Symmetric Encryption Algorithms
A Symmetric encryption algorithm is an encryption method that uses one key to encrypt and then decrypt the data or message. Since this is a secret or private key, the parties communicating using symmetric encryption algorithms must securely exchange the key. Symmetric encryption algorithms are in sharp contrast to asymmetric encryption algorithms, which rely on using one private key, and one public key to encrypt and then decrypt the information.
In general, this characterizes the differences between symmetric and asymmetric encryption algorithms:
- Symmetric key encryption algorithms have a key length of 128 or 256 bits. Asymmetric encryption algorithms have a key length of 2048 (RSA) or higher.
- The symmetric encryption algorithms include AES, DES, 3DES, and RC4. The algorithms that use asymmetric encryption are RSA and Diffie-Hellman.
- Symmetric encryption algorithms are generally used to send large amounts of data. In contrast, asymmetric encryption algorithms are used to send small pieces of data.
- Symmetric encryption algorithms are not resource intensive, at least not when compared to asymmetric encryption algorithms, which generally consume more compute and network resources.
- Symmetric encryption algorithms use one (1) key for encryption and decryption – it is the same key. On the other hand, asymmetric encryption algorithms require two (2) keys – one for encryption and another for decryption.
- Symmetric encryption has been around for some time. However, asymmetric encryption is a more recent vintage and can perhaps better address some of the problems organizations face today.
- Finally, symmetric encryption is generally fast when compared to asymmetric encryption.
Since the key is secret, once a symmetric encryption algorithm encrypts the data, it cannot be seen by any party that does not have the key. However, if the receiving party has the key, they can decrypt the data or message into an easily consumable form. Secret keys range from short, straightforward keys to long, randomized strings of numbers and characters. Software algorithms may automatically generate randomized strings.
There are two basic types of symmetric encryption algorithms. They include block algorithms and stream algorithms. Block symmetric encryption algorithms used a fixed-length group of bits called blocks. Stream symmetric encryption algorithms encrypt data or messages as it streams by instead of retaining the data in memory. A stream algorithm combines plaintext digits with a pseudo-randomized cipher digit stream. Each plaintext digit is then encrypted sequentially with the corresponding digit of the keystream to, in turn, produce a digital of the ciphertext stream.
There are many examples of symmetric encryption algorithms, which include:
- Blowfish (Drop-in replacement for DES or IDEA) – block cipher
- IDEA (International Data Encryption Algorithm) – block cipher
- AES (Advanced Encryption Standard) – block cipher
- DES (Data Encryption Standard) – stream cipher
- RC6 (Rivest Cipher 6) – block cipher
- RC5 (Rivest Cipher 5) – block cipher
- RC4 (Rivest Cipher 4) – stream cipher
DES was widely used for years but eventually fell out of favor as it provided insufficient protection against decryption attacks using modern, powerful computers. However, 3DES is still used in EMV chip cards, where its use is mandatory globally for support in creating unique EMV transaction cryptograms. EMV chips are the square-shaped computer chips that appear on debit, credit, and prepaid cards to help safeguard them against fraud. In addition, transaction cryptograms help protect against replay attacks and help to validate the clarity of the EMV transaction data.
AES is the most commonly used symmetric algorithm. AES was known initially as Rijndael. AES is a close variant of the Rijndael block cipher, originally conceived by Joan Daemen and Vincent Rijmen and submitted to the U.S. National Institute of Standards and Technology (NIST) during the AES selection process.
AES ultimately became the standard NIST adopted in 2001 for the encryption of electronic data as specified in FIPS PUB 197. AES essentially replaced DES, which had been in use since the 70s. The selected AES cipher has a block size of 128 bits. AES can also be used with three key lengths, as specified for AES-128, AES-192, and AES-256.
Today, especially for encrypting large amounts of data, such as in a database, symmetric encryption algorithms are faster and more resource efficient than asymmetric encryption algorithms. On the other hand, asymmetric encryption algorithms can create performance issues within the network and the CPU. For this reason, symmetric encryption algorithms are efficient for banking and financial payment applications and protect the sensitive data they contain.
There are a few challenges with symmetric encryption algorithms that require management. One of them is key exhaustion. As keys are used, there is potential to leak information that may be obtained by a threat actor and then used to determine the exact structure of the symmetric key. Key management procedures rely on the rotation of keys, which can help ensure that keys are not overused and depend on the cycle of keys. Attribution data is also a problem. Symmetric encryption algorithms don’t carry the metadata to record information such as an expiration date. An ANSI standard (X9-31) has helped to address this issue.
Key management can quickly outgrow a spreadsheet or process wrapped around manual activity. Once the number of keys begins to scale, key management can become a significant problem. Purpose-designed software is available to help with key issuance and life cycle management. The strength of a symmetric encryption algorithm is also critical. The strength of such an algorithm depends on the randomness and length of the symmetric key, amongst other factors.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.