Define cryptography. Explain the difference between symmetric and asymmetric encryption listing an advantage and disadvantage of each.
Subject Computer and Network Security
NU Year Set: 1.(a) Marks: 1+5 Year: 2014

Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it. The pre-fix "crypt" means "hidden" or "vault" and the suffix "graph" stands for "writing."

Symmetric Key Encryption
Symmetric key encryption is also known as shared-key, single-key, secret-key, and private-key or one-key encryption. In this type of message encryption, both sender and receiver share the same key which is used to both encrypt and decrypt messages. Sender and receiver only have to specify the shared key in the beginning and then they can begin to encrypt and decrypt messages between them using that key. Examples include AES (Advanced Encryption Standard) and TripleDES (Data Encryption Standard).
Simple: This type of encryption is easy to carry out. All users have to do is specify and share the secret key and then begin to encrypt and decrypt messages.
Encrypt and decrypt your own files: If you use encryption for messages or files which you alone intend to access, there is no need to create different keys. Single-key encryption is best for this.
Fast: Symmetric key encryption is much faster than asymmetric key encryption.
Uses less computer resources: Single-key encryption does not require a lot of computer resources when compared to public key encryption.
Prevents widespread message security compromise: A different secret key is used for communication with every different party. If a key is compromised, only the messages between a particular pair of sender and receiver are affected. Communications with other people are still secure.
Need for secure channel for secret key exchange: Sharing the secret key in the beginning is a problem in symmetric key encryption. It has to be exchanged in a way that ensures it remains secret.
Too many keys: A new shared key has to be generated for communication with every different party. This creates a problem with managing and ensuring the security of all these keys.
Origin and authenticity of message cannot be guaranteed: Since both sender and receiver use the same key, messages cannot be verified to have come from a particular user. This may be a problem if there is a dispute.
Asymmetric/Public Key Encryption
Also known as public key encryption, this method of encrypting messages makes use of two keys: a public key and a private key.The public key is made publicly available and is used to encrypt messages by anyone who wishes to send a message to the person that the key belongs to. The private key is kept secret and is used to decrypt received messages. An example of asymmetric key encryption system is RSA.
Convenience: It solves the problem of distributing the key for encryption.Everyone publishes their public keys and private keys are kept secret.
Provides for message authentication: Public key encryption allows the use of digital signatures which enables the recipient of a message to verify that the message is truly from a particular sender.
Detection of tampering: The use of digital signatures in public key encryption allows the receiver to detect if the message was altered in transit. A digitally signed message cannot be modified without invalidating the signature.
Provide for non-repudiation: Digitally signing a message is akin to physically signing a document. It is an acknowledgement of the message and thus, the sender cannot deny it.
Public keys should/must be authenticated: No one can be absolutely sure that a public key belongs to the person it specifies and so everyone must verify that their public keys belong to them.
Slow: Public key encryption is slow compared to symmetric encryption. Not feasible for use in decrypting bulk messages.
Uses up more computer resources: It requires a lot more computer supplies compared to single-key encryption.
Widespread security compromise is possible: If an attacker determines a person's private key, his or her entire messages can be read.
Loss of private key may be irreparable: The loss of a private key means that all received messages cannot be decrypted.

As for which of them is more secure, there are differing views. Some experts consider symmetric key encryption to be more secure and others think the public key encryption method is better. Ideally, both of them are employed together to take advantage of their benefits.


Login to post your comment.