CISSP Advantages and Disadvantages of Symmetric Algorithms – Bk2D3T6P3

Advantages and Disadvantages of Symmetric Algorithms

Symmetric algorithms are very fast and provide very secure methods of confidentiality. Many algorithms can be implemented   in either hardware or software and are typically available at little or no cost to the user. However, there are serious disadvantages to symmetric algorithms; key distribution and management may be very difficult, especially in large organizations.  The  biggest problem of symmetric key cryptography is key distribution. The sender and receiver must have the same symmetric key to allow the encryption and decryption of the message. Key  distribution may  not be easy without having anyone else, in between, know what that key is. Secure key distribution of keys has been a fundamental problem of symmetric key cryptography.

Another problem related to symmetric key cryptography is what is referred to as scalability. The number of keys required to have secure communications between parties grows rapidly with every new user according to the following formula: n(n – 1)/2, where n is the number of users. An organization with only 10 users, all wanting to communicate securely with one another, would require 45 keys (10*9/2).  If the organization grows to 1,000 employees, the need  for key management expands to nearly half a million keys.

Symmetric algorithms also are not able to provide extended security services such as digital signature services, non-repudiation of origin, non-repudiation of delivery, and also access control and integrity. If two or more people share a symmetric key, then it is impossible to prove who altered a file protected with a symmetric key.

There are important requirements for key management needing to be addressed in symmetric key cryptography. Selecting keys is an important part of key management. There needs to be a process in place that ensures a key is selected randomly from the entire key space and that there is some way to recover a lost or forgotten key.

Related Product : Certified Ethical Hacker Online Training – EC-Council

Out-of-Band Key Distribution

As we have referenced above, symmetric algorithms require both sender and receiver to share the same key. Therefore, as we have highlighted, there are challenges with secure key distribution.

Often, the users must use what is referred to as out-of-band channel such as in person, mail, fax, telephone, or courier to exchange secret keys. Out-of-band channel means using some channel other than the one that is being used to communicate the encrypted message. It implies that the out-of-band channel is more secure than the one being used for communications of the encrypted message. The use of an out-of-band channel should make it difficult for an attacker to seize both the encrypted data and the key.

Key distribution is the most difficult challenge of symmetric key ciphers. Because the encryption and decryption processes both require the same key, the secure distribution of the key to both the sender and receiver is a key factor in the secure implementation of a symmetric key system. Out-of-band implies and requires that the cryptographic key cannot be sent in the same channel as the data.

Examples of Symmetric Algorithms

Algorithms and systems such as the Caesar cipher, the Spartan scytale, and the Enigma machine are all examples of symmetric algorithms. As we have learned in regards to symmetric cryptography, sender and receiver require the same key at both ends, making key distribution the biggest problem in symmetric system.

Basic Block Cipher Modes

Data Encryption Standard (DES) and some other block ciphers can be used in different modes. The following describe the basic block cipher modes that operate in a block structure.

  • Electronic Code Book (ECB) Mode: The ECB is the most basic block cipher mode. It is called codebook because it is similar to having a large codebook containing every piece of 64-bit plaintext input and all possible 64-bit ciphertext outputs. When a plaintext input is received by ECB, it operates on that block independently and produces the ciphertext output. The problem with ECB is that repeated text, when encrypted using the same key, will always produce the same ciphertext. This is essentially because ECB does not use an IV to randomize the process. In fact, ECB is the only mode of symmetric block ciphers that does not use an IV. Such lack of randomness may make cryptanalysis easier. For that reason, ECB is typically only used for very short messages such as transmission of a key.
  • Cipher Block Chaining (CBC) Mode: The CBC mode is stronger than ECB in that each input block will produce a different output ciphertext block, even if the input blocks are identical. This is accomplished by introducing two new factors in the encryption process that are lacking in ECB mode, an IV and a chaining function that XORs each input with the previous As with ECB, if this mode did not have an IV, the chaining process applied to the same messages would create the exam same ciphertext. The IV is a randomly chosen value that is mixed with the first block of plaintext. This acts just like a seed in a stream-based cipher. The sender and the receiver must know the IV so that the message can be decrypted later.The initial input block is XORed with the IV, and the result of that process is encrypted to produce the first block of ciphertext. This first ciphertext block is then XORed with the next input plaintext block, and the process is repeated for each successive block. This is the chaining process that ensures that even if the input blocks are the same, the resulting outputs will be different. In other words, you can encrypt the exact same message twice, with the same key, and it would not produce the same ciphertext because the IV would be different in each of those encryptions.

Stream Modes

The following modes of block ciphers operate as a stream. Even though we are describing block ciphers, these modes attempt to simulate stream cipher operations. A block-based cipher is subject to the problems of latency, or delay, in processing. This may make them unsuitable for many applications where simultaneous transmission of the data may be a requirement. These modes try to simulate a stream to be more versatile and provide support for stream-based applications.

  • Cipher Feedback (CFB) Mode: In the CFB mode, the input is separated into individual segments, the size of which can be 1 bit, 8 bit, 64 bit, or 128 bit (the four sub-modes of CFB)— usually of 8 bits because that is the size of one character. When the encryption process starts, the IV is chosen and loaded into a shift register. It is then run through the encryption algorithm. The first 8 bits that come from the algorithm are then XORed with the first 8 bits of the plaintext (the first segment). Each 8-bit segment is then transmitted to the receiver and also fed back into the shift register. The shift register contents are then encrypted again to generate the keystream to be XORed with the next plaintext segment. This process is repeated until the end of the input.
  • Output Feedback (OFB) Mode: The OFB mode is very similar in operation to the CFB except that instead of using the ciphertext result of the XOR operation to feed back into the shift register for the ongoing keystream, it feeds the encrypted keystream itself back into the shift register to create the next portion of the Because the keystream and message data are completely independent, it is now possible to generate the entire keystream in advance and store it for later use.
  • Counter (CTR) Mode: The CTR mode is typically used in high- speed In this mode, a counter, which is really again a random starting point or number, is a 64-bit random data block and is used as the first IV. A requirement of CTR is that the counter must be different for every block of plaintext, so for each subsequent block, the counter is incremented by 1, hence the name “counter.” The counter is then encrypted just as in OFB, and the result is used as a keystream and XORed with the plaintext. Because the keystream is independent from the message, it is possible to process several blocks of data at the same time, thus speeding up the entire process and throughput of the algorithm.

The Data Encryption Standard (DES)

The 1960s was really the decade that modern computer cryptography began. It was during the 1960s that companies began needing secure ways to transmit information. At the time, there was no standard; financial institutions began to need a standard encryption method they could have confidence in and use for secure data exchange. This need really drove the National Institute of Standards and Technology (NIST) in 1972 to assist in the development of a secure cryptographic algorithm for sensitive, but not government classified, information. In 1974, it settled on DES, a method submitted by IBM. Despite some controversy, DES was finally adopted as the federal standard for unclassified documents in 1977 and is the most widely used cryptographic method in history.

The DES was based on the work of Horst Feistel at IBM. Horst Feistel had developed a family of algorithms that had a core principle of taking the input block of plaintext and dividing it in half. Then, each half was used several times through an XOR operation to alter the other half, providing a type of algorithm that relied on substitution and permutation.

DES operates on 64-bit input blocks and outputs the corresponding ciphertext into 64-bit blocks as well. There are 16 identical stages of processing, termed rounds, or steps. Before the main rounds, the block is divided into two 32-bit halves (because it is a Feistel cipher) and processed alternately using an effective 56-bit key. When looking at an actual DES key, it is 64 bits in length; however, every eighth bit of the key is used for parity and, therefore, is ignored. Therefore, it is often said that the effective length of the DES key is 56 bits.

Because every bit has a possible value of either 1 or 0, it can be stated that the effective key space for the DES key is 2 raised to the power of 56. If you work this out, it gives a total number of keys for DES to be almost 72,000,000,000,000,000. 15 zeros is referred to as a quadrillion.

DES has probably been subjected to more cryptanalysis than any other encryption method in history, but yet, no practical holes have been found in the algorithm itself. In other words, the 16 steps of substitution and transposition. Arguably, the best attack on DES is brute force to try each possible key one at a time until you find the correct one. In 1977, a 56-bit key was considered an excellent defense. A cryptanalyst without the key possibly would have to try all 56 combinations of 0s and 1s (72 quadrillion possibilities) to find the correct key. Working at one million keys per second, this would take an attacker nearly 1,000 years to try them all.

With the realization of faster computer chips and processors, this requirement has been greatly reduced today. A 1975 computer could try half of the possible DES keys in about 100,000 days, which is almost 300 years. Back in those days, that provided very good security. But over the past quarter century or so, computers have become about 100,000 times more powerful. This pattern of computers becoming stronger is dictated by what is referred to as Moore’s Law, named after the observation made in 1965 by Gordon Moore, co-founder of Intel. His observation was that the number of transistors per square inch on integrated circuits had doubled every year since the integrated circuit was invented.

Moore then predicted that this trend would continue for the foreseeable future. Since then, the pace seems to have slowed a bit, but data density has doubled approximately every 18 months, and this is arguably the current definition of Moore’s Law.

In reference to DES, the pattern is clear. If you need a strong cryptographic method, DES does not provide it anymore as it only provides 56 bits of strength. Other algorithms have been developed that have longer bit support and, therefore, larger key space.

Double-DES (2DES)

As we’ve seen, the main problem with DES is that the key is too short to provide adequate protection against brute force attacks. Increasing the key length is an effective defense against a brute force attack. Ways to improve the DES algorithm’s resistance to a brute force attack have been developed by the industry. These efforts are referred to as Double DES and Triple DES.

Double-DES refers to the use of two DES encryptions with two separate keys, effectively doubling the size of the DES key from 56 bits to 112 bits. This dramatic increase in key size much more than doubles the strength of the cipher. Each increase of a single bit effectively doubles the number of keys in the keyspace. This means that a 57-bit key space is twice as large as a 56-bit key space. A 58-bit key is four times as big, etc. This would seem like a vast improvement in strength against brute force; however, there is an attack on Double-DES that reduces its effective number of keys to about the same number in DES. This attack is known as the meet-in-the-middle attack, and it reduces the strength of Double-DES to almost the same as DES.

Symmetric Algorithms

A very effective attack against double DES is based on doing a brute force attack against known plaintext. This attack is known as the meet- in-the-middle attack. The attacker would encrypt the plaintext using all possible keys and create a table containing all possible results. This intermediate cipher is referred to as “m” for this discussion. This would mean encrypting using all 2 to the power of 56 possible keys. The table would then be sorted according to the values of “m.” The attacker would then decrypt the ciphertext using all possible keys until he found a match with the value of “m.” This would result in a true strength of double DES of approximately 2 to the power of 57 (twice the strength of DES but not strong enough to be considered effective) instead of the 2 to the power of 112 as originally hoped.

Triple DES (3DES)

The defeat of double DES resulted in the adoption of another improvement in how the DES algorithm could be modified to stand up better against brute force attacks. This improvement is known as Triple DES. Triple DES is much more secure, so much so that although attacks on it have been proposed, the data requirements of these have made them impractical. With Triple DES, there are three DES encryptions with either three or two different and separate keys that are used. Managing three keys is more difficult, thus, many implementations will use the two-key method that reduces the key management requirement. The various ways of using Triple DES include the following:

  • DES-EEE3: three DES encryptions with three different keys
  • DES-EDE3: three DES operations in the sequence encrypt- decrypt-encrypt with three different keys
  • DES-EEE2 and DES-EDE2: same as the previous formats except that the first and third operations use the same key

Follow Us
https://www.facebook.com/INF0SAVVY
https://www.linkedin.com/company/14639279/admin/