(cache)The Many Faces of End-to-End Encryption and Their Security Analysis | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
ADVANCED SEARCH
Conferences >2017 IEEE International Confe...

The Many Faces of End-to-End Encryption and Their Security Analysis

PDF
Mohamed Nabeel
All Authors

Abstract:

Due to increased government surveillance as well as data breaches, end-to-end encryption has recently received an increasing attention as a way to protect against such th...Show More

Metadata

Abstract:

Due to increased government surveillance as well as data breaches, end-to-end encryption has recently received an increasing attention as a way to protect against such threats. End-to-end (E2E) encryption preserve the confidentiality of data on the wire as well as from service providers by performing encryption/decryption at clients keeping the keys strictly within client devices. There are many variants of end-to-end encryption schemes for different communication patterns. In this paper, we systematically analyze the security of these different variants against three types of passive adversaries and one type of active adversaries. We show that the security of some of these systems are broken under these threat models and what can be done to ensure confidentiality in such systems. We also analyze the existing products in the market and show what level of security they provide. Our study shows that most of the E2E encrypted systems are secure against only the weakest passive adversaries. Further, these systems are broken not by cryptanalysis of underlying cryptographic algorithms but by flawed system designs and security assumptions. Specifically we identify that unencrypted metadata and access patterns make these systems susceptible to inference attacks. We conclude with general design guidelines to securely build such systems.
Published in: 2017 IEEE International Conference on Edge Computing (EDGE)
Date of Conference: 25-30 June 2017
Date Added to IEEE Xplore: 11 September 2017
ISBN Information:
DOI: 10.1109/IEEE.EDGE.2017.47
Conference Location: Honolulu, HI, USA
Contents

I. Introduction

Cloud and mobile computing has given room to unprecedented level of access points into corporate as well as individual data leaving one to rethink how to protect such data. Weather three digit government organizations support it or not, many practitioners are considering end-to-end (E2E) encryption as an important security measure to protect the crown jewels of organizations and individuals, data. While it solves the problem of unauthorized access to some degree, it is still in its infancy and has many limitations and pitfalls that practitioners should consider before embracing it.

Contact IEEE to Subscribe
More Like This
Access Control on Internet of Things based on Publish/Subscribe using Authentication Server and Secure Protocol

2018 10th International Conference on Information Technology and Electrical Engineering (ICITEE)

Published: 2018

A Secure Middlebox Framework for Enabling Visibility Over Multiple Encryption Protocols

IEEE/ACM Transactions on Networking

Published: 2020

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.