Our last article further examined and finished off the topic of Symmetric Cryptography. Specifically, the following topics were examined:
- The Caesar Methodology
- The Types of Cryptographic Attacks
- Polyalphabetic Encryption
- Block Ciphers
- Initialization Vectors
- Cipher Block Chaining
In this article, we now start to examine another Cryptographic Infrastructure, known as “Asymmetric Cryptography.” This is much more complex than that of a Symmetric Cryptographic Infrastructure because it is not just one that is being used, it is two sets of keys which are now being utilized. These are specifically known as the Private Key and the Public Key.
This article will cover the following topics:
- An Introduction to Asymmetric Key Cryptography
- The Public and Private Keys Which are Used
- The Differences Between Asymmetric and Symmetric Key Cryptography
- The Disadvantages of Asymmetric Key Cryptography
For a primer into Cryptography, click here:
An Introduction to Asymmetric Key Cryptography
As mentioned, the keys used in Asymmetric Cryptography are called the Public and the Private Keys. They are also used to encrypt and decrypt the Ciphertext that is sent between both the sending and the receiving parties as they communicate with another.
In the most simplistic terms, Asymmetric Cryptography can be likened to that of a safe deposit box at the local bank. In this particular instance, there are also two sets of keys which are being used.
One key is the one that the bank gives you. This can be referred to as the Public Key because it is used over and over again by the past renters of this particular safe deposit box, and for other future renters as well. The second key can be considered to be the Private Key, because this is the one that the bank keeps in their possession at all times, and only the bank personnel know where it is kept.
The world of Asymmetric Cryptography is just like this example, but of course, it is much more complex than this. To start with, typically, in an Asymmetry Cryptographic Infrastructure, it is the receiving party that is primarily responsible for generating both the Public Key and the Private Key. In this instance, let us refer to the Public Key as “pk” and the Private Key as “sk.”
Thus, to represent both of these keys together, it would be mathematically represented as (pk, sk). It is then the sending party which uses the Public Key (pk) to encrypt the message they wish to send to the receiving party. This entity then uses the Private Key (sk), which they have privately and personally formulated to decrypt the encrypted Ciphertext from the sending party.
Remember, one of the primary goals of Asymmetric Cryptography is to avoid the need for both the sending and the receiving parties from having to meet face to face to decide on how to protect (or encrypt) their lines communications with each other. Thus, at this point, the question that arises is, how does the receiving party know about the Public Key (pk) generated by the receiving party so that the two can communicate with each other? This is answered in the next section.
The Public and Private Keys Which Are Used
There are two distinct ways in which this can be accomplished:
- The receiving party can deliberately and purposefully notify the sending party of the Public Key (pk) in a public channel so that the communications can be initiated and then further established.
- The sending party and the receiving party do not know about each other in advance. In this case, the receiving party makes their Public Key known on a global basis, so that whoever wishes to communicate with the receiving party can do so, as a result.
Now, this brings up a very important point: The Public Key (pk) is public, meaning that anybody can use it, even all of the hackers in the world if this were to be the case. Thus, how does Asymmetric Cryptography remain so secure? It remains highly secure based on the fact that the Private Key (pk) which is being utilized remains literally, private.
In these cases, it is then up to the receiving party not to share the Private Key (sk) with any other entity, not matter how much they are to be trusted. If the privacy of the secret key (which is also the Private Key, or the sk) is compromised in any way, then the security scheme of the Asymmetry Cryptographic Infrastructure is then totally compromised.
To help ensure that the Private Key remains private, Asymmetric Cryptography uses a sophisticated mathematical function called the power of Prime Numbers. The basic idea here is to create a very large prime number as a product of two very large prime numbers.
Mathematically put, the basic premise is that it will take a hacker a very long time to figure out the two prime number multiples of a very large product that is several hundred integers long, and thus, gives up in frustration. Even if a hacker were to spend the time to figure out one of these prime numbers, the hacker still has to figure out the other prime number. Thus, the chances that they will figure this out is almost nil.
As a result, only one portion of the Public Key/Private Key (pk,sk) combination is figured out, and the Asymmetric Cryptography technique utilized by the sending and the receiving parties remains intact and secure.
In other words, the hacker cannot reverse engineer one key to get to the other key to break the Ciphertext. It should be noted that in Asymmetric Key Cryptography, the same Public Key can be used by multiple, different sending parties to communicate with the single receiving party, thus forming a One to Many, or 1:N, mathematical relationship.
The Differences Between Asymmetric and Symmetric Key Cryptography
Ethical Hacking Training – Resources (InfoSec)
Now that we have provided a starting point into Asymmetric Cryptography, it is important at this juncture to review some of the important distinctions and the differences between this and Symmetric Cryptography.
First, with Symmetric Cryptography, the complete 100% secrecy of the key must be assured, but as it has been discussed, Asymmetric Cryptography requires only half of the secrecy, namely that of the Private Key (sk).
Although this might seem like just a minor difference, the implications of this can have great magnitudes. For example, with Symmetric Cryptography, both the sender and the receiver need to be able to communicate the secret key which is generated with each other first, and the only way that this can happen is if both parties met face to face with each other, before the encrypted communication take place between both parties.
To complicate matters even more, it is imperative that this Private, or secret key is not shared with anybody else or even intercepted by a third party. However, again, in Asymmetric Cryptography, the Public Key can be shared virtually indiscriminately with each other, without the fear of compromising security.
Second, Symmetric Cryptography utilizes the same secret key for the encryption and decryption of the Ciphertext, but with Asymmetric Cryptography, two different keys (namely the Public and the Private Keys) are both used for the encryption and the decryption of the Ciphertext.
In other words, in Asymmetric Cryptography, the roles of the sender and the receiver are not interchangeable with one another like Symmetric Cryptography. This means that with Asymmetric Cryptography, the communication is only one way. Because of this, multiple senders can send their Ciphertext to just one receiver, but in Symmetric Cryptography, only one sending party can communicate with just one receiving party.
Also, Asymmetric Cryptography possesses two key advantages:
- It allows for the sending party and the receiving party to communicate with one another, even of their lines of communication are being observed by a third party and
- Because of the multiple key nature, the receiving party needs to keep only one Private Key to communicate with the multiple sending parties.
The Disadvantages of Asymmetric Key Cryptography
However, despite all of this, Asymmetric Cryptography does possess one very serious disadvantage: Compared to with Symmetric Cryptography, it is at least two to three times slower. This is primarily because of the multiple parties that are involved, and the multiple keys that are involved as well.
Thus, this takes enormous processing power and is a serious drain on the server power and other system resources which are involved. Thus far in our review of Asymmetric Cryptography, we have assumed that the potential hacker is merely just eavesdropping in on the Ciphertext communications between the sending the receiving parties.
However, if the potential hacker has a strong criminal intent, they can quite easily listen in on the communications on an active basis and cause great harm in the end. There are two specific cases in which this can happen.
First, if the hacker can replace a Public Key of his own (which is mathematically represented as “pk'”) while the Ciphertext is in transit between the sending and the receiving parties. Unknowingly, the receiving party could decrypt the Ciphertext with that malicious Public Key.
Second, the situation could arise when the hacker can change the mathematical value of the Public Key or change it while it is in transmission between the sending and the receiving parties. The exact techniques for protecting the Public Key in an Asymmetric Cryptography infrastructure will be discussed in a later article.
Overall, this article has provided an overview of what an Asymmetric Cryptography infrastructure looks like. However, keep in mind that this view is only at a very basic level, This type of Cryptographic system can become very complex, particularly if it is used at a very large corporation or business with literally thousands of employees.
Although it will provide high levels of security in the communications flows which take place, the downside is that it will take that much more processing power to ensure that it will be fully functional.
However, equally important apart from the Public Key and Private Key combinations which are being used are the Mathematical Algorithms themselves. These serve as the crux to an Asymmetric Cryptography Infrastructure, and while there are many, there a few which are the most important as well as the most widely used. They are as follows:
- The RSA Algorithm
- The Diffie-Hellman Algorithm
- The Elliptical Wave Theory Algorithm
These will be further reviewed in the next article.