Domain 1 · 1.4 Cryptographic Solutions

1.4.2 Encryption

Levels, transport, symmetric vs asymmetric.

14 min

Encryption is the process of converting plaintext into ciphertext to ensure data confidentiality and protect it from unauthorized access.

Symmetric Cryptography This method uses a single private key shared between the sender and receiver for both encryption and decryption. - Speed: Extremely fast with low computational overhead, making it ideal for bulk data. - Efficiency: Excellent for data at rest (disk encryption) and large file transfers. - Key Exchange: The primary weakness; sharing the key securely is difficult. - Algorithms: Includes AES (the gold standard) and DES. - Scalability: Poor for large groups because the number of required keys grows exponentially with each user.

Asymmetric Cryptography Also known as public-key cryptography, this uses a key pair: a public key for encryption and a private key for decryption. - Function: The public key is shared openly; the private key is kept secret by the owner. - Resource Constraints: High computational overhead and slower performance than symmetric systems. - Algorithms: - RSA: Uses large prime numbers with key sizes up to 4096 bits. - ECC (Elliptic Curve Cryptography): Provides high security with smaller key sizes; ideal for mobile devices and low-power hardware. - Diffie-Hellman: Primarily used for secure key exchange over insecure channels.

Hybrid Cryptography Modern security implementations use a combination of symmetric, asymmetric, and hashing functions to mitigate individual weaknesses. - The Process: Asymmetric encryption is used to securely exchange a symmetric session key. Once the key is exchanged, the parties switch to symmetric encryption for the actual data transfer. - Benefits: Combines the speed of symmetric encryption with the secure key distribution of asymmetric encryption. - Integrity: Often incorporates hashing to ensure the data was not tampered with during transit.

Cryptographic Limitations - Longevity: NIST tracks how many years an algorithm remains secure against modern computing power. - Entropy: A measure of randomness; low entropy can lead to predictability and cracked keys. - Computational Power: As hardware advances, older algorithms (like DES) become susceptible to brute-force attacks. - Kerckhoffs’s Principle: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

Quick recall - Symmetric: One key, fast, bulk data, data at rest. - Asymmetric: Two keys (public/private), slow, used for key exchange/digital signatures. - ECC: Best for mobile/low-power devices due to efficiency. - AES: Most common symmetric algorithm. - Hybrid: Asymmetric for key exchange + Symmetric for data.