In symmetric encryption, the sender and receiver use a separate instance of the same key to encrypt and decrypt messages. Symmetric encryption heavily relies on the fact that the keys must be kept secret. Distributing the key in a secure way is one of the primary challenges of symmetric encryption, which is known as the “key distribution problem.” The key that is the vital component in symmetric cryptography and we cannot afford to lose it or misplace it. If the individual keys are misplaced, the message can be decrypted by malicious actors. The main advantage of symmetric cryptography is that it is much faster than asymmetric cryptography. The most important disadvantages of symmetric encryption are the key distribution problem and the key management problem. When the number of connected users grows, so does the number of required keys. Management of an increasing number of secret keys becomes a “key management problem.” Further, symmetric cryptography ensures only the ‘confidentiality’ of the transmitted or stored data. It cannot be used to ensure the integrity and/or authenticity. Asymmetric EncryptionWhen connecting to a website on the public internet it becomes more complicated and symmetric encryption, by itself, won’t work because you don’t control the other end of the connection. How do you share a secret key with each other without the risk of someone on the internet intercepting it in the middle? In November 1976, a paper published in the journal IEEE Transactions on Information Theory by Diffie and Hellman, titled "New Directions in Cryptography," addressed this problem and offered up a solution: public-key encryption. Also known as asymmetric encryption, public key cryptography is used as a method of assuring the confidentiality, authenticity and non-repudiation of electronic communications and data storage. Public-key encryption uses two different keys at once, a combination of a private key and a public key. The private key must remain confidential to its respective owner, while the public key is made available to everyone via a publicly accessible repository or directory. To decode an encrypted message, a computer must use the public key, provided by the originating computer, and its own private key. Although a message sent from one computer to another won't be secure since the public key used for encryption is published and available to anyone, anyone who picks it up can't read it without the private key. The key pair is based on prime numbers of long length. Both the public and private keys are computed together at the same time, in the same mathematical process, using “trapdoor” functions. The main characteristic of “trapdoor” functions is that they are easy to compute in one direction, yet difficult to compute in the opposite direction (finding its inverse) without special information. The main disadvantage of asymmetric encryption is that it is slow when compared with symmetric encryption. This is because of the mathematical complexity involved in asymmetric encryption and therefore requires much more computing power to sustain. It is not suitable for long sessions because of the processing power it takes to keep it going. Use Cases of Symmetric EncryptionBanking Sector. Due to the better performance and faster speed of symmetric encryption, symmetric cryptography is typically used for bulk encryption of large amounts of data. Applications of symmetric encryption in the banking sector include:
Data at rest. Data at rest is data that is not actively moving from device to device or network-to-network such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way. Data protection at rest aims to secure inactive data stored on any device or network. While data at rest is sometimes considered to be less vulnerable than data in transit, attackers often find data at rest a more valuable target than data in motion. For protecting data at rest, enterprises can simply encrypt sensitive files prior to storing them and/or choose to encrypt the storage drive itself. The best way to encrypt data at rest is by whole disk or full disk encryption. Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. Nearly everything including the swap space and the temporary files is encrypted. Encrypting these files is important, as they can reveal important confidential data. With a software implementation, the bootstrapping code cannot be encrypted, however. For example, BitLocker Drive Encryption leaves an unencrypted volume to boot from, while the volume containing the operating system is fully encrypted. In addition, the decision of which individual files to encrypt is not left up to users' discretion. This is important for situations in which users might not want or might forget to encrypt sensitive files. |