fbpx
Techitup Middle East
B2B TechnologyCybersecurity

Cloudflare Helps Secure Most Popular Messaging Applications

Cloudflare, Inc. today announced a new service to verify the integrity of public keys in the end-to-end encryption of popular messaging applications. When using end-to-end encryption messaging applications, a public-private key exchange encrypts messages to protect against an outside party intercepting messages. Now, Cloudflare is taking the burden off security-minded users that have previously had to manually verify public keys with their contacts. By automatically checking that public keys haven’t been tampered with, Cloudflare is helping to build trust that end-to-end encrypted messages are delivered to the intended recipients. WhatsApp has long partnered with Cloudflare for security verifications, and is again the first to implement this new auditing process to strengthen users’ trust in the application.

End-to-end encryption (E2EE) is a type of encryption that keeps messages private from everyone, including the actual messaging service itself. With end-to-end encryption, messages are only visible to the sender and the intended recipient. When someone sends a message, it is encrypted on their device before it is transmitted over the Internet. This means that the message is scrambled so that only the recipient’s device can decode it. Because the message is encrypted, even WhatsApp cannot read its contents. When the message arrives on the recipient’s device with a matching public key, it is decrypted back into its original form so that the recipient can read it. Many services offer a security key verification, which helps ensure users are indeed chatting with the intended recipient.

While verification of E2EE messaging infrastructure is most salient for security conscious users like journalists, activists, and human rights defenders, it is recommended for everyone. Security-conscious users can manually verify the security of their conversation by checking a contact’s QR code via an alternative communication method. This verification should be done regularly, whenever a contact gets a new device, or to verify that the messaging app itself did not change or alter the keys.

Introducing Plexi, an auditor for Key Transparency infrastructure

Cloudflare has now introduced Plexi, an auditor for Key Transparency infrastructure. Key Transparency is an emerging standard designed to ensure the authenticity of encryption keys used in end-to-end messaging. It helps verify that the keys on both ends of the communication are legitimate, enabling secure message reception and reading. Cloudflare can now act as an auditor to this technology, by verifying that the logs of these keys are constructed correctly, and providing an audit signature that the messaging app can then pass on to users to improve trust in the system. Cloudflare is proud to partner with WhatsApp to serve as an auditor to their open-sourced Auditable Key Directory (AKD).

Related posts

SentinelOne Redefines Cloud Security   

Editor

AVEVA Reveals Connected Roadmap for More Sustainable Industries

Editor

Kaspersky: 63% of UAE Employees Feel the Lack of Digital Competencies

Editor

Leave a Comment