UNIT 2

Confidentiality with Symmetric Encryption

Symmetric encryption is a method of cryptography where the same key is used for
both encryption and decryption of the data1. This key is shared between the sender
and the recipient of the data, and they must exchange the key over a secure channel
to maintain confidentiality1. Here’s how it works:

1. Plaintext: This is the original message or data that is fed into the algorithm
as input2.
2. Encryption Algorithm: It performs various substitutions and
transformations on the plaintext2.
3. Secret Key: The secret key is also input to the algorithm. The exact
substitutions and transformations performed by the algorithm depend on the
key2.
4. Ciphertext: This is the scrambled message produced as output. It depends
on the plaintext and the secret key2.
5. Decryption Algorithm: This is essentially the encryption algorithm run in
reverse. It takes the ciphertext and the same secret key and produces the
original plaintext2.

The security of symmetric encryption depends on the secrecy of the key, not the
secrecy of the algorithm2. We do not need to keep the algorithm secret; we need to
keep only the key secret2.

Symmetric encryption provides data privacy and confidentiality without the extra
complexity of multiple keys3. It’s useful for encrypting databases and files, where
you’re not exchanging data publicly between parties3. However, one of the
challenges with symmetric encryption is the secure distribution of the key, as
anyone who has the key can decrypt the data4.

Remember, the best defense against these threats is a combination of strong

security policies, up-to-date technology, and user awareness5.
Message Authentication and Hash Functions
Message Authentication and Hash Functions are two important concepts in
cryptographic tools that help ensure the integrity and authenticity of data12.

Message Authentication is concerned with:

 Protecting the integrity of a message1.

 Validating the identity of the originator1.
 Non-repudiation of origin (dispute resolution)1.

There are three alternative functions used for message authentication1:

1. Message Encryption: The ciphertext of the entire message serves as its

authenticator3.
2. Message Authentication Code (MAC): A function of the message and a
secret key that produces a fixed-length value that serves as the
authenticator13.
3. Hash Function: A function that maps a message of any length into a fixed-
length hash value, which serves as the authenticator3.

A Hash Function in cryptography is a function that takes an input and returns a

fixed-size string of bytes2. The output is typically a ‘digest’ that is unique to each
unique input2. Hash functions are used in various aspects of security such as
password storage, data integrity verification, and digital signatures2.

A Message Authentication Code (MAC) is similar to a cryptographic hash,

except that it is based on a secret key2. When secret key information is included
with the data that is processed by a cryptographic hash function, the resulting hash
is known as an HMAC2. HMACs provide assurance that a message is unaltered
and comes from the sender1.

Remember, the use of cryptographic hash functions like MD5 or SHA-1 for
message authentication has become a standard approach in many applications,
particularly Internet security protocols4. Though very easy to implement, these
mechanisms are usually based on ad hoc techniques that lack a sound security
analysis4.

Public Key Encryption

Public Key Encryption, also known as asymmetric encryption, is a method of
cryptography where two different keys are used for encryption and decryption123.
Here’s how it works:
 1. Encryption: Anyone can encrypt messages using the public key, but only
the holder of the paired private key can decrypt such a message2. The
security of the system depends on the secrecy of the private key2.
2. Key Generation: An unpredictable (typically large and random) number is
used to begin the generation of an acceptable pair of keys suitable for use by
an asymmetric key algorithm2.
3. Decryption: The ciphertext can be transformed back to the original
plaintext by using a decryption algorithm and the same private key that was
used for encryption1.
4. Security: The security of public-key cryptography depends on keeping the
private key secret; the public key can be openly distributed without
compromising security2.
5. Usage: Public-key encryption is commonly used in cryptocurrency
transactions4 and digital signatures2. For example, a journalist can publish
the public key of an encryption key pair on a website so that sources can
send secret messages to the news organization in ciphertext2.

The most widely used public-key cryptosystem is RSA (Rivest–Shamir–

Adleman)1. The difficulty of finding the prime factors of a composite number is the
backbone of RSA1.

Digital Signatures and Key Management

Digital Signatures are a key aspect of cryptography, providing a method for
verifying the authenticity and integrity of data1. They use a pair of keys - a private
key to sign the data, and a corresponding public key to verify the signature1. The
process involves creating a hash of the data and signing this hash with the private
key1. The receiver, as well as any third party, can independently verify this
binding1. Digital signatures provide assurance that the data originated from the
stated sender (authentication) and that it has not been tampered with (integrity)1.

Key Management is the process of managing cryptographic keys in a secure

manner2. It involves the creation, distribution, storage, rotation, and destruction of
keys3. Key management ensures that keys are only accessible by authorized
individuals and that they are stored, transmitted, and destroyed securely3. There are
two types of cryptographic keys: symmetric and asymmetric3. Symmetric keys are
used for data-at-rest encryption, while asymmetric keys are used for data-in-transit
encryption3.

Key management is crucial because the security of many cryptographic techniques

depends on the secret keys being unknown to attackers2. If an attacker learns the
secret key, the security of the encrypted data is compromised2. Therefore, keys
need to be regularly changed and properly disposed of when they are no longer
needed2.
Remember, the effectiveness of a cryptographic system largely depends on the
strength of the keys, the effectiveness of the mechanisms and protocols associated
with key management, and the protection afforded to the keys2.

Practical Application: Encryption of Stored Data

Encryption of stored data is a practical application of cryptography that involves
converting plaintext into unintelligible ciphertext1. This method takes plaintext,
scrambles it, and sends it to a receiver2. It’s commonly used when transmitting
electronic data, such as encrypting and decrypting email and other plain-text
messages3.

The simplest method uses the symmetric or “secret key” system3. Here, data is
encrypted using a secret key, and then both the encoded message and secret key are
sent to the recipient for decryption3. Symmetric encryption heavily relies on the
fact that the keys “must” be kept secret1. Distributing the key in a secure way is
one of the primary challenges of symmetric encryption1. This is also known as the
"key distribution problem"1.

Many modern applications employ end-to-end encryption on top of transport layer

security used to data in transit4. This is rather commonly seen in banking-based
mobile applications, where asymmetric key encryption is initially used to transfer
the shared key and then symmetric key encryption being used for actual data
encryption and decryption4.

Remember, the security of many cryptographic techniques depends on the secret

keys being unknown to attackers1. If an attacker learns the secret key, the security
of the encrypted data is compromised1. Therefore, keys need to be regularly
changed and properly disposed of when they are no longer needed1.