End-to-end encryption (E2EE) encrypts clear (red) data at source with knowledge of the intended recipient, allowing the encrypted (black) data to travel safely through vulnerable channels (e.g. public networks) to its recipient where it can be decrypted (assuming the destination shares the necessary key-variables and algorithms).
A classic deployment of E2EE is demonstrated by its use within the Terrestrial Trunked Radio TETRA standard, as defined by the Security Fraud Prevention Group (SFPG) of the Tetra MoU .[1]
In this context E2EE allows security-aware users (e.g. police) to retain control over access to their communications. Unlike TETRA air-interface encryption (an example of Link encryption) users do not have to share key-variables with network operators (e.g. 'Airwave', 'A.S.T.R.I.D', 'C2000'). In this way the user traffic (in this case voice or data) travels through the public network encrypted from the transmitting user terminal until it reaches the receiving user terminal where it is decrypted.
If only air-interface encryption were used, interception of the user traffic would be possible at any point after the air-interface encryption had been removed (i.e. at any point other than the TETRA air-interface) and the traffic entered the trunked network. This exposes the user traffic to any weaknesses of the trunked network and implicitly requires trust between the user and the network operator. In this way E2EE is particularly suited to situations where users do not trust network operators or government infrastructures.
In the TETRA deployment of E2EE the management, distribution and updating of encryption key-variables and crypto-associations (links between network address and key-variables) is facilitated by use of a Key Management Centre (KMC). The KMC is under user-control, although it is connected to the trunked-network to allow the user to manage E2EE terminals by the use of encrypted key-management messages (KMMs). These KMMs allow the user to achieve Over-The-Air re-Keying (OTAK).
The key-variables and crypto-associations allows the user (by use of the KMC) to partition the trunked-network address space into 'encrypted' and 'non-encrypted' channels. It is possible to define sets of key-variables called crypto-groups, and it is further possible to define which crypto-group any particular encrypted channel uses. Furthermore, it is possible for the operator of the KMC to partition their user-fleet into user-groups (groups of users who receive the same crypto material).
This lets the KMC user determine which parts of their user-fleet can communicate with one another and allows the user organisation to achieve crypto-separation between different groups of users. This is particularly important in organisations that are self-policing: internal investigations must be conducted without the knowledge of those being investigated and so investigators would want crypo-separation between their own communications and that of other users. Correct operation of KMC will allow the internal-investigator to intercept other user communications while not being able to be intercepted himself.
SFPG have suggested methods of implementing TETRA E2EE using (at least) AES and IDEA algorithms utilising a number of different key-lengths. Both of these have been implemented by some or all of the manufacturers listed below. There are a number of country-specific private algorithms which have been successfully used, they cannot be mentioned here, other than to say private algorithms are possible if you are willing to pay a manufacturer to implement your algorithm in their product.