Symmetric and Asymmetric Encryption
Before diving into the differences between symmetric and asymmetric encryption algorithms, let’s first start by reviewing the basic concepts of encryption itself.
Encryption Overview
Encryption is the process of disguising a message in such a way as to hide its original contents. With encryption, the plaintext readable message is converted to ciphertext, which is the unreadable, “disguised” message. Decryption reverses this process. Encryption is used to guarantee confidentiality so that only authorized entities can read the original message.
Encryption can provide confidentiality at different network layers, such as the following:
Encrypting application layer data, such as encrypting email messages with Pretty Good Privacy (PGP)
Encrypting session layer data using a protocol such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
Encrypting network layer data using protocols such as those provided in the IP security (IPsec) protocol suite
Encrypting data link layer data using proprietary link-encrypting devices
A good cryptographic algorithm is designed in such a way that it resists common cryptographic attacks. Variable key lengths and scalability are also desirable attributes of a good encryption algorithm. A key is a required parameter for encryption algorithms to encrypt and decrypt a message. The key is the link between the plaintext and ciphertext. There are two classes of encryption algorithms, which differ in their use of keys:
Symmetric encryption algorithms: Use the same key to encrypt and decrypt data
Asymmetric encryption algorithms: Use different keys to encrypt and decrypt data
Symmetric Encryption Algorithms
Symmetric, or secret key, encryption is the most commonly used form of cryptography because the shorter key length increases the speed of execution. The typical key-length range of symmetric encryption algorithms is 40 to 256 bits. Figure 29-4 illustrates an example of symmetric encryption in action.
)
Figure 29-4 Symmetric Encryption Example
In this example, the same key is used to encrypt the data by the sender and decrypt the data by the recipient.
With symmetric encryption, key management can be a challenge. The encryption and decryption keys are the same. The sender and the receiver must exchange the symmetric, secret key using a secure channel before any encryption can occur.
Table 29-1 provides a summary of the types of symmetric encryption algorithms in use today and their respective key lengths.
Table 29-1 Symmetric Encryption Algorithms
Symmetric Encryption Algorithm |
Key Length (in bits) |
DES |
56 |
3DES |
112 and 168 |
AES |
128, 192, and 256 |
SEAL |
160 |
RC |
RC2 (40 and 64) |
RC4 (1 to 256) |
|
RC5 (0 to 2040) |
|
RC6 (128, 192, and 256) |
DES is considered a legacy algorithm and is vulnerable to brute-force attacks. One way to increase the effectiveness of DES, without changing the well-analyzed algorithm itself, is to use the same algorithm with different keys several times in a row. The technique of applying DES three times in a row to a plaintext block is called 3DES. Brute-force attacks on 3DES are considered unfeasible today. Because the basic algorithm has been well tested in the field for more than 35 years, it is considered very trustworthy. For several years, it was recognized that DES would eventually reach the end of its usefulness. In 1997, the AES initiative was announced. AES was chosen to replace DES and 3DES, because the key length of AES is much stronger than that of DES, and AES runs faster than 3DES on comparable hardware.
Video: Symmetric Encryption Demonstration
Refer to the Digital Study Guide to view this video.
Asymmetric Encryption Algorithms
Asymmetric encryption algorithms use a pair of keys to encrypt and decrypt data. Secure messages can be exchanged without having to have a pre-shared key. Because neither party has a shared secret, very long key lengths must be used. These algorithms are resource intensive and slower to execute. Most commonly, an entity with a key pair will share one of the keys (the public key) and keep the other key in complete secrecy (the private key). The private key cannot, in any reasonable amount of time, be calculated from the public key. Data that is encrypted with the private key requires the public key to decrypt. Vice versa, data that is encrypted with the public key requires the private key to decrypt. Asymmetric encryption is also known as public key encryption.
Here is one possible scenario of asymmetric encryption in action. In Figure 29-5, imagine that Bob has generated a public/private key pair. Bob keeps the private key totally secret but publishes the public key so it is available to everyone. Alice has a message that she wants to send to Bob in private. If Alice encrypts the message using Bob’s public key, only Bob has the private key that is required to decrypt the message, providing confidentiality.
)
Figure 29-5 Asymmetric Encryption Example
The following table provides a detailed comparison between symmetric and asymmetric encryption algorithms:
Asymmetric Encryption Algorithm |
Key Length (in bits) |
DH |
512, 1024, 2048, 3072, 4096 |
DSS and DSA |
512–1024 |
RSA |
512–2048 |
ElGamal |
512–1024 |
Elliptical curve techniques |
160 |
Four protocols that use asymmetric encryption algorithms are
Internet Key Exchange (IKE): A fundamental component of IPsec VPNs
Secure Sockets Layer (SSL): Now implemented as IETF standard TLS
Secure Shell (SSH): Provides a secure remote-access connection to network devices
Pretty Good Privacy (PGP): A computer program that provides cryptographic privacy and authentication
Video: Asymmetric Encryption DemonstrationRefer to the Digital Study Guide to view this video.
Activity: Compare Symmetric and Asymmetric Encryption AlgorithmsRefer to the Digital Study Guide to complete this activity.