Cryptography is defined as the art or
science of secret writing with the use of
techniques such as encryption. Encryption is the process
of converting data into unreadable code so it cannot be accessed or read by
unauthorized people. This unreadable data can again be converted into readable
form by process of decryption. Different types of algorithms are available for
encryption and decryption.
Symmetric
Encryption vis a vis Asymmetric Encryption
Encryption
can be of two types i.e. symmetric encryption and asymmetric encryption. The
table below will help us to understand the difference between two terms.
|
Symmetric Encryption |
Asymmetric Encryption |
|
Single key is used to
encrypt and decrypt the messages |
Two keys are used. One
for encryption and other for decryption. |
|
Key is said to be
symmetric because the encryption key is the same as the decryption key. |
Message encrypted by
private key can be decrypted only by corresponding public key |
|
Similarly, message
encrypted by public key can be decrypted only by corresponding private key |
|
|
Comparatively, faster
computation and processing. |
Comparatively, slower
computation and processing. |
|
Comparatively,
symmetric encryption process is cheaper |
Comparatively, a
symmetric encryption process is costlier. |
|
Major disadvantage
of symmetric encryption is sharing of
key with another party. |
No such challenge is
faced in asymmetric encryption as two separate keys are used. |
Encryption Keys
In an asymmetric
environment, total four keys are available with different functions. Following
table indicates who possessed different keys:
|
Type of Key |
Availability |
|
Sender’s Private Key |
Key is available only
with the sender. |
|
Sender’s Public Key |
Key is available in the
public domain. Public keys can be accessed by anyone. |
|
Receiver’s Private Key |
Key is available only
with the receiver. |
|
Receiver’s Public Key |
Key is available in the
public domain. Public keys can be accessed by anyone. |
Use of keys for different objectives
Above Keys are used to
achieve following objectives:
●
Confidentiality
●
Authentication & Non-repudiation
●
Integrity
Confidentiality
In
an asymmetric encryption, two keys are used. One for encryption and other for
decryption. Messages encrypted by one key can be decrypted by another key.
These two keys are known as private keys and public keys. Private key is
available only with the owner of the key and a public key is available in the
public domain.
Message
can be encrypted by following means:
●
Receiver’s public key
●
Receiver’s private key
●
Sender’s public key
●
Sender’s private key
Receiver’s Public Key
If
a message is encrypted by using the public key of the receiver, then only the
receiver can decrypt the same as he is the only one having access to his
private key. This will ensure message confidentiality as only the owner of a
private key can read the message.
Receiver’s Private Key
Sender
will not be in possession of the receiver's private key and hence this option
is not feasible.
Sender’s Public Key
If
a message is encrypted by using the public key of the sender, then it can be decrypted
only by using the private key of the sender. Receiver will not be in possession
of the sender's private key and hence this option is not feasible.
Sender’s Private Key
If a message is encrypted
by using the private key of the sender, then anyone with a public key can
encrypt the same. Public key is available in the public domain and hence anyone
can encrypt the message. This will not ensure confidentiality of the message.
Hence message
confidentiality, receiver’s public key is used to encrypt the message and
receiver’s private key is used to decrypt the message.
Authentication
Authentication
is ensured by verifying and validating some unique features of the sender. In
normal course, we validate a document by verifying the signature of the sender.
This signature is unique for everyone. Similarly, for digital transactions a
private key is unique for each owner. Only the owner is in possession of his
unique private key and no one else. Each private key has a corresponding public
key. Third person can authenticate the identity of the owner with the use of a
public key. When the objective is to authenticate the sender of the message,
the sender's private key is used to encrypt the hash of the message. Receiver
will try to decrypt the same with use of the sender's public key and if
successfully decrypted, it indicates that the message is genuine and the sender
is authenticated.
Hence for authentication
of the message, sender’s private key is used to encrypt the message and
sender’s public key is used to decrypt the message.
Non - Repudiation
Non-repudiation
refers to a situation wherein the sender cannot take back his responsibility
for the digital message or transaction. Non-repudiation establishes once the
sender is authenticated. Hence for non-repudiation, the same concept of
authentication will apply.
Hence for non-repudiation
of the message, sender’s private key is used to encrypt the message and
sender’s public key is used to decrypt the message.
Integrity
Integrity refers to
correctness, completeness and accuracy of the message/data. To achieve
objective of integrity following steps are
followed:
●
Sender will create a hash of the message.
●
This hash is encrypted using the sender's
private key.
●
Message along with an encrypted hash is sent
to the receiver.
●
Receiver will do two things. First he will decrypt the hash
value using the sender's private key and second he will again calculate the
hash of the message received.
●
Receiver will compare both the hash and if
both hash values are the same, the message is considered as correct, complete
and accurate.
Summary
Following
table will help us to understand use of different keys to achieve each of above
objective:
|
Objective |
Use of Keys |
What to encrypt |
|
Confidentiality |
receiver’s public key |
full message |
|
Authentication/Non-repudiation |
sender’s private key |
hash of the message |
|
Integrity |
sender’s private key |
hash of the message |
|
Confidentiality &
authentication/non-repudiation |
For confidentiality –
use of receiver’s public key to encrypt full message |
|
|
For authentication
(non-repudiation) – use of sender’s private key to encrypt hash of the
message |
||
|
Confidentiality,
Integrity & Authentication/non-repudiation |
For confidentiality –
use of receiver’s public key to encrypt full message |
|
|
For integrity,
authentication (non-repudiation) – use of sender’s private key to encrypt
hash of the message |
||
Hash of the Message
Some
important features and functionality of hash value is as follow:
●
Hash value is digital code of the message /
content.
●
It is arrived at by using a different
algorithm.
●
Hash value is also known as message digest.
●
Hash value is unique for each message/content.
●
A slight change in message/content will
produce a different hash value.
●
Hash value is used to ensure integrity of
message/content.
●
Hash value is used for creation of digital
signature. Hash value when encrypted with the sender's private key, it becomes
a digital signature. Digital signature is used to determine integrity of
message and authentication of sender (i.e. non-repudiation)
Combining Symmetric and Asymmetric
Methods
Most efficient use of PKI
is to combine the best features of asymmetric as well as symmetric methods.
Challenge of asymmetric encryption is an expensive and time consuming process.
Though symmetric encryption is comparatively much faster, it possesses the
challenge of sharing the symmetric key to other parties. To combine the benefit
of both and address their challenges following process is recommended:
●
Step 1: For faster and inexpensive
computation, encrypt the entire message with the help of a symmetric key.
●
Step 2: Encrypt the above symmetric key with
the public key of receiver.
●
Step 3: Send the encrypted message (step 1)
and encrypted symmetric key (step 2) to the receiver.
●
Step 4: Receiver will decrypt the symmetric
key using his private key.
●
Step 5: Receiver will use a symmetric key to
decrypt the full message.
Thus when combined method
is used:
●
Use of
symmetric key to encrypt full message
●
Use of
receiver’s public key to encrypt the symmetric key
Key aspects from CRISC exam
perspective
|
CRISC Questions |
Possible Answers |
|
In asymmetric
encryption, message confidentiality can be ensured by |
Use of receiver’s public key for encryption and
use of receiver’s private key for decryption |
|
In asymmetric
encryption, message authentication can be ensured by |
Use of sender’s private
key to encrypt the message/hash and use of sender’s public key to decrypt the
message/hash |
|
In asymmetric
encryption, message non-repudiation can be ensured by |
Use of sender’s private
key to encrypt the message/hash and use of sender’s public key to decrypt the
message/hash |
|
In asymmetric
encryption, message integrity can be ensured by |
Use of sender’s private
key to encrypt the hash and use of sender’s public key to decrypt the hash |
|
Cost of cryptography
increases by |
Long asymmetric keys |
|
How to combine symmetric and asymmetric methods for better
results? |
●
Use of symmetric key to encrypt full message ●
Use of receiver’s public key to encrypt the
symmetric key |