Security is fast becoming one of the differentiating factor between the multitude of apps coming out. Consumer is also getting aware about the perils of readily available connectivity and the lack of privacy it comes with.
Lack of security in messaging is not for the lack of tools, but for the lack of ease of use for the end user. So, the seamless integration of security features becomes very important.
What is Encryption?
encryption is the process of encoding messages or information in such a way that only authorised parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor.
There are 2 types of encryption based on the key.
- Symmetric Encryption
In symmetric-key schemes, the encryption and decryption keys are the same. Thus communicating parties must have the same key before they can achieve secret communication. - Public Key Encryption
In public-key encryption schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key that enables messages to be read.
Uses of Encryption
Encryption can be used to:
- Preserve the confidentiality of the message.
- Validate the integrity of the message.
How does it works
Symmetric encryption has it inherent issues, As the key being used is common, and has to be shared between the users, the key itself can be compromised.
Hence "Public key encryption" is more widely used.
Public Key Encryption:
Preserving the confidentiality of the message:
There should be a common location where the public keys for all the users are stored and which is accessible for everybody.
When sending a message to a contact app will access the public key of the contact to whom the message is being sent. The content of the message will then be encrypted with the retrieved key.
When the intended recipient gets the message, the app will open the message and using the private key of the recipient (User will have to create a key pair to enable encryption feature) will decrypt the message and display it as plaintext.
Validating the integrity of the message
The above process makes sure the message is confidential but we still cannot authenticate the sender's identity. The solution for this issue is:
Before sending the message, the app will first encrypt the message using the public key of the recipient (as described in the previous point), then the app will use the private key of the sender to re-encrypt the cipher text generated from the previous step.
When the recipient receives the message, the app will now first use the senders public key to decrypt the message, this will ensure that the message sender is authenticated.
Then the app will proceed with the steps laid out in the previous step to decrypt again to get the message in plaintext.
Conclusion:
Hopefully this laid down the basics of how things work, we will continue the series on the tools and techniques used to secure your communication.