Symmetric Cryptography

Symmetric Cryptography, or Private-Key Cryptography is a #Cryptographic system that uses the same key for encryption and decryption. However, you can already imagine the security risk of sharing the same secret over a network, requiring a secure channel (usually via IPsec#). If the key get compromised#, it means the need to generate a new key and distribute# it again. It also requires a strong encryption #algorithm for the intruder to not be able to guess the secret key easily. That being said, it is quite fast when comparing to Asymmetric Cryptography.

Since both parties are equal, that is both could do encryption and encryption, the receiver could forge# a message and claim it to be sent by the sender.

Its functions could be expressed in #math formulas:

$$ \begin{align} C &= E_K (P) \text{ or } C &= E(K, P) \\ P &= D_K (C) \text{ or } P &= D(K, C) \end{align} $$

Where:

$P$ represents the plaintext
$C$ represents the ciphertext
$K$ represents the secret key used
$E$ represents the encryption algorithm, and
$D$ represents the decryption algorithm.

Example of Symmetric Cryptography:

Links to this page

TNS3131 Chapter 3: Public-Key Cryptography

Symmetric Cryptography
TAC3121 Chapter 1: Introduction

Symmetric Cryptography
Secure Socket Layer (SSL)

An association between client and server called SSL session will be established by SSL Handshake Protocol, which could be shared among multiple SSL connection that are transient, #p2p, communications links. Each SSL connection is private (encrypted with Symmetric Cryptographic algorithms#) and reliable (message integrity check by Message Authentication Code (MAC)# using SHA, MD5 etc. hash functions on compressed SSL data), and for each web component (provide suitable services). The session could define a set of Cryptographic parameters such as keys and algorithms used which could be shared by multiple connections. The session is kept alive by SSL Alert Protocol, where the peer’s identity can be authenticated with Asymmetric Cryptographic Scheme#. SSL Change Cipher Spec Protocol would be used if the peer wants the consequent messages to be encrypted for transmission. With SSL session, there is no need to exchange security parameters for each SSL connection which could be expensive.
Message Authentication Code (MAC)

MAC is a technique generates a small fixed-size block of data, using a secret key shared between sender and receiver(Symmetric Cryptography#), that will append to the message. It provides Security Services# such as Data Integrity# and data origin authentication# (whether the message is sent by the claimed sender).
Man-In-The-Middle Attack (MITM)

MITM is a #Cryptanalytic Attack where the Cryptanalyst found a way to be in between two parties in a communication channel. It is exceptionally dangerous to encryption scheme that involves key exchange such as Symmetric Cryptography# and Asymmetric Cryptography#. It is form of #Interception.
Key Distribution Center (KDC)

KDC is where the user could request #private key from the other user. The scheme is shown as following:
Key Distribution

There are various ways of distributing the keys in #Symmetric Cryptography scheme:
Kerberos

Kerberos is a protocol utilising #Symmetric Cryptography to provide Security Service# in Application Layer#. It is done by authenticate the user in order to gain temporary access to internal or remote resources. There are currently two versions of Kerberos implementation: Version 4# and Version 5#. Regardless of the version, three components make up the structure of Kerberos which is used to guard the network: Authentication#, Accounting and Auditing. It has two main ~~components~~ servers: Authentication Server and Ticket Granting Server.
IP Security (IPsec)

The data encapsulation is done by two extension headers (append to the IP header): Authentication Header (AH) and Encapsulating Security Payload (ESP), defined by RFC 4303 and RFC 4302 respectively. AH provides Access Control#, Authentication# (including the IP Address#) and Connectionless Data Integrity# services using Message Authentication Code (MAC# /HMAC) where both parties must share secret key. It guards against address spoofing attacks and Replay Attack. ESP provides Confidentiality# services over message contents and traffic flow (but limited) and optionally support Access Control# services like in AH using MAC. It can also guard against Replay Attack#. The users can design which kind of ciphers, modes, and padding to be used in ESP. The IPsec could be set up to have AH only or ESP only or both.
Encryption and Security Applications

Symmetric Cryptography#
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange is a method designed to negotiating and passing encrypted by #Asymmetric Cryptography or Symmetric Cryptography# cryptographic keys over an insecure network. The keys intended to be shared will not be transmitted in plain text, and instead encrypted by a shared secret key which in turned generated from two known prime numbers that have a special #math relationship to one another.
Data Encryption Standard (DES)

DES is an encryption standard that adheres to #Symmetric Cryptography. It utilises Feistel Cipher Structure#, by doing 16 rounds of encrypting, where the underlying encryption method also exhibits Avalanche Effect# (34 bits and 35 bits difference for the plaintext and the key). Both 64-bit plaintext and the 64-bit key will undergo permutation before going through the Feistel cipher structure where only 56 bits of the key selected. The key will be left circular shifted in order to produce subkeys (in 48 bits), which will be done 16 rounds like the main encryption process. After 16 rounds, a 32-bit swap follows by an inverse initial permutation will produce a 64-bit ciphertext.
Cryptography

Symmetric Cryptography# (using only one secret key)

Note: We can’t be certain of whether the cryptographic method or algorithm is secure until we know the key size used for encryption and decryption. However, if the key size is the same for Symmetric Cryptography# and Asymmetric Cryptography#, then Symmetric Cryptography is more secure.
Cryptographic Primitives

Symmetric Cryptography#
Comparable Key Sizes for Equivalent Security in Various Encryption Scheme

Symmetric Cryptography#
Asymmetric Cryptography

Asymmetric Cryptography aka Public-Key Cryptography is a #Cryptographic system, first introduced by Whitefield Diffie and Martin Hellman in 1976, that involves usage of pair keys that perform unequal functions. Such keys are commonly denoted as: private key and public key. The generation of two keys typically requires very large numbers, thus rendering it slow when comparing to Symmetric Cryptography.

It addresses two issues faced by Symmetric Cryptography: Key Distribution# and Digital Signature#. One doesn’t need to have a secure channel or a third party to distribute public keys as it will not sufficient to undermine the security of the encrypted message. Public keys could be distributed by either Public Announcement#, Publicly Available Directory#, Public-Key Authority#, or Public-Key Certificate#. We can verify whether the message is coming from the intended sender using the public key, thus able to authenticate the author. That being said, it is vulnerable to quantum computing.

It is rather common for Asymmetric Cryptography to complement Symmetric Cryptography in order to distribute session keys# securely (which is used to encrypt and decrypt the message contents). There are several ways to do it:

#cryptography #) #algorithm #math