RON RICHTER: Welcome
to the second part
of our two-part lecture
series on cryptology.
My name is Ron Richter.
I'm the program coordinator
here at Blue Ridge Community
Technical College.
And we're going to finish
our discussion on cryptology.
So in our last series, we were
talked about the differences
between a hash and a cipher.
So today, we're going to
take this idea of ciphers
a few steps further.
So what makes a cipher
different from a hash
is that a hash is a
one-way algorithm.
A cipher is a two-way
or reversible algorithm.
Ciphers come in
really two varieties,
symmetric and asymmetric.
Let's first examine
the symmetric.
The symmetric
encryption algorithm,
which can sometimes be referred
to as a private key cipher,
relies on a shared secret key to
both encrypt and decrypt files
or messages.
The key part of that phrase
is shared secret key.
There's actually
two subcategories
of symmetric ciphers.
The stream type of
symmetric cipher.
With a stream, the
encryption engine
replaces or substitute
one character at a time.
A good example of a stream
encryption algorithm
is a substitution cipher
or a transposition cipher
where you're substituting
one letter for another
or you're transposing one letter
in a word for another letter
in that same word.
The stream cipher
is relatively fast
when the plain text
is relatively short.
Compare that with
the other category
of symmetric encryption
algorithm, the block cipher.
The block cipher manipulates
an entire block of text
at one time, either in
8 or 16-byte blocks.
So now the encryption
engine is acting
upon an entire block
at a time rather than
one character at a time.
Relatively speaking,
block ciphers
are much faster when the
plain text is relatively long.
In terms of security,
a stream cipher
is relatively less secure
than a block cipher.
Because again, the
encryption engine
is doing the same exact
thing over and over again,
whereas the encryption
engine for a block cipher
is acting on an
entire block at a time
so it never acts
the same way twice.
The scripture process for
a symmetric algorithm,
either block or
stream, is the same.
We can take our unencrypted
text or our plain text,
which is, in this case, is
in the form of a message.
We can apply an
encryption algorithm along
with the specific key.
And in this case, we're talking
about a symmetric encryption
process.
So this is a shared secret key.
The key and the algorithm
are combined along
with the plain text message
to create the cipher text.
Now we have a secure piece of
data that can be transmitted.
It can be transmitted
to a remote user
where the ciphertext
can be combined
with the same key and the
same decryption algorithm,
decrypting it back into
legible text again.
So that confidential memo,
layoffs at the Lakeview store
will begin, can be
sent securely decrypted
and the original message
can be retrieved.
Examples of types of symmetric
ciphers or private key ciphers,
again, are many.
Each of these ciphers come
from a family of ciphers
that have evolved over time,
usually because of key strength
becoming larger and larger.
And again, the larger the
key, usually more secure
the algorithm is.
The Rivest family of ciphers
RC2 up through RC5, 2 and 5
being of the block variety,
4 being of the stream variety
and evolving to what we use
today, the DES, the triple DES
and the AES.
Digital Encryption
Standard, triple
Digital Encryption
Standard, which
just performs the same
algorithm three times,
and the Advanced
Encryption Standard,
which is the encryption standard
that the federal government
insists that federal
agencies use today
to protect federal information.
Symmetric ciphers provide
more protections than hashes,
obviously.
They do provide that
protection of confidentiality
because we can use that
shared secret key to convert
that plain text in
the cyberattacks
and it can be transmitted
confidentially.
It can prove integrity because
without that shared secret key,
you can't retrieve the original
data from the encrypted data.
It gives us the
protection of availability
because that data
can be exchanged
freely as long as the key
is shared with the intended
recipient.
It can provide authentication
because you can't authenticate
the recipient is authorized to
receive that data because they
happen to be in
possession of the key.
The only protection it cannot
provide is the protection
of non-repudiation.
Whoever has
possession of that key
has the ability to decrypt it.
And they also have the
ability to encrypt the message
and return it to
the original sender.
But there is no
way to authenticate
who that actual person is.
So there's no protection
of non-repudiation.
What's the weakness of
that shared private key?
The weakness of symmetric
encryption is just that.
The private key has
to be kept private
but it has to be shared.
That means that
the key either has
to be transmitted through snail
mail, through electronic means,
or hand-delivered from
origination to destination.
That in itself is a weakness.
Because at some point in the
transportation from origination
to destination, the key
can always be intercepted.
Asymmetric encryption algorithms
overcome that weakness.
We refer to asymmetric
encryption algorithms
as public key ciphers
because this cipher
uses a set of keys, a set of
mathematically related public
and private key
pair, rather than
a shared secret key to encrypt
and then decrypt messages.
These keys are generated
and mathematically related.
They never have to be exchanged.
The public key is freely
available to everyone
and will be published.
The private key would only
be known to individual
to whom it belongs.
And the beauty is the keys
work in both directions.
You can send a message
with a public key,
decrypt the message
with a private key.
And you can send the
message with a private key
and decrypt a message
with a public key.
How does this work?
The process of asymmetric
encryption is pretty simple.
We can begin with the
same plain text message.
Layoffs will begin at the--
layoffs at the Lakeview store
will begin.
They can be encrypted using
the public key of Alice
via the recipient, combined
with the encryption
algorithm to create
the cipher text.
That ciphertext can be securely
transmitted to the recipient.
In this case, Alice.
It can be decrypted with
Alice's private key to which
only Alice has access to.
And the ciphertext can be
deciphered into plain text.
Various examples of
asymmetric encryption
we can look at today.
Diffie-Hellman is an example
of asymmetric encryption.
The Diffie Hellman
algorithm is actually
the algorithm that many
times is used to generate
the public and private keys.
RSA is another heavily
used asymmetric encryption.
It stands for the
Rivest Secure Algorithm.
Elliptical Curve, El Gamal,
DSA are all currently
used types of
asymmetric encryption,
but Diffie Hellman and RSA being
the most prevalent use today.
Now, it's interesting to
note, asymmetric encryption
is much slower, relatively
speaking, than symmetric
encryption.
For instance, regular old
DES is 100 times faster
than RSA encryption
when performed
in software and
actually thousands
of time-- tens of
thousands of times
faster when performed
in hardware.
But asymmetric encryption
provides protections
that symmetric
encryption can't provide.
It provides confidentiality
like symmetric encryption.
It can provide integrity
like symmetric encryption.
That can provide availability
like symmetric encryption.
It provides this protection
of authentication
like symmetric encryption.
And it also provides this
idea of non-repudiation
because a message sent by
Alice with her private key
to whom she's the only one who
possesses that private key can
only be received by someone
possessing her public key.
And because she's
the only person
with access to the
private key provides
this idea of non-repudiation.
Alice could never deny
sending that message
because it could
only come from Alice.
So this idea of
asymmetric encryption
is the idea behind
digital signatures
that we use today because
asymmetric cryptography can
be used to provide proofs.
We can have proof.
Suppose that Anne received
an encrypted document that
says it came from Bob.
Anne can be sure that the
encrypted message was not
altered by someone else
during transmission.
But how can she verify the
document came only from Bob?
Well, if Bob's private key was
used to encrypt that message,
it could have only come from
Bob because only Bob has
possession of that private key.
So that is symmetric and
asymmetric encryption.
I thank you.
