Symmetric Key Cryptography
[edit section] Symmetric (Private) Key Cryptography
In this lesson we will learn about different symmetric key algorithms and their key features. More importantly, we will learn about some more key concepts related to cryptography as it applies to both symmetric and asymmetric algorithms. Finally, we will learn the advantages and disadvantages of symmetric and asymmetric algorithms. First, let’s learn a bit about the differences between block and stream ciphers.
[edit section] Block v. Stream Ciphers
The difference between a block and a stream cipher is rather simple. A block cipher would break up a clear text into fixed-length blocks and then proceed to encrypt those blocks into fixed-length ciphers. Because the blocks are of a fixed length, keys can be re-used, making key management a breeze. Typically, computer software uses block ciphers.
Stream ciphers operate on continuous (read: non-discrete) portions of data that arrives“in real time.” In other words, stream ciphers work on information “bit-by-bit” rather than “block-by-block.” Because the data does not need to broken down, stream ciphers are generally faster than block ciphers, but keys are not re-usable in stream ciphers, making key management a real pain. For this reason, stream ciphers are usually employed at the hardware level.
[edit section] End-to-End Encryption
End-to-End encryption refers to a situation in which data is encrypted when it is sent and decrypted only by the recipient. Of course, in order for the packets to be routed, the relevant TCP/IP headers must be present and unencrypted on the packet.
[edit section] Link Encryption
In Link encryption, every packet is encrypted at every point between two communicating hosts. In this formulation, information sent to one router is encrypted by the host and decrypted by the router, which then re-encrypts the information with a different key and sends it to the next point. Of course, in this formulation, the headers are also encrypted. The obvious drawbacks include speed and vulnerability to “man-in-the-middle” attacks.
[edit section] Key Strength
A cryptovariable, or key, is the value applied to encrypted or clear text in order to decrypt or encrypt the text. The length of the key, in bits, is usually a good indicator of the strength of the key. A 128-bit key is, for example, much stronger than a 32-bit key.
[edit section] Symmetric Key Cryptography
In a symmetric key cryptosystem, a single key is used to encrypt and decrypt data between two communicating hosts. In order to break the system, an attacker must either: A) discover the key through trial-and-error, or discover the key during the initial “key agreement.”
Symmetric key protocols are known to be faster and stronger than their asymmetric counterparts but do possess unique disadvantages that we will discuss later. We will now look at some common symmetric algorithms.
[edit section] DES
DES is an outdated 64-bit block cipher that uses a 56-bit key. It is a symmetric algorithm that splits the 64-bit block into two separate blocks under the control of the same key. It is considered highly insecure and unreliable and has been replaced by 3DES.
[edit section] 3DES
Triple DES or 3DES is the partial successor to DES but is still considered outdated and slow. It uses three separate 56-bit keys for an effective key length of 168 bits. However, a vulnerability exists that would allow a hacker to reduce the length of the key, reducing the time it would take to crack the key. In addition, 3DES is very slow by today’s standards and would not be practical to use in encrypting large files.
[edit section] AES
AES is the true successor to DES and uses a strong algorithm with a strong key. It is based on the Rijndael Block Cipher. The Rijndael Block Cipher can utilize different block and key lengths (including 128, 192, and 256 bit keys) to produce a fast and secure symmetric block cipher. The Twofish algorithm, an alternative to Rijndael, utilizes 128-bit blocks for keys up to 256 bits.
[edit section] IDEA
All you have to remember about IDEA is that:
- PGP uses IDEA to ensure email security, and
- It operates using 64-bit blocks and a 128-bit key
[edit section] RC5
RSA Security developed RC5, a fast, variable-length, variable-block symmetric cipher. It can accommodate a block size of up to 128 bits and a key up to 2048 bits.
[edit section] Symmetric v. Asymmetric
Here is a quick run-down of the advantages of symmetric and asymmetric algorithms:
- Faster and easier to implement
- Lower overhead on system resources
- Scalable and does not require much administration
- Easier for users to use
[edit section] Quick Review
1. Which of the following symmetric ciphers is used in PGP for email security?
b. PGP Security
2. Which of the following is not an advantage of asymmetric algorithms?
b. Multiple functionality
d. Provides confidentiality and authentication
3. Why is DES considered “insecure?”
a. Buffer overflow exploit
b. Man-in-the-middle attack potential
c. Weak key length
d. All of the above
[edit section] Answers
1. PGP (Pretty Good Privacy) uses IDEA for encryption. The answer is A.
2. Although asymmetric algorithms can be fast, they are generally slower than their symmetric counterparts, making Speed an issue for these algorithms. The answer is C.
3. DES is insecure because its key length is so short (56 bits). The answer is C.