Basics of symmetric and asymmetric key cryptography

Tram Ho

Today I would like to introduce the basic concept of symmetric and asymmetric key cryptography. This I also learned through school already but after finishing I still do not remember how much ? . So today I’m writing this article to see how much memory I have ? (Of course, I also have to read the textbook again.)

First to come up with the two concepts of symmetric encryption and asymmetry, I would like to introduce briefly about the concept of cryptography.

Cryptography

It is the science of studying mathematical methods to keep information confidential. Includes encryption and decoding.

  • Encryption is transforming the way the information is presented from plaintext (we can read it) to cipher (only decoders can understand it), it helps us to hide and keep the information secure while store and transmit information as well.
  • Decoding is the opposite process that turns the ciphertext into plaintext. (Easy to understand, isn’t it? ? )

The basic function of the code is:

  • Confidentiality : it ensures the confidentiality of the data it sends and only the people involved know the content.
  • Integrity : ensures data cannot be lost or modified during sending and receiving without being detected.
  • Authenticity : ensures the identity of the entity to be verified.
  • Non-repudiation : make sure that the sender cannot deny the information he / she sent. ? )

Symmetrical key system

These are cryptographic systems that use the same key during encryption and encryption. The key must therefore be kept strictly confidential.

Some modern symmetric key systems that I see or are used are DES , AES , RC4 , RC5 , …

The cryptosystem will include:

  • Plaintext-M: the message is generated by the sender
  • Confidential (ciphertext-C): a message hiding information of a plaintext, sent to the receiver via a non-secret channel
  • Key (Ks): it is a random and secret value shared among information exchangers and generated from:
    • Third parties are trusted to create and distribute to senders and receivers
    • Or, the sender creates and delivers it to the receiver
  • Encryption (encrypt-E): C = E (KS, M)
  • Decode (decrypt): M = D (KS, C) = D (KS, E (KS, M))

Mechanism of action (easy to understand ? )

  • The sender uses a public key (Ks) to encrypt the information and then sends it to the recipient.
  • The recipient that receives the information will use the public key (Ks) to decode.

However, everything has its drawbacks, and so does this guy ?

Drawbacks

  • Due to shared key to encrypt and decode => if lost or stolen by hackers will be exposed information, not high security.
  • Need confidential channel to share secret key between parties => How to share securely at the first time.
  • To ensure safe communication for all people in a group of n people => a large number of locks are required (n (n-1) / 2 (too expensive) ? )
  • Difficult to apply in open systems.
  • It cannot be used for authentication or anti-repudiation purposes.

And to overcome those disadvantages, an asymmetric key cryptography system (also called a public key cryptography system) was born. ?

Asymmetric key cryptography

In this cryptographic system, instead of users who share the same key as in the symmetric key cryptosystem, here will use a key pair named public key and private key.

The asymmetric key cryptosystem that I see most used is RSA The cryptosystem will include:

  • Plaintext-M: the message is generated by the sender
  • Confidential (ciphertext-C): a message hiding information of a plaintext, sent to the receiver via a non-secret channel
  • Key: The recipient has 1 pair of keys:
    • Public key (Kub): public for everyone (including hackers)
    • Private key (Krb): the recipient keeps it secret, not shared with anyone
  • Encryption (encrypt-E): C = E (Kub, M)
  • Decode (decrypt): M = D (Krb, C) = D (Krb, E (Kub, M))

The requirements for key pairs (Kub, Krb) are:

  • Completely random
  • Mathematically related 1-1.
  • If only Kub’s value could not be calculated.
  • Krb must be kept completely confidential.

Mechanism of action (equally easy to understand asymmetry ? )

  • The sender (A) sends encrypted information using the recipient’s public key (Kub) (B) via non-secret communication channel
  • The recipient (B) receives that information and decrypts it with his private key (Krb).
  • The hacker will also know B’s public key (Kub), but because there is no private key (Krb), the hacker cannot see the information sent.

The advantage of this cryptosystem is that

  • No need to share the encryption key (public key) secretly => Easy to apply in open systems.
  • Decryption key (private key) only B knows => More secure, can authenticate the source of information
  • n elements only need n key pairs. (better than symmetric r ? )

Defect:

Middleware attacks : attackers take advantage of the distribution of public keys to change public keys. Once the public key has been tampered with, the attacker stands in the middle of both sides to receive packets, decode and then encrypt with the correct key and send it to the receiver to avoid being detected.

This type of attack can be prevented by Diffie-Hellman key exchange methods to ensure sender authentication and information integrity.

Above are the basic concepts that I think anyone can grasp it. To get a better understanding, people need to spend a lot of time researching it because this is an area of ​​cyber security that I find not easy to eat at all. ? .

Thanks for reading ?

Share the news now

Source : Viblo