Encrypting Online Communication
Something that all internet users should know is that communication on the world wide web is generally and mostly sent in unencrypted form. Internet users now have several options and encryption technologies they can use to transmit messages, make phone calls or send e-mails in a manner protected against access by unauthorised third parties.
The cost of applying these technologies for private individuals is becoming lower and lower. However, they provide huge value-added for the privacy of individuals. All internet users can benefit from learning about the possibilities of encryption.
Reasons to use encryption
There is often a good reason for sending a sealed letter rather than an open postcard. The sender wishes to shield the personal or sensitive data contained in the message against being read by an unauthorised person.
Unencrypted emails are the digital equivalent of a postcard. Everything contained in it can potentially be read by anyone whilst the e-mail is being transported from the sender to the recipient.
Something very similar applies to online chats, telephone conversations via Voice-over-IP (VoIP) and the data that browsers send and receive when websites and online services are opened.
Encryption ensures that only authorised people can decipher the contents of a message. This is why banks, for example, encrypt the information that they send via the net.
Encryption aims and technologies at a glance
In principle, any application can be used in encrypted form. To achieve this, additional encryption technology needs to be integrated into the relevant programs. There are currently two main cryptographic processes to choose from, asymmetric and symmetric processes, plus hybrid forms of encryption. These processes involve very different algorithms and hierarchies that define, for example, how pairs of encryption keys are created and distributed.
Amongst other forms of encryption, transport encryption (point-to-point encryption) or what is known as end-to-end encryption are also applied to e-mails.
Transport encryption
Transport encryption is used to secure communication between the e-mail program and its e-mail service provider. The latter then forwards the e-mail to the relevant e-mail service provider of the recipient. The technology is referred to as point-to-point encryption because the e-mail is temporarily unencrypted at hubs like the server of the e-mail service provider for example. The message is only encrypted between the hubs. Although transport encryption makes it much harder for unauthorised parties to read the message, the e-mail service providers involved do still have access to the plain text of the e-mail. The user generally cannot influence, activate or deactivate this technology themselves. Transport encryption is still better than communicating in a completely unencrypted form.
End-to-end encryption
End-to-end encryption is recommended in order to prevent the message from being read or listened to en route. The e-mail is encrypted before being sent using the public key of the addressee and is only opened using the addressee's second matching and private key once it is received. The e-mail is therefore protected throughout the entire process and is not readable as plain text at the hubs. The asymmetric key pair of the recipient thus ensures that the message's confidentiality is protected.
The sender can calculate a checksum, also known as a hashvalue, from the finalised e-mail, and then encode this using their own private key. This then acts as a digital signature that is comparable to a fingerprint or stamp and can be attached to the e-mail. On their end, the addressee on the one hand calculates the checksum of the e-mail received and on the other hand decrypts the sender's attached signature using their public key, thereby receiving the checksum calculated by the sender. If the checksums agree, the recipient knows that the e-mail has not been altered, so its integrity is confirmed.
In addition, they can verify that the e-mail is really from the owner of the corresponding private key, which confirms its authenticity. The sender's asymmetric key pair can therefore guarantee the integrity and authenticity of the e-mail.
Thus, only end-to-end encryption guarantees complete protection of the data packet transmitted and fulfils three important goals of using encryption online:
Protection of confidentiality: The messages or data can only be read as plain text or clearly listened to by the intended recipient.
Protection of authenticity: The authenticity of the sender is verified. The sender is really the person that claims to be the sender.
Protection of integrity: The message cannot be altered by third parties unnoticed en route from the sender to the recipient.
These goals can only be guaranteed through end-to-end encryption, which involves encrypting the data when it is sent and only decrypting it when it is received.
You can find an overview of the scopes of application and references to additional information under Fields of Application of Encrypted Communication.
You can find out how to protect the data on an external hard drive or a USB stick, for example, against third parties under Information on Data Encryption.
You can find out how to communicate in encrypted form using your smartphone and the potential side effects of encryption in another expert article.
- Short URL:
- https://www.bsi.bund.de/dok/6597618