Another step towards higher levels of security for WhatsApp, thanks to the introduction of end-to-end encryption of backups . The feature being studied by the company led by Mark Zuckerberg will allow users who intend to activate it to protect their backups with a remote encryption key before they are stored in the cloud. In fact, this will allow you to keep your copies protected even when they are stored in the cloud (for example on Google Drive or Apple's iCloud) with very high standards.
However, it should be noted that even at the moment the backups remain encrypted, think of the .crypt12 extension used for saving in our phones: this format implies an encryption with AES 256-bit symmetric key algorithm. But let's try to better understand how the end-to-end encryption of backups works that WhatsApp has just published in a white paper .
An overview of WhatsApp encrypted backups
The new mechanism studied by WhatsApp engineers provides four essential steps to see your encrypted backups:
- The generation of a random key (K r ) on your device;
- The creation of the backup and its encryption with the K r key before saving to the cloud ;
- Saving the K r key on a WhatsApp HSM (Hardware Security Module);
- And finally the creation of a password associated with the key to eventually recover it.
The most substantial part is obviously that relating to the random key and its saving on the HSM which allows you to keep it protected from possible theft or compromise. It is essential to point out that not even WhatsApp will have access to the keys contained in the HSM in a similar way to what happens for end-to-end encryption. In fact, today all chats are encrypted with this system and the only ones who have access to the contents of the conversation are the members who are part of it.
The WhatsApp Hardware Security Module
The HSM is undoubtedly the most intriguing part of the new infrastructure designed by WhatsApp. Typically, in fact, we tend to think of the HSM as an additional module residing in our device and interacting at a low level with the processor. Instead, in this case, we are talking about an infrastructure distributed over multiple datacenters with the aim of guaranteeing high standards of protection of keys from clients all over the world.
To offer high reliability, the HSM is organized on five datacenters so as to ensure protection against two types of failures, i.e. that a replica of the key has failed and that the other datacenter is not available at the same time. Each Key Vault is organized as a collection of machines, each of which has a set of identical replicas (i.e. a portion of the data).
A look at the encryption mechanism
Once the backup is ready, a key is generated on the final device via a pseudorandom number generator. The key, as mentioned above, is made up of 256 bits or 32 bytes and is currently stored in the device itself. At this point, through the use of the OPAQUE protocol, the key will be registered in the HSM and associated with the WhatsApp client that must use it.
The use of a password (or alternatively with a 64-digit encryption key) protects the key and this protocol prevents the possibility of sending the password directly to the network.
In the case of access to the backup, the user will enter the chosen password (or the 64-bit key) which will be encrypted and verified with the OPAQUE protocol. Once the user is authenticated, the HSM will send the backup key to the WhatsApp client which will finally be able to open the safe archive.
A very complex mechanism that, however, will allow the instant messaging app to raise its standards (in fact chasing those of Apple's iMessage). At the moment there are no details about the timing of the adoption of the new system but we will follow the news so as to report the actual release date in the future.