End-to-end encryption: WhatsApp and Viber have it, Facebook does it; soon Google as well. And NEVIS too supports this feature, by encrypting user login data on its way from the user's device to the server. No third party is able to read the secret credentials that move between the two communicating parties.
- prevents potential eavesdroppers from accessing confidential data, and
- increases your system's security, by
- strengthening its protection against attacks and identity theft.
What is it about?
End-to-end encryption is a mode of communication where only the communicating parties can read the messages, while any possible intermediary, malevolent or benevolent, cannot. The content is encrypted by means of a special encryption algorithm. Only the sender and the receiver of the data have the keys to decipher it.
Within NEVIS, end-to-end encryption comes as "form encryption". It supports the encryption of the user name, password or any other data entered by the user in a login form. The feature thus protects user credentials on their way from the user to the authentication server in the back end. It also prevents plain text passwords from accidentally ending up in a log file during their transfer from client to server.
Thus, this feature secures your confidential information against attacks from third parties, especially against passive attacks, where someone eavesdrops on and monitors your system to gain information. With end-to-end or form encryption, no one can read your secret data anymore. Not even nevisProxy is able to encipher the encrypted user passwords!
Let's explain why this is important. Suppose a user wants to access a business application in a typical NEVIS setup without form encryption. First, the user's client PC or mobile device connects to nevisProxy. The proxy server stands in between the client device and the business application. It controls user access data and protects your system against internal and external threats.
During the login process, the user sends his credentials to the proxy server over a secure connection. On its turn, the proxy forwards user name and password to nevisAuth, which is in charge of the user authentication. If the user's login data is not encrypted, the proxy is able to read the user name and password when submitting the data to nevisAuth. It possibly might even happen that the plain and un-protected user credentials are stored in a log file.
The above situation constitutes a potential security threat. To better secure the confidential user data, NEVIS introduces the encryption of the user data in a login form. The encryption functionality is incorporated in the HTML-based login page. It is triggered as soon as the user opens the page.