VTT’s advice to consumers: how to keep your messages safe

News, Press release

Encryption is becoming increasingly important with the spread of digital information networks where unencrypted transmissions are vulnerable to a surprisingly large number of prying eyes.

"The easiest way to keep your messages safe is to use applications that feature automatic encryption, such as Signal or WhatsApp. For more reassurance, you can check the identity of the person you are conversing with using a function such as Signal's Verify Safety Numbers. It is also important to keep your devices and software up to date", says Senior Scientist Kimmo Halunen from VTT's cyber security team.

VTT Technical Research Centre of Finland studies privacy protection and encryption techniques relating to electronic communications, which also help consumers to stay safe from information security threats. It is impossible to name one unbeatable encryption solution or a sure-fire way to protect your privacy, but practical advice can make you more cyber-security savvy.

Only use messaging apps that use encryption

VTT recommends using applications that offer end-to-end encryption and ensure the integrity of communications. End-to-end encryption means that a message remains encrypted from the moment it leaves the sender's application to be delivered over the network, until it is decrypted by the recipient's application. In order to ensure integrity, a message can, for example, be signed digitally. This means that the message cannot be subsequently edited without the recipient noticing.

One of the easiest ways at the moment is to use WhatsApp, which offers end-to-end encryption, but Halunen considers Signal to be a good alternative if you want better privacy. The Finnish foilChat application also offers encrypted messaging.

On the other hand, the cyber researcher denounces all kinds of backdoors and weaker encryption. Weakening encryption brings no notable improvements in terms of security objectives such as reducing crime and terrorism, but it could significantly harm consumers and businesses.

Backdoors are usually understood as any mandate to make the keys used in encryption available to the authorities or telecommunications operators, for example, so that they can then be handed over by court order. The problem lies in the fact that the keys can then also be accessed by others, such as hackers or system insiders. There is also nothing stopping developers from building an encryption application outside the scope of the mandate, such as in another country.

Weakening encryption refers to limiting one of the encryption parameters – usually the length of the key – so that it only protects against the least sophisticated attackers but not against the authorities or other well-equipped parties. According to the researcher, however, what often happens is that as technology develops over the years, the weakened encryption solution also stops being effective against unsophisticated attacks.

Encryption enables secure messaging over networks that are currently unsecure and extremely closely monitored. However, there is a risk of encryption keys being lost, in which case the encrypted data can no longer be accessed. If the keys are only kept on a single device and the device is misplaced or breaks, the encrypted data will be lost.

Always check the integrity and origin of messages

There are many good ways to check the integrity and origin of messages. For example, several messaging applications that offer end-to-end encryption enable users to verify the integrity of keys and the identity of the person with whom they are conversing. This is done by comparing the "fingerprints" of public keys, which are created by applying a cryptographic hash function to the keys, over trusted and independent channels, such as over the telephone or by meeting face to face.

The evolution of quantum computing from theory to practice will be a threat to many current encryption techniques in the future. However, new methods of encryption have already been studied for some time, and the adoption and standardisation of these methods are under way.