Symmetric Cryptosystems
Symmetric cryptosystems use the aforementioned key actual for all operations (that is, the aforementioned key
to encrypt and decrypt). Symmetric cryptosystems accommodate symmetric encryption and
message affidavit with the advice of hashes.
Symmetric Encryption
Symmetric encryption occurs aback the aforementioned key is acclimated for both encryption and
decryption, as Figure 1-5 shows. This key is alleged the aggregate key or affair key.
Figure 1-5 Symmetric Encryption
Networks use assorted symmetric encryption algorithms: the added contempo Advanced
Encryption Standard (AES), the earlier Abstracts Encryption Standard (DES), or RC4.
Because all entities charge use the aforementioned aggregate key, defended key administration is required.
Indeed, if the aggregate key is compromised, acquaintance no best exists.
Key administration can appear in two ways:
• Out of band. Where the key is secretly beatific alfresco the approach acclimated for data
communication (for example, it’s beatific by column or transmitted by fax).
• In band. Where the key is secretly transferred aural the aforementioned approach acclimated by the
encrypted data. Assorted defended key-distribution algorithms exist: Diffie-Hellman
(DH) acclimated by IPsec, Microsoft Challenge Handshake Affidavit Protocol version
2 (MS-CHAPv2), Transport Layer Aegis (TLS), and so on. For aegis purposes,
they are generally accumulated with authentication.
Hashing Functions
Encryption is not the alone purpose of symmetric cryptosystems; they can additionally analysis data
origin. Figure 1-6 depicts addition symmetric cryptosystem: the cryptographic hashing
function. This is a algebraic action activated to a continued abstracts block, and the aftereffect is a
small allotment of data—typically, alone 128 or 196 bits.
Shared key
Plaintext:
Hello
Plaintext:
Hello
Encryption Ciphertext: Decryption
%z$*@
14 Chapter 1: Introduction to Security
Figure 1-6 Assortment Function
The cryptographic assortment action charge accept specific properties:
• A change of a distinct bit in the ascribe charge aftereffect in a absolutely altered hash.
• From the hash, it charge be absurd to compute aback the aboriginal input.
Hash Bulletin Affidavit Code
Cryptographic assortment functions can be acclimated for bulletin data-origin validation (sometimes
called authentication) aback accumulated with a aggregate key, as Figure 1-7 shows. This is called
Hash-based Bulletin Affidavit Code (HMAC). The basal acumen is that only
the entities that apperceive the aggregate key can accomplish HMAC; no added parties can accomplish it.
Therefore, this proves that the bulletin has been originated by an article who has admission to
the aggregate key.
Hash
Function
Input
Hash
Cryptography 15
Figure 1-7 HMAC
The message’s artist computes the assortment amount of the chain of the aggregate key
and the message. This assortment is again transmitted calm with the bulletin to all recipients.
The recipients artlessly assassinate the aforementioned ciphering and analyze the computed hash
against the accustomed one. If they match, this proves
• Integrity. If the bulletin was afflicted during transmission, the cryptographic hash
value would differ.
• Abstracts agent (authentication). Without control of the abstruse key, no one else
would be able to compute the cryptographic assortment afore transmission.
This is not a agenda signature. Any buyer of the aggregate key can compute the hash. So, all
the key owners can pretend that addition buyer has computed the hash. This agency that
everyone can abandon a bulletin that he originated, alike if he computed the cryptographic
hash. To accept a agenda signature, no one should be able to abandon a bulletin that he
originated. (This is nonrepudiation, which the abutting area describes.)