1.4.2 Encryption
Levels, transport, symmetric vs asymmetric.
Encryption is the process of converting plaintext into ciphertext to ensure data confidentiality and protect it from unauthorized access.
Symmetric Cryptography This method uses a single private key shared between the sender and receiver for both encryption and decryption. - Speed: Extremely fast with low computational overhead, making it ideal for bulk data. - Efficiency: Excellent for data at rest (disk encryption) and large file transfers. - Key Exchange: The primary weakness; sharing the key securely is difficult. - Algorithms: Includes AES (the gold standard) and DES. - Scalability: Poor for large groups because the number of required keys grows exponentially with each user.
Asymmetric Cryptography Also known as public-key cryptography, this uses a key pair: a public key for encryption and a private key for decryption. - Function: The public key is shared openly; the private key is kept secret by the owner. - Resource Constraints: High computational overhead and slower performance than symmetric systems. - Algorithms: - RSA: Uses large prime numbers with key sizes up to 4096 bits. - ECC (Elliptic Curve Cryptography): Provides high security with smaller key sizes; ideal for mobile devices and low-power hardware. - Diffie-Hellman: Primarily used for secure key exchange over insecure channels.
Hybrid Cryptography Modern security implementations use a combination of symmetric, asymmetric, and hashing functions to mitigate individual weaknesses. - The Process: Asymmetric encryption is used to securely exchange a symmetric session key. Once the key is exchanged, the parties switch to symmetric encryption for the actual data transfer. - Benefits: Combines the speed of symmetric encryption with the secure key distribution of asymmetric encryption. - Integrity: Often incorporates hashing to ensure the data was not tampered with during transit.
Cryptographic Limitations - Longevity: NIST tracks how many years an algorithm remains secure against modern computing power. - Entropy: A measure of randomness; low entropy can lead to predictability and cracked keys. - Computational Power: As hardware advances, older algorithms (like DES) become susceptible to brute-force attacks. - Kerckhoffs’s Principle: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Quick recall - Symmetric: One key, fast, bulk data, data at rest. - Asymmetric: Two keys (public/private), slow, used for key exchange/digital signatures. - ECC: Best for mobile/low-power devices due to efficiency. - AES: Most common symmetric algorithm. - Hybrid: Asymmetric for key exchange + Symmetric for data.