15 March 2023

Symmetric and Asymmetric Encryption (Cryptography)

Encryption is the process of converting human-readable data, namely plain texts, into incomprehensible texts. To tell it simply, that is the case of data being randomized in accordance with certain rules or patterns to form an incomprehensible whole. Also, it is known as the encryption of data or encrypted information. In the event that data that has become sufficiently random is stolen, the data cannot be converted back to its original state. Thus, the data cannot be read unless the rules or patterns are known to convert the data back into a legible form, that is unless they have the key that makes the encryption. Encryption preserves data integrity. Cryptography is a set of mathematical methods that provides the necessary confidentiality for the security of important information.

Today, with the existence of the Internet, the criticality of personal or corporate data has increased and the value given to all kinds of information has gained importance. Knowledge has become the source of power. All personal information obtained is salable for advertising and marketing. At this point, it is expected that the confidential information of individuals or institutions will not be captured by third parties. Different kinds of technologies have developed and continue to develop in order to ensure the security of the person or institution. Data encryption is one of the important methods created to keep the intelligibility of communication confidential only between the receiver and the transmitter.

Encryption can be applied by making all types of communication, not only digital data but also written, printed, and even verbal, incomprehensible with certain applications. It is known that the first encryption method was discovered by an Egyptian scribe who lived 4000 years ago. He went down in history as the first cryptologist. Data encryption processes, Nazi Germany’s II. It became widespread with the Enigma machine, which it used to make written military communication incomprehensible during World War II. The most important feature of the rotational cipher machine, which works in a mechanical structure, works by bringing together several rotors and changing the cipher dynamically. Encryption operations were always implemented symmetrically until the 1970s. The data is encrypted and the same ruleset or application decrypts the encrypted data again with a rule set or application. For this reason, symmetric cryptography is also known as private-key cryptography. Because it uses a single private key for both encryption and decryption operations.

It is understandable to use a single physical key in close proximity to encrypt data. However, if communication is required between the source and destination in a different country or continent, or if the key is likely to be lost, multiple and different types of keys must be used to avoid breaching data security. The key is the method by which the encryption process is implemented. It enables the encryption of clear text with a long string of random, unpredictable characters.

If the same key is used for the encryption and decryption of data in communication, it is defined as SYMMETRIC encryption. Thanks to its simple working structure, it does not cause too much processing on a network or CPU resources and thus works faster. If a separate key is used to encrypt the data and different keys or key sets are used for decryption, it is defined as ASYMMETRIC encryption. The key used in symmetric encryption is defined as Private Key. In asymmetric encryption, the key that encrypts the data is defined as the Public Key, and the key used to decrypt the encrypted data is defined as the Private Key. Asymmetric encryption should always be preferred in order to transfer data securely. At this point, the Public Key working structure forms the basis of the establishment of the internet, that is, digital security.

The keys used in asymmetric encryption are separate from each other but mathematically related to each other. This is because they were created using an asymmetric algorithm that binds the public key to the private one. Asymmetric encryption does not prevent attacks and data leaks or data theft, but prevents reading and accessing data that will be transmitted unencrypted, that is, in clear and plain text.

There are five important differences between Symmetric and Asymmetric encryption. These are;

A single key is used in symmetric encryption, and two different keys are used in asymmetric encryption.
Symmetric encryption is a very simple technique and therefore the encryption process takes place more quickly. However, asymmetric encryption has a more complex structure and encryption processes take longer for this reason.
The length of keys in symmetric encryption is typically 128 or 256 bits, depending on the security requirement. However, the recommended RSA key size for asymmetric encryption is 2048 bits or higher.
Symmetric encryption is generally used when communication is crowded and large data packets need to be transmitted. Asymmetric encryption, on the other hand, is used to establish a secure communication line by authenticating while creating a secure communication channel before data transmission.
The public key is shared between the user and the server since the key is unique in symmetric encryption. This increases existing security risks. However, in asymmetric encryption, no keys are shared and the entirety of transactions is more confidential and secure compared to symmetric encryption.

Public Key is generated using complex asymmetric encryption algorithms. Its complexity and length vary depending on the algorithm it has, the key size ranges from 128 bits to 4096 bits. Therefore, when data is encrypted using a Public Key, the original content of the data in the ciphertext cannot be interpreted and guessed, or the same key cannot be used to unlock it. This lock, which is locked with the Public Key, can only be opened with the Private Key. Each Public Key has a corresponding Private Key.

Public Key and Private Key are calculated in different ways. Thus, it works as a decrypter, as a decryptor of encrypted data. The keys that enable encryption and decryption are private. For this reason, the keys should be kept in a secure sharing area and this area should be known and not forgotten. If the Private Key is lost, the encrypted data cannot be restored and read. The certificate needs to be reissued. It is impossible to generate a Private Key by the corresponding Public Key as it is generated with strong randomness. That is, the Private Key can never be derived from the Public Key. An advantageous factor is that even a modern supercomputer takes thousands of years to crack a Private Key with a Brute Force attack and reach encrypted data. Each Public Key and Private Key pair is generated as a unique pair.

Symmetric Encryption vs Asymmetric Encryption

Likewise, an SSL/TLS certificate protects data transfer between a browser and the website’s server using public key encryption. The webpage owner installs an SSL certificate on the website and trusts the uniquely generated Public Key and Private Key pair for this certificate. There are millions of sites using SSL/TLS certificates, but none of them have the same key pair. SSL/TLS keys used in web access are generated and used over the asymmetric channel with the symmetric encryption method. For this reason, without the Private Key, no intruder can access the relevant private session areas.

Cryptographic processes are applied on the browser to create a secure channel. This helps to protect the data transferred to the server of the website via the connected device. It is possible to use a secure and fast communication line. Thanks to some special technology or applications, secure communication is one of the advantages of asymmetric encryption and fast communication, which is the advantage of symmetric encryption. Both can use at the same time. For example, SSL/TLS certificates are used to encrypt the communication channel between web browsers such as Chrome, Firefox, and the server trying to connect. The digital identity of the server where the website is located is verified using an SSL/TLS certificate. Thus, it is ensured that the user is connected to the correct address via a secure communication channel over HTTPS. At this stage, the communication channel, which was created using asymmetric encryption and which will later serve to continue the communication on the same channel, is presented to the user by transforming into a session that switches to symmetric encryption. Communication is established with symmetric encryption through the secure channel created with asymmetric encryption.

All encryption process takes only a few milliseconds, even with a series of steps in handshakes at this stage. The handshake process takes place in three directions between the client and the server. Following this handshake, an SSL/TLS transaction is performed, and then the procedure or implementation of the supported encryption algorithm (for example, RSA, MD5, SHA, AES, Diffie-Hellman, etc.) is specified. This whole process starts with a “hello” packet sent by the server to the client. The establishment of the session is decided based on the highest encryption algorithm supported by both client and server. With the “Hello” message from the server, the client receives the digital certificate of the server holding the Public Key data it has received and verifies the validity of the server certificate. According to symmetric encryption, Public Key calculations are made and both the server and client send encrypted messages to each other. Thus, communication is made using symmetric keys over a secure encrypted channel.

Encryption HandShake Phase Between User and Server

It is known that the data on the communication channel cannot be discovered, tampered with, or even if it is captured, cannot be read and made meaningful by third parties, thanks to the encryption applied. It also uses digital signature algorithms, along with other types of cryptographic functions and hashed ciphers, to help protect data integrity and enable authentication.

Public Key and Private Key are used to encrypt data while keeping records in all reliable processes such as authentication, website access, e-commerce, or digital signature. So what is a digital signature? A digital signature is a technology that allows the communicating device or operating system to identify an e-mail, executable software, or another piece of data to determine whether it is genuine ( from the legitimate side, not from an intruder).

To summarize, both symmetric and asymmetric encryption methods vary according to the usage area and working structure. Comparing them with each other or discussing which one is better will not reach a conclusion. Although both are extremely different based on varying mathematical structures, they can be used efficiently with different applications in different scenarios.

Messaging apps like Signal, Telegram, or WhatsApp use end-to-end encryption, where asymmetric encryption is applied to initiate the encrypted communication channel, and the rest of the conversation is converted to symmetric encryption. For this reason, every time the asymmetrically encrypted communication channel is renewed, the message “The passwords between you and this user have been changed.” will be displayed in your Whatsapp message box. However, no matter which method is used, the fact that these passwords are generated by Whatsapp and shared between two points, regardless of whether they are asymmetric or symmetrical, does not mean that the keys are not cloned. You don’t know that a locksmith who hands you a pair of keys with a lock won’t steal tomorrow by making him a copy of the key without your knowledge. For this reason, the first point of security starts with the user. Stay safe and healthy.

To review crypto machines retrospectively:

https://ciphermachines.com/
https://wondersandmarvels.com/category/cryptography-vanderbilt

Lütfen bu gönderiye bir puan ver.

[Total: 1 Average: 5]

Leave a Reply Cancel reply

EMRE ÇİÇEK
15 March 2023
Blog, Network
4g, 5g, 802.1x, aaa, access, accounting, açık, acl, ağ, ağ donanımı, ağ güvenliği, ağ iletişimi, ağ mimarisi, ağ performansı, ağ protokolleri, ağ segmentasyonu, ağ topolojisi, ağ trafiği, ağ yapılandırması, agent, ajan, alıcı, altağ, alto, anahtar, anti-virüs, API, application, arayüz, architecture, ARP, asimetrik, asymmetric, atak, attack, authentication, authorization, bağlantı, bandwidth, bant genişliği, başlık, bgp, bilgi, bilgi güvenliği, bilgi güvenliği yönetim sistemi, bilişim, bit, botnet, browser, buffer, bug, bulut, bulut bilişim, bulut güvenliği, byte, cable, cdr, center, challenge, chap, check, checkpoint, cihaz, clean, clear, cleartext, clone, cloud, communication, configuration, connection, content, control, crypto, Cryptography, customer, cve, data, database, ddos, decapsulation, decrypted, decryption, defined, delay, deliver, delivery, destination, device, dia, diode, direct, directly, display, dlp, dns, dogrulama, domain, donanım, dosya, duvar, düzlem, e-mail, eap, edr, efficiency, efficient, egress, electric, electronic, email, emre, encapsulation, encrypted, encryption, engineer, enigma, enterprise, eposta, Erişim, error, event, evrensel, exchange, f5, field, firewall, fiziksel, fortinet, Frequency, gap, gateway, gecikme, generation, ghz, gizli, guvenli, güvenlik, güvenlik açığı yönetimi, güvenlik duvarı, güvenlik izleme, güvenlik politikası, handshake, hardware, hash, hata, hava, header, hedef, hertz, hesap, hibrit bulut, hız, horizon, ibgp, içerik, İletim, iletişim, imc, information, ingress, input, integration, interface, internet, IP, iş sürekliliği, jitter, kablo, kapsül, kapsülleme, katman, kaynak, key, kimlik, kimlik avı, kimlik doğrulama, klon, konfigürasyon, kontrol, konum, kripto, kriptolanmış, kriptoloji, kritik, kullanıcı, kullanıcı adı, kullanıcıadı, kural, kurtarma, KVKK, LAN, latency, layer, line, list, local, location, log, log yönetimi, lokal, lokasyon, loss, lte, MAC, mail, malware, management, md5, mdr, merkez, mimari, mitm, mobil güvenlik, monitor, mpls, mschap, mtu, mühendis, multiple, müşteri, nac, network, next-gen, nfv, ngfw, northbound, nv, OMP, openflow, optimizasyon, optimization, oran, output, overlay, packet, paket, paloalto, parola, password, pep, phishing, plane, poe, point, poisoning, port, ppp, pppoe, prevention, prof, professor, protocol, proxy, qlink, qradar, radius, rate, receiver, redundancy, reflection, route, route poisoning, route reflection, router, saldırı, SD-WAN, SDN, SDWAN, secure, security, server, sha, show, siber, sibergüvenlik, siem, şifre, signal, simetrik, Sinyal, site-to-site VPN, sızma testi, sniff, software, sosyal mühendislik, source, southbound, speed, split, split horizon, spoofing, ssid, SSL, stateful, stateless, structure, sunucu, switch, symmetric, syslog, system, tabanlı, table, tablo, tanımlı, tasnif, TCP, technology, tehdit, teknoloji, telecommunication, telegram, telekom, telekomünikasyon, tls, topology, topoloji, trafik, trafik analizi, trafik izleme, TTL, tünel, tunnel, ucpe, UDP, underlay, universal, user, username, utm, uyumluluk yönetimi, vcpe, veri, veri analizi, veri gizliliği, veri kaybı önleme, veri merkezi, veri şifreleme, veri transferi, verici, verim, verimlilik, veritabanı güvenliği, virtual, virtualization, virus, vlan, VPN, vxlan, waf, WAN, web, wep, whatsapp, wpa, xdr, yapı, yazılım, yedek, yedekleme, yedeklilik, yenilik, yetkilendirme, yönetim, yönlendirici, yönlendirme, zafiyet, zehirlenme

EMRE ÇİÇEK

Editor

M.Sc. Computer Engineer - B.Sc. Electrical and Electornics Engineer

Posts by EMRE ÇİÇEK

Wind, Gravity, and the Universe

Artificial Intelligence and Architecture

Big Data and Machine Learning

ISO-27001 and ISMS (Information Security Management System)

DWDM (Dense Wavelength Division Multiplexing)

Comments by EMRE ÇİÇEK