Table of Contents

Companies in every sector must comply with standards and regulations, and one of the best ways to do this is to utilize encryption. Encryption takes data that can be clearly read, also known as plaintext, and runs it through an encryption algorithm. An encryption algorithm uses a key and mathematics to convert the plaintext into ciphertext, which is an undecipherable collection of letters and symbols. The process of encryption can be reversed using the same key, or the other key in a key pair, in a process called decryption. There are two different types of encryption: asymmetric and symmetric encryption.

Asymmetric vs Symmetric Encryption

Symmetric encryption involves the use of one key for both encryption and decryption. The plaintext is read into an encryption algorithm along with a key. The key works with the algorithm to turn the plaintext into ciphertext, thus encrypting the original sensitive data. This works well for data that is being stored and needs to be decrypted at a later date. The use of just one key for both encryption and decryption reveals an issue, as the compromise of the key would lead to a compromise of any data the key has encrypted. This also does not work for data-in-motion, which is where asymmetric encryption comes in.

Asymmetric encryption works with a pair of keys. The beginning of asymmetric encryption involves the creation of a pair of keys, one of which is a public key, and the other which is a private key. The public key is accessible by anyone, while the private key must be kept a secret from everyone but the creator of the key. This is because encryption occurs with the public key, while decryption occurs with the private key. The recipient of the sensitive data will provide the sender with their public key, which will be used to encrypt the data. This ensures that only the recipient can decrypt the data, with their own private key.

Uses for Asymmetric and Symmetric Encryption

Asymmetric and symmetric encryption are each better used for different situations. Symmetric encryption, with its use of a single key, is better used for data-at-rest. Data stored in databases needs to be encrypted to ensure it is not compromised or stolen. This data does not require two keys, just the one provided by symmetric encryption, as it only needs to be safe until it needs to be accessed in the future. Asymmetric encryption, on the other hand, should be used on data sent in emails to other people. If only symmetric encryption were used on data in emails, the attacker could take the key used for encryption and decryption and steal or compromise the data. With asymmetric encryption, the sender and recipient ensure only the recipient of the data can decrypt the data, because their public key was used to encrypt the data. Both types of encryption are used with other processes, like digital signing or compression, to provide even more security to the data.

Common Asymmetric and Symmetric Encryption Algorithms

Symmetric Encryption Algorithms:

Asymmetric Encryption Algorithms:

 

Comparison Table

 Asymmetric EncryptionSymmetric Encryption
DefinitionA two-way function that takes in plaintext data, and turns it into undecipherable ciphertext. This process utilizes a public key for encryption and a private key for decryption.A two-way function that takes in plaintext data, and turns it into undecipherable ciphertext. This process uses the same key for both encryption and decryption.
Use Cases
  • Digital Signing: Asymmetric encryption is much better for digital signing, compared to symmetric encryption. The use of both a public and private key means the identity of the signer of the data can easily be known. The signer uses their private key for encryption, while the recipient verifies their identity with their public key. As only the public key of the signer can decrypt data encrypted with the signer’s private key, the identity of the signer is verified when the data is decrypted.
  • Blockchain: Again, the identification of the user during cryptocurrency transactions is much easier done with asymmetric encryption.
  • Public Key Infrastructure (PKI): The identity of key owners is proven with certificates in PKI, and thus asymmetric encryption is the better choice in PKIs.
  • Banking: Encrypting sensitive customer data in banks is extremely important, as is decrypting that information as quickly as possible. For this reason, symmetric encryption is the preferred method of encryption in banks, as one key encryption is much swifter than two key encryption.
  • Data Storage: As with banking, data storage services and products tend to use symmetric encryption. This method is much swifter to encrypt and decrypt data needed in a timely manner.
Advantages
  • The loss of the public key does not result in the compromise of data
  • More secure than symmetric encryption
  • Only the owner of the private key can decrypt the data sent to them
  • Simpler to implement
  • Faster than asymmetric encryption
  • Protects data from compromise
Disadvantages
  • Slower than symmetric encryption
  • More complicated to implement than symmetric encryption
  • Loss of a key means any data encrypted with that key can be compromised
  • Less secure than asymmetric encryption
Common AlgorithmsECDSA, RSA, PGPAES, Blowfish, Twofish, RC4

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Table of Contents

Threats loom ever present in our digital world, which is why methods of securing data are constantly advancing. Tactics like encryption are used every day on sensitive data-at-rest or in-motion. Encryption is the process of putting data in the form of plaintext into an encryption algorithm, and producing a ciphertext. Ciphertext is a form of data where all the patterns of letters that create words in the plaintext are scrambled into a new text that cannot be read without decrypting the data. Encryption uses a key to ensure the ciphertext cannot be deciphered by anyone but the authorized recipient.

Signing of data works to authenticate the sender of the data and tends to implement a form of encryption in its process. The process of signing emails, sensitive data, and other information has become necessary, as it verifies the identity of the sender and ensures the data has not been altered in transit. If a Man in the Middle attack occurred and the data was altered or compromised by the attacker, the recipient of the information would know that this has occurred. The attacker could alter the data, but as they do not have the key used by the sender to sign the data, the recipient of the data will know not to trust the sent data when analyzing the key and data.

How does digital signing work?

The process of digital signing works similarly to encryption. Encryption comes in two types, asymmetric and symmetric encryption. The process of asymmetric encryption works by creating a key pair with a public and private key. The private key is kept secret from everyone but the creator of the key, while the public key is available to everyone. The data is encrypted with the private key, and decrypted when needed with the public key. Symmetric encryption only uses one key for both encryption and decryption. As asymmetric encryption is more secure than symmetric encryption, it tends to be used more often. When sending data to a recipient, the correct method of encryption is to encrypt the data with the recipient’s public key, as this means only the owner of the key pair can decrypt that data.

Digital signing works oppositely. The data is signed by hashing the message with a hashing algorithm and the sender’s private key. This produces a hash digest, which can only be recreated through use of one of the keys in the key pair created by the sender. The recipient then receives the message, the hash digest, and the public key, if they did not already have it. The recipient then uses the sender’s public key to hash the message they have received. If the resulting hash digest matches the hash digest that has been sent along with the message, then the identity of the sender has been confirmed. This also confirms that the data has not been changed in transit. However, signing alone does not ensure the data has not been intercepted and read.

Encryption and Signing

To protect data from compromise and authenticate the sender at the same time, encryption and digital signing are used together. They are also both used in tandem to fulfill compliance standards for companies. Standards, like the Federal Information Processing Standards (FIPS) or the General Data Protection Regulation (GDPR), require companies to protect data as securely as possible along with authenticating data received from others. Encryption and digital signing ensures these standards are reached, and that users can be secure in the knowledge that data that is sent to and from them will not be compromised.

Confidential or sensitive data should always be encrypted and signed for its own safety. The use of encryption and signing together ensures that the main goals of cryptography, Confidentiality, Integrity, Authenticity, and Non-Repudiation are all met. Confidentiality and integrity are reached when data is encrypted asymmetrically, as only the intended recipient can decrypt the message. Non-repudiation and authenticity occur due to digital signing. Non-repudiation means that using the technique of digital signing, the sender of any information cannot, in the future, say they did not send the data, as the use of their private key confirms that they sent the data.

Common Encryption and Signing Algorithms

Symmetric Encryption Algorithms:

Asymmetric Encryption Algorithms:

Signing Algorithms:

  • RSA
  • ElGamal Encryption System
  • Digital Signing Algorithm (DSA)
  • ECDSA

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Table of Contents

The Digital Age we live in requires more and more data to be sent at one time, but this can quickly become an issue for the hardware sending the data. If too much data is sent across a connection, it could take hours or days to transfer, when the recipient needs it in minutes. This is where compression comes in. Compression uses patterns in data to shorten the size of the data, saving bandwidth and storage space in the process. This works well, but what if the compressed data is stolen in transit? Compression is not complicated to reverse so retrieving the original would be easy. This is why many people use encryption and compression together when sending messages.

Encryption and Compression

Encryption can be either symmetric or asymmetric. Symmetric encryption is the less complicated of the two, using one key to encrypt and decrypt data. Symmetric encryption is much faster than asymmetric encryption, but is not as secure. Only one key needs to be compromised to compromise the original data. Asymmetric encryption uses a public and private key pair to encrypt plaintext data. The plaintext is run through the encryption algorithm along with a private key, which only the sender knows. The data is then sent to the recipient, who uses the public key to decrypt the data. This ensures the identity of the sender of the data, as the public key only decrypts data encrypted with the private key in that pair.

Using encryption and compression, larger portions of data can be sent across the Internet securely. If only compression is used, the security of the data is at risk. A Man in the Middle attack could retrieve the data, decompress it, and read the original message. On the other hand, if only encryption were used, there is a limit to how big a message that is encrypted can be. This is why the majority of messages are both encrypted and compressed. The next question to answer is do you compress the data and then encrypt the data, or vice versa?

Encryption or Compression first?

The choice of encrypting or compressing data first depends on the types of attacks you need to circumnavigate. Initially, it was thought that the only way to combine encryption and compression was to compress the data before encryption. This is due to the fact that compression relies on patterns in data to function, while encryption attempts to destroy these patterns in data. The method of compression then encryption has been found to be weak to side channel attacks. These types of attacks use JavaScript code to perform a brute force attack on the victim’s browser, allowing the attacker to infer what the transmitted data is based on the size of that compressed data.

Though this issue was found with the method of compression then encryption, encryption then compression has many more issues comparatively. This method is more difficult than the previous method, because compression needs patterns in data to work correctly. This means the value of compressing data will not exist, as there should be no patterns in encrypted data. Due to this, differential cryptanalysis can be used against this method to determine the sensitive data’s value. Compression then encryption is much more resilient to differential cryptanalysis.

Common Encryption and Compression Algorithms

Symmetric Encryption Algorithms:

Asymmetric Encryption Algorithms:

Hashing Algorithms:

  • Deflate
  • Huffman Coding
  • LZ77

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Table of Contents

The Rivest-Shamir-Adleman (RSA) encryption algorithm is an asymmetric encryption algorithm that is widely used in many products and services. Asymmetric encryption uses a key pair that is mathematically linked to encrypt and decrypt data. A private and public key are created, with the public key being accessible to anyone and the private key being a secret known only by the key pair creator. With RSA, either the private or public key can encrypt the data, while the other key decrypts it. This is one of the reasons RSA is the most used asymmetric encryption algorithm.

How does RSA work?

The option to encrypt with either the private or public key provides a multitude of services to RSA users. If the public key is used for encryption, the private key must be used to decrypt the data. This is perfect for sending sensitive information across a network or Internet connection, where the recipient of the data sends the data sender their public key. The sender of the data then encrypts the sensitive information with the public key and sends it to the recipient. Since the public key encrypted the data, only the owner of the private key can decrypt the sensitive data. Thus, only the intended recipient of the data can decrypt it, even if the data were taken in transit.

The other method of asymmetric encryption with RSA is encrypting a message with a private key. In this example, the sender of the data encrypts the data with their private key and sends encrypted data and their public key along to the recipient of the data. The recipient of the data can then decrypt the data with the sender’s public key, thus verifying the sender is who they say they are. With this method, the data could be stolen and read in transit, but the true purpose of this type of encryption is to prove the identity of the sender. If the data were stolen and modified in transit, the public key would not be able to decrypt the new message, and so the recipient would know the data had been modified in transit.

The technical details of RSA work on the idea that it is easy to generate a number by multiplying two sufficiently large numbers together, but factorizing that number back into the original prime numbers is extremely difficult. The public and private key are created with two numbers, one of which is a product of two large prime numbers. Both use the same two prime numbers to compute their value. RSA keys tend to be 1024 or 2048 bits in length, making them extremely difficult to factorize, though 1024 bit keys are believed to breakable soon.

Who uses RSA encryption?

As previously described, RSA encryption has a number of different tasks that it is used for. One of these is digital signing for code and certificates. Certificates can be used to verify who a public key belongs to, by signing it with the private key of the key pair owner. This authenticates the key pair owner as a trusted source of information. Code signing is also done with the RSA algorithm. To ensure the owner is not sending dangerous or incorrect code to a buyer, the code is signed with the private key of the code creator. This verifies the code has not been edited maliciously in transit, and that the code creator verifies that the code does what they have said it does.

RSA was used with Transport Layer Security (TLS) to secure communications between two individuals. Other well-known products and algorithms, like the Pretty Good Privacy algorithm, use RSA either currently or in the past. Virtual Private Networks (VPNs), email services, web browsers, and other communication channels have used RSA as well. VPNs will use TLS to implement a handshake between the two parties in the information exchange. The TLS Handshake will use RSA as its encryption algorithm, to verify both parties are who they say who they are.

RSA Vulnerabilities

Though viable in many circumstances, there are still a number of vulnerabilities in RSA that can be exploited by attackers. One of these vulnerabilities is the implementation of a long key in the encryption algorithm. Algorithms like AES are unbreakable, while RSA relies on the size of its key to be difficult to break. The longer an RSA key, the more secure it is. Using prime factorization, researchers managed to crack a 768 bit key RSA algorithm, but it took them 2 years, thousands of man hours, and an absurd amount of computing power, so the currently used key lengths in RSA are still safe. The National Institute of Science and Technology (NIST) recommends a minimum key length of 2048 bits now, but many organizations have been using keys of length 4096 bits. Other ways RSA is vulnerable are:

  • Weak Random Number Generator: When organizations use weak random number generators, then the prime numbers created by them are much easier to factor, thus giving attackers an easier time of cracking the algorithm.
  • Weak Key Generation: RSA keys have certain requirements relating to their generation. If the prime numbers are too close, or if one of the numbers making up the private key is too small, then the key can be solved for much easier.
  • Side Channel Attacks: Side channel attacks are a method of attack that take advantage of the system running the encryption algorithm, as opposed to the algorithm itself. Attackers can analyze the power being used, use branch prediction analysis, or use timing attacks to find ways to ascertain the key used in the algorithm, thus compromising the data.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Let's talk