What is End-to-End Encryption?

Sensitive data that travels over a network are securely encrypted from the point of data entry to the point where the data is processed. Sensitive data may be user name, password, credit card number, etc. The network can be the Internet, wireless, WAN and local LAN. Data are normally entered via the browser or a client application and the data will need to reach the application server to be processed or stored in the database.

So, doesn't HTTPS performs data encryption from one point to another? Well, in most cases, only partially. In a multi-tier architecture, it is usually the dedicated Web Server that is handling the HTTPS. The link from the Web Server to the Application server or the Database server is most likely in the clear. If the Web Server is compromised, a simple net-sniffing will reveal all the data that is posted.

Thus, the purpose of this End-to-End encryption module is to perform the data encryption at the browser (via an applet) and decrypts the data at the application server or the database server.

Why use End-to-End Encryption?

The objective of developing this program is to cover the gap that HTTPS left out as explained above. However, to make it even more viable, the program has to be very very light weight. The size of the applet is very small - less than 12k byte and the CPU loading is also expected to be less than SSL.

Advantages of using this End-to-End Encryption module:

  • Selective encryption. In most cases, only a small amount of data need to be secured during transmission. The program is able to take in just these data and encrypt them. This is unlike HTTPS where everything, including images and html pages are encrypted. The result is much less CPU processing and therefore faster response and better use experience.

  • Very small file size. Thus, applet download will be fast.

  • Light weight processing. The applet and server side components employs
    the minimum but sufficient set of encryption and security features - 128 bit AES encryption and 1024 bit public-private key length.

  • No need to pay hundreds of dollars a year to buy SSL certificates. Save cost.

  • Flexible changing of keys. For even better security, the public and private key can be changed as and when required - even every browser session if desired. But key generation is a very CPU intensive operation. So once a day is viable.


Contact: polyarista@yahoo.com