACI Worldwide offers proven, scalable and secure P2PE solutions as well as PCI-certified validated point-to-point encryption (VP2PE) to give merchants additional PCI-compliance relief.
Contact us today to learn more about ACI Worldwide’s cross-border payment processing solutions.
