CS204 GDB1 Solution and discussion

zaasmi

Graded Discussion Board
Semester: Spring 2019
Cyber Law – CS204

Topic: Cryptography
Scenario

Let us consider that a security company has around 400 employees exchanging valuable sensitive information everyday through internet between offices stationed at Karachi and Islamabad.

Mohammad Ali is an IT Manager who oversees the overall IT infrastructure and is responsible for implementing the security measures and policies to guarantee the delivery of the messages safely so that no one can breach the confidential information.

To achieve Privacy and high security normally the information is encrypted using symmetric and asymmetric encryptions, however there are some advantages and disadvantages of using both techniques in the above scenario.

Point of Discussion:

If you are asked to choose the best encryption technique (i.e. Symmetric or asymmetric) in the above scenario then what will be your choice? Support your answer with solid reasons considering the pros and cons of both techniques.

Best of Luck !

zaasmi

Actually, it’s difficult to compare the cryptographic strengths of symmetric and asymmetric key encryptions. Even though asymmetric key lengths are generally much longer (e.g. 1024 and 2048) than symmetric key lengths (e.g. 128 and 256), it doesn’t, for example, necessarily follow that a file encrypted with a 2048-bit RSA key (an asymmetric key) is already tougher to crack than a file encrypted with a 256-bit AES key (a symmetric key).

Instead, it would be more appropriate to compare asymmetric and symmetric encryptions on the basis of two properties:

Their computational requirements, and

Their ease of distribution

Symmetric key encryption doesn’t require as many CPU cycles as asymmetric key encryption, so you can say it’s generally faster. Thus, when it comes to speed, symmetric trumps asymmetric. However, symmetric keys have a major disadvantage especially if you’re going to use them for securing file transfers.

Because the same key has to be used for encryption and decryption, you will need to find a way to get the key to your recipient if he doesn’t have it yet. Otherwise, your recipient won’t be able to decrypt the files you send him. However way you do it, it has to be done in a secure manner or else anyone who gets a hold of that key can simply intercept your encrypted file and decrypt it with the key.

The issue of key distribution becomes even more pronounced in a file transfer environment, which can involve a large number of users and likely distributed over a vast geographical area. Some users, most of whom you may never have met, might even be located halfway around the world. Distributing a symmetric key in a secure manner to each of these users would be nearly impossible.

Asymmetric key encryption doesn’t have this problem. For as long as you keep your private key secret, no one would be able to decrypt your encrypted file. So you can easily distribute the corresponding public key without worrying about who gets a hold of it (well, actually, there are spoofing attacks on public keys but that’s for another story). Anyone who holds a copy of that public key can encrypt a file prior to uploading to your server. Then once the file gets uploaded, you can decrypt it with your private key.

zaasmi

When it comes to encryption, the latest schemes may necessarily the best fit. You should always use the encryption algorithm that is right for the task at hand. In fact, as cryptography takes a new shift, new algorithms are being developed in a bid to catch up with the eavesdroppers and secure information to enhance confidentiality. Hackers are bound to make it tough for experts in the coming years, thus expect more from the cryptographic community!

moaaz

Difference Between Symmetric and Asymmetric Encryption

Symmetric encryption uses a single key that needs to be shared among the people who need to receive the message while asymmetrical encryption uses a pair of public key and a private key to encrypt and decrypt messages when communicating.
Symmetric encryption is an old technique while asymmetric encryption is relatively new.
Asymmetric encryption was introduced to complement the inherent problem of the need to share the key in symmetrical encryption model, eliminating the need to share the key by using a pair of public-private keys.
Asymmetric encryption takes relatively more time than the symmetric encryption.

Khuram Shahzad

File transfer systems normally use hybrid cryptosystems, i.e. a combination of symmetric and asymmetric key encryption, to provide secure file transfers. Symmetric keys facilitate faster file encryptions, while asymmetric keys simplify the key distribution process.