SYMMETRIC CRYPTOGRAPHY Symmetric Cryptography Submitted From Venkata Murali Krishna, Enturi ID - 2835830 Submitted To Dr. Chris Esquire University of Cumberland’s 1 SYMMETRIC CRYPTOGRAPHY 2 Introduction Information security is a fundamental issue in the contemporary world typified by communication and internet commerce technologies that are prone to security threats. Data communications utilize cryptography as an essential and practical component for secure transmission of data and decreasing the impact of the security risks. The two primary forms of cryptography include asymmetric and symmetric, with both having their demerits and advantages. The paper carries out a thorough survey of the Symmetric Cryptography, by focusing on its strengths, weaknesses, and algorithms that implement the technology. Consequently, the discussion also covers modern applications of the Symmetric cryptography. In World War II, Germans heavily uses the cipher machines like Enigma for mechanical and electromechanical. Enigma played an important role in world war II. SYMMETRIC CRYPTOGRAPHY 3 Symmetric cryptographic Symmetric cryptographic happens to be the simplest form of encryption, which includes a single secret key for ciphering or deciphering information. It is an old, as well as best known technique. It makes use of a secret key, which may either be a word, a number, or even a string of some random letters (Synopsys Inc., 2018). Symmetric encryption is blended with some plain message text to alter such content in a specific manner. It is necessary that both the sender as well as the recipient have knowledge of the encryption key utilized to encrypt or descript the messages. Symmetric Cryptographic Algorithm An algorithm is a formula or procedure to solve a data snooping issue. An encryption algorithm happens to be a mathematical formula used to encrypt data. By using an algorithm, information is created in some cipher text and needs the utilization of the key to alter such data into its original state (SSL2BUY, 2018). Strengths of Symmetric Cryptography Symmetric cryptography, also known as the private key cryptosystem, utilizes only a single key for both decryption and encryption. There are various strengths of using the private key cryptosystem. Keys play a vital role in the process of cryptography as hackers can decrypt weak keys in the algorithm. With the symmetric key encryption, individuals must ensure secrecy and thus provides various advantages. Proponents argue that this type of encryption is relatively fast, as owners tend to decrypt information very quickly (Devi, Sharma & Rangra, 2015). This is because it involves only a single key to decipher or cipher data. The secret key can either be a word, a string of random letters, or number. Users can blend the secret key with plain message SYMMETRIC CRYPTOGRAPHY 4 texts to alter the content in a manner. The recipient and sender must keep the key secret because it provides authentication, which proves the receiver or sender’s identity. In the symmetric cryptosystem, the sender can transfer data even when there is a possibility of interception. Since the sender does not transfer the data with the password, the possibility of data interception is null (Devi, Sharma & Rangra, 2015). Weaknesses of Symmetric Cryptography Although the symmetric cryptosystem offers an invaluable advantage, it has various shortcomings. The biggest issue with this form of encryption is the channel of sending the other party the secret key. Encryption inputs are complex texts that work in the same manner as passwords. Thus, the sender requires a safe and efficient channel to send the key. It is imperative to argue that symmetric encryption is beneficial when encrypting an individual’s data as opposed to when sharing encrypted data. Therefore, the process has an issue of key transportation as every means of communication poses various security challenges and thus the only secure channel is exchanging the keys personally. When an individual gets access to the symmetric key, they will assume the identity of the owner and decrypt the information easily. In contrast to the asymmetric public-key encryption, a third party can decrypt the message but is incapable of deciphering the information because it has a different key pair. The issue of key distribution becomes more intricate in a "file-transfer" environment that comprises of many users distributed over a vast geographical region. SYMMETRIC CRYPTOGRAPHY 5 Symmetrical Algorithms and their strengths /weaknesses According to Ebrahim, Khan, and Khalid, there are various symmetrical algorithms including Triple-DES, DES, AES, BLOWFISH, AES, RC6, and RC4 (Devi, Sharma & Rangra, 2015). In this section, the discussion focuses on four algorithms including Triple-DES, DES, AES, and Blowfish. DES (Data Encryption Standard) It was the first encryption standard created in 1973 by IBM. The National Institute of Standards and Technology (NIST) recommended DES as the most effective approach of data encryption. DES is a block cipher that encrypts 64-bit plaintexts and utilizes 56-bit key. The algorithm is based on the symmetric key concept implying that it uses the same key for both decryption and encryption. It operated in different modes including ECB, CBC, OFB, and CFB modes. The algorithm has 16 rounds comprising of a 16 processing stages applied on the input plaintext that produces the ciphertext. In this algorithm, 64-bit data is passed through the initial permutation phase followed by the 16 processing steps and finally resulting in a 64-bit ciphertext. Experts initially considered the DES a secure algorithm, but the short key length and large data amounts limit its usage in the modern worlds. The drawback of the DES algorithm is SYMMETRIC CRYPTOGRAPHY 6 that it is not entirely secure as it is prone to Brute Force Attack whereby a hacker seeks to break the key by applying different possible combination. It is easy to crack because it has only 2^56 possible combinations. Thus, it is insecure for governments and large corporations. However, it is still preferable to utilize the algorithm for backward compatibility and its non-costly process of upgrade. Consequently, the avalanche effect is an essential strength of the algorithm, which implies that a slight change in the plaintext modifies the ciphertext drastically (Information Resources Management Association, 2015). Triple-DES The algorithm is a replacement for the 1974 DES with significant improvement in key searching. It uses three rounds of DES encryption and has a 168-bits key length permuted into sixteen sub-keys each characterized by a 48-bit length. TDES concentrates on the imperfections in DES with modifying the original structure of the 1974 DES algorithm. TDES was very complicated in comparison to the original. It sought to realize high-security level by encrypting the information utilizing DES three times with three unrelated keys. The algorithm is an enhanced model of DES and thus offers increased protection. Triple-DES utilizes a large key size to encrypt data than of DES. However, it is time-consuming in contrast to its predecessor and is open to differential and related-key security attacks. The algorithm is susceptible to various variations of “meet-in-the-middle” attack (Ebrahim, Khan, & Khalid, 2013). Blowfish The algorithm is a symmetric Feistel Structured algorithm comprising of two parts including data-encryption and key expansion parts. Blowfish is a block cipher that adopts a 64bit plaintext characterized by 16 rounds that allow a variable key length of up to about 448 bits SYMMETRIC CRYPTOGRAPHY 7 transposed into eighteen sub-keys of 32-bit length (Ebrahim, Khan, & Khalid, 2013). The algorithm can be implemented on 64 and 32-bit processors. Blowfish’s security is in its variable key size (128-448 bits), which gives a sufficient security level. It is invulnerable when it comes down to differential related-key breaches as every bit typifying the master key involves multiple and independent round keys making attacks highly infeasible and complicated. Despite the security benefits of Blowfish, the algorithm has some classes of fragile keys as four rounds of the tool are exposed second order differential breaches. Thus, Blowfish is questionable due to the prevalence of many weak keys (Kar & Dey, 2010). AES (Advanced Encryption Standard) According to Agrawal and Mishra (2012), recommended the utilization of AES in 1998 as a replacement of DES. The algorithm is a variable bit block cipher that uses variable key length comprising of 128, 192, and 256 bits. When the key length and block length are 128 bits, the algorithm performs nine processing rounds, and if they are of 192 bits, it performs 11 processing rounds. If the key length and block length are of 256 bits, then it performs thirteen rounds. In AES, each processing round incorporated four steps including shift rows, substitute bytes, mix column, and add round key. The algorithm is flexible and fast, and users can implement AES on various platforms including small technological devices. Key management occurs separately thereby making it secure. However, the algorithm is hard to implement in a secure and effective, especially in comparison with algorithms such as 3DES that is easily scalable in software and hardware (Agrawal & Mishra, 2012). SYMMETRIC CRYPTOGRAPHY 8 Modern Applications of Symmetric cryptography and its Effectiveness Symmetric encryption is widely utilized in different industries and applications. The key algorithms are a practical approach to sharing information using a shared key. The most utilized symmetric algorithms include AES and Triple DES. Cryptography plays a vital role in many information technology applications. The authentication of different users is critical in the process of identity management, which ensures the verification of users. Password generators make up a class of hardware tokens that utilize cryptography in generating session passwords also known as one-time passwords. Internally, such tokens have clocks with an encrypted and hashed value using a key shared with a verifying entity. Major authentication token companies such as VASCO, RSA, Verisign, and To-dos utilize the symmetric algorithms. The United States government utilizes the AES to safeguard classified data. The government has implemented AES in both hardware and software. The U.S. announced in 2013 that the algorithm was applicable in protecting classified information and soon after it became the default encryption algorithm. The NSA adopted AES as one of the cryptographic algorithms to be utilized by its Information Assurance Directorate to safeguard the systems of national security (Information Resources Management Association, 2015). Its successful use led to widespread adoption in the private sectors. The strength, effectiveness and faster encryption in Advanced Encryption Standard make it ideal for firmware, firewalls, and hardware. It is utilized in numerous protocols such as TLS (Transport Layer Security) and SSL (Secure Sockets Layer). One of the largest markets for the need of higher security using symmetrical cryptography is the financial terminals such as ATMs (automatic teller machines) and POS (Point-of-sale). The terminals utilize smartcards that employ authentication with the use of PIN codes that require cryptographic services (Kar & Dey, 2010). Computer passwords, databases, SYMMETRIC CRYPTOGRAPHY 9 and electronic commerce associated with the banking industry utilize symmetric cryptography algorithms such as TDES because it is impossible to crack TDES keys given the current progress in computation capabilities and speed (Kar & Dey, 2010). Conclusion As the significance of software keys increases due to the need for greater security, there is high demand for a variety of cryptographic implementation. This paper has focused on various aspects of symmetric cryptography including its advantages, disadvantages, algorithms, and modern applications. The algorithms have different benefits and weaknesses and thus provide varying degrees of success, Scholars agree that the symmetric cryptography is a critical tool for realizing software protection and is applicable in hardware, software and offers more security benefits than asymmetric encryption. SYMMETRIC CRYPTOGRAPHY 10 References Agrawal, M., & Mishra, P. (2012). A comparative survey on symmetric key encryption techniques. International Journal on Computer Science and Engineering, 4(5), 877. Devi, A., Sharma, A., & Rangra, A. (2015). A survey on Symmetric Key Algorithms for Image Encryption. IJARCET, 4(5). 2358-2361. Ebrahim, M., Khan, S., & Khalid, U. B. (2013). Symmetric algorithm survey: a comparative analysis. International Journal of Computer Applications, 61 (20). SSL2BUY. (2018). Symmetric vs. Asymmetric Encryption – What are differences? Retrieved 3 10, 2018, from https://www.ssl2buy.com/wiki/symmetric-vs-asymmetric-encryptionwhat-are-differences Synopsys Inc. (2018). What is Cryptography? Retrieved 3 10, 2018, from https://www.synopsys.com/software-integrity/resources/knowledgedatabase/cryptography.html Information Resources Management Association. (2015). Banking, finance, and accounting: Concepts, methodologies, tools, and applications. Hershey, PA : Business Science Reference. Kar, A. K., & Dey, S. K. (2010). Cryptography in the Banking Industry. Frontiers, 1(1), 1-7.
Purchase answer to see full attachment