Symmetric Key Algorithm

Symmetric algorithms use a private or secret key that must remain secret between the two parties. Each party pair requires a separate private key.

Therefore, a single user would need a unique secret key for every user with whom she communicates.

Refer to below figure to take a deeper look into multiple Symmetric algorithms, their Advantage and Disadvantages.

Symmetric algorithms include DES, AES, IDEA, Skipjack, Blowfish, Twofish, RC4/RC5/RC6/RC7, and CAST. All these algorithms will be discussed in below figure.

Symmetric Key Algorithm - DES
Symmetric Key Algorithm – DES
Symmetric Key Algorithm - 3DES

Symmetric Key Algorithm – 3DES
Symmetric Key Algorithm IDEA Blowfish Skipjack
Symmetric Key Algorithm – IDEA, Blowfish, Skipjack
Symmetric Key Algorithm RC4 and RC5

Symmetric Key Algorithm – RC4 and RC5
Symmetric Key Algorithm AES & Twofish

Symmetric Key Algorithm – AES and Twofish

Below figure strengths and weaknesses of symmetric algorithms:-

Strength of Symmetric Key Cryptography

Strengths of Symmetric Key Algorithm
Weakness of Symmetric Key Cryptography

Weakness of Symmetric Key Algorithm

As mentioned above, Key distribution is the major problem with Symmetric Key encryption. Hence, there are multiple technique used for key distribution with security.

Key Distribution

QUIZ TIME * – Practicing questions along with Concepts is Best way to Maintain Interest in Study. Hence, Please take some time for a small Quiz on Symmetric Cryptography? – Please click on below image for quiz to start.

* The questions in these practice tests are listed to help you study information and concepts that are likely to be tested on CISSP certification and do not represent questions from any actual test. Your score on these practice tests is not meant to and will not correlate to any particular score on any test.

Symmetric Key Cryptography Transcript

  1. Depend on distributed “shared secret/Private key/Secret Key”
  2. Number of keys for n nodes to communicates = n*(n-1)/2
  3. DES
    • Please note: DES is not an Algorithm “It is a standard that Published “DEA” Algorithm”
    • No longer Secure
    • 64 bit Plaintext, 64 bit private Key (56 bit is actually key + 8 bit parity bit), 64 bit Ciphertext
    • 16 times XOR operations also called as 16 times encryption
    • Electronic code book(ECB) mode
      • Simple and Least Secure
      • Same ciphertest for same plaintext everytime
      • Vulnerable to “Codebook” in case of long text
      • Must be used only for “small text” e.g. encryption of Database
    • Cipher Block Chaining(CBC) mode
      • Select Initialization Vector
      • Very less chances of getting Ciphertext same
      • Error propagate
    • Cipher Feedback Mode (CFB)
      • Streaming cipher version of CBC
      • Uses memory buffer- As buffer full, it is encrypted
      • Must not be used for Video and Voice signals
    • Output Feedback Mode(OFB)
      • Operates in same as CFB
      • A combination of Block + Stream cipher
      • Instead of chaining; it uses Seed value.
      • Future Seed value are determined by running DES algorithm on seed value
      • Advantage: No error propagate
    • Counter mode(CTR)
      • Uses Simple counter instead of Seed
      • Advantage: No error propagate
      • Most suitable for parallel computing
      • Performance is much better than other modes
  4. 3DES
    • Upto 3 times slower than DES
    • A temporary replacement to DES
    • DES-EEE3 mode
      • Encrypt three times with K1, K2, K3 key
      • effective key length = 56*3 = 168
      • E(K1,E(K2,E(K3,P)))
    • DES-EDE3 mode
      • E(K1,D(K2,E(K3,P)))
      • also uses three keys but replaces the second encryption operation with a decryption operation
    • DES-EEE2 mode
      • E(K1,E(K2,E(K1,P)))
    • DES-EDE2 mode
      • E(K1,D(K2,E(K1,P)))
    • DES-EDE1
      • only one key
      • Backword compatibility purpose
      • =DES
  5. International Data Encryption Algorithm (IDEA)
    • Developed with mindset of insufficient key length
    • 128 bit key is broken into 52 x 16 bit subkeys
    • Used by Pretty Good Privacy (PGP) email package
    • Faster & harder to break than DES
  6. Blowfish
    • Block Cipher alternative to DES & IDEA
    • Variable key length (32 bit to strongest 448 bit)
    • Block – 64 bit of plaintext
    • much faster than DES and IDEA
    • Used in Commercial software & OS, SSH
    • Never patented
  7. Skipjack
    • 64 bit block of text
    • 80 bit key and support 4 mode of operation
    • Used in Clipper chip
  8. RC4
    • Used in SSL and WEP
    • Stream Cipher
    • Variable key size of 40 to 2,048 bits and up to 256 rounds of transformation
  9. In terms of speed – RC7 > RC6 >RC5
  10. RC5
    • Block cipher of 32,64,128 bit size
    • Key size 0 to 2040 bits
    • e.g. RC5-64/16/16 denotes a 64-bit word (or 128-bit data blocks), 16 rounds of transformation, and a 16-byte (128-bit) key
  11. AES
    • NIST mandated the use of AES/RSA for all sensitive but unclassified data by the U.S. government.
    • Replacement of DES
    • Allows 128-bit of blocks, but for RSA block size could be equal to Block Size.
    • 128-bit keys require 10 rounds of encryption. 192-bit keys require 12 rounds of encryption. 256-bit keys require 14 rounds of encryption.
  12. Twofish
    • 128-bit blocks of data & keys up to 256 bits
    • Pre-whitening – XORing the plaintext with a separate subkey before the first round of encryption.
    • Post-whitening uses a similar operation after the 16th round of encryption.
    • Never Patented
  13. Strength of Symmetric encryption
    • 1000 to 10,000 times faster than Asymmetric key algorithm
    • Hard to break
    • Cheaper to Implement
  14. Weakness of Symmetric encryption
    • Key distribution is a major problem – Out of band exchange
    • Does not implement non-repudiation & Authentication.
    • The algorithm is not scalable
    • Number of unique keys needed can cause key management issues
    • Keys must be regenerated often
    • Only provide confidentiality
    • Key compromise occurs if one party is compromised, thereby allowing impersonation
  15. Key Distribution i.e. Creation, Distribution, Transmission
    • Offline Distribution
    • Public key encryption
    • Diffie-Hellman
      • Susceptible to Man-in-middle Attack unless an organization implements digital signatures or digital certificates for authentication at the beginning of the Diffie-Hellman process

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.