Time
12 hours 41 minutes
Difficulty
Advanced
CEU/CPE
13

Video Description

This lesson covers symmetric cryptography. Symmetric cryptography is the easiest to understand and is sometimes known as private key, secret key, shared key or session key cryptography. The idea of symmetric cryptography is that both parties involved in communication share the same key. Symmetric cryptography has some drawbacks, mainly that it lacks authenticity, integrity and non-repudiation. It is not good for large environments as it does not scale well.

Video Transcription

00:04
all right. So as we talk about cryptography is a hole.
00:07
Really? Cryptography comes down. At least cryptography for the sake of encryption comes down into two categories. Symmetric, cryptography and asymmetric symmetric. An asymmetric. So we're gonna talk a little bit about symmetric cryptography first
00:23
and symmetric cryptography is the easiest. Understand? As a matter of fact, the hardest thing to understand about symmetric cryptography,
00:30
all the different names that it can be called because you can call it symmetric cryptography.
00:35
It can also be called private key.
00:38
It could be called secret Keeper.
00:40
He can also be called shared key. And in session keys would also be symmetric cryptography so private and secret seem to go together. But then shared key sings weird in session key. You know the idea behind symmetric cryptography symmetric sane.
00:59
The same key is used by both parties,
01:02
so I'll use a key to encrypt the data. You must have that same key to decrypt it. There's the shared piece you and I share the key that he that in crypts is also the key that secrets. Hey, we gotta keep that key secret in private between the two of us.
01:17
And they're certain types of symmetric keys that are just good for very limited time period. And those are
01:22
session keys. You know, your house uses symmetric cryptography. You leave in the morning, you lock the door with your house key. You coming in the afternoon, you have to have that same house key to unlock it. Otherwise you don't get in. Okay? So the same key is used to encrypt and decrypt,
01:38
very commonly used now with symmetric cryptography. There are two types of symmetric ciphers or algorithms. There are stream ciphers and block cipher, so stream and block
01:53
now, stream ciphers are very fast. They're very efficient algorithms.
01:59
How is her?
02:00
They're generally considered to be not as secure so very fast. They encrypt one bit of data at a time. So boom, boom, boom, boom boom matter fact. You'll see this used in hardware encryption a lot more because of the speed and really to take advantage of the potential for speed, we use hardware and characters.
02:19
The Onley stream cipher I want you to know
02:22
is our C four. That would be the only stream cipher that would come up on this exam.
02:27
So if I ask you is a s. A stream cipher. No. Why? Because it's not our C four.
02:34
What about our C five is our C five a stream cipher? No. You know why? It's not our C four.
02:40
Okay? RC four is the Onley Stream cipher will talk about, at least for modern ciphers. Okay, so, bit by bit encryption.
02:51
Now they're in Addition of extreme ciphers. They're also block ciphers and block ciphers are the ones that I was talking about earlier, where data is chunked into a 64 bit block or 256 minute block, depending on the algorithm, and the entire block goes through a series of math functions. Okay,
03:09
that's much slower, but it's also harder to reverse
03:14
and more secure.
03:15
So you've got the fast stream
03:17
that's not a secure or C four, and then you've got the slower block that is more secure. And a whole lot of algorithms are block ciphers. The two main ones that I want you to think of when you hear block, I want you to think a e s, which is the defector standard today
03:37
and then before that was tripled as,
03:39
um triple does is still around But as I mentioned Fort Erie, processor intensive. Also, Dez was one of the primaries lock side first years ago. But so when I ask you what blood block cipher does blah, blah, blah
03:53
Yes, A s. If you don't know the answer, that because a SS the default standard there is one exception to that, and this could be testable. There is on email application called PGP pretty good privacy. And many of you may have heard of that
04:09
because it is a proprietary email application, it doesn't use the standards it uses instead of 80 s. It uses an algorithm called idea. And I just remember I just think PGP was a good idea. Okay, But any other time, what's the encryption algorithm that curb Rose uses A S?
04:29
What is the encryption algorithm? That s Mom uses a S.
04:32
What about I p set for encryption? What is a s? That's the default standard for most applications. Okay, so let's look at this a little bit more in depth. Let's look at what stream ciphers do now. String side first can substitute bit by bit. They can transpose
04:49
as in shuffle the characters. But another very popular function
04:55
that stream ciphers uses a process called X or and that stands for exclusive or so what happens is a bit of plain text. So we'll say this is plain text up at the top and this is the key or the key stream this line. So a bit of the plain text is match with a bit of the key.
05:15
If the values are the same,
05:17
then the cipher text becomes zero.
05:19
If the values are different, the cipher text becomes one. So these air different cipher text this one different cipher. Texas. One different cipher text this war. If cipher textures want different one, these values air the same zero. These were the same in zero.
05:35
So you can see how very quick this process is. Boom A boom. As long as you know the key,
05:41
you could very quickly produce a cipher text. You can also very quickly decrypt and find the plain text if you have the key as well. So it's very, very quick to encrypt and decrypt
05:51
now block ciphers, and this is very comparable to what I I had on an earlier slide. I have a collection of math functions, and these functions are referred to as
06:01
s boxes, not Xboxes s boxes. That s stands for substitution box. Because at each one of these box, So we chunk are down in the blocks and our blocks, you know, each block goes on this little virtual journey through a series of s boxes and at each s pops,
06:20
some sort of math has performed some sort of substitution.
06:25
Um, how many s boxes air used? What order? The functions come in, that's all driven by the key, right? The key is the instruction on how to use the math. So you've got stream ciphers and block ciphers in the world of symmetric cryptography. Symmetric cryptography
06:44
means saying the same. He is used to encrypt
06:47
and as to decrypt. Now, symmetric cryptography has some problems. Okay, um and you know, this is a good review sheet. Don't forget the other names. That symmetric cryptography goes by Private key, Secret key, shared key, and then also, session keys are symmetrically stuff that will use here but
07:08
gonna move here. That the drawbacks to symmetric cryptography
07:13
if you'll go back to the Caesar cipher. And if you and I were gonna communicate with Caesar cipher If you'll remember, it was just a character shift. Let's shift three characters to the left. But how did I tell you that
07:26
I had to have some means ahead of time to say, Hey, I'm gonna send you a message, take every letter and shifted to the left three characters.
07:34
So how did I get you that secret? And the answer is, I don't know
07:39
somehow.
07:41
But I could not include that as part of the message or as part of the symmetric algorithm. We had to have what's known as out of band Kik. Strange.
07:49
Maybe I hired a courier. Maybe. I told you before he left whatever. But I have to find some other way to exchange the key. There's no easy way for key exchange in symmetric cryptography. And that's a big drawback.
08:03
Because if I could get you a key securely, why didn't I just get you the message? You're right. So we've got this, you know, sort of added effort. We have to put on it the beginning to make sure both parties know the same key.
08:15
The second idea is that symmetric cryptography isn't good for large environments. It doesn't scale. Well,
08:22
um so every party communicating in a symmetric environment has to have a key with every other party. So I've got five people. I've got keys for each of them, but they've got keys for each of all of the others as well. So there's actually well formula you can use to determine how many keys in a symmetric environment.
08:43
So the formula's end times in minus one, divided by two.
08:48
So when we see that But let's say I have five users. So five times five minus 15 times 4 20 divided by two. That means I've got 10 symmetric keys if I add one more person. So now I've got 66 times five minus one,
09:05
uh, six times five
09:07
30 divided by two Now got 15 keys. So as we keep adding individuals, we see the number of keys grow dramatically. It's not good for a very large organization.
09:20
And then the final piece here, If you'll remember, we talked about P A. I in privacy, authenticity, integrity and non repudiation. The Onley security service we get with symmetric cryptography is price.
09:37
Hey, if we securely exchange a key we can get in key is good. The algorithm is good, we can get good privacy.
09:45
But just because information is encrypted with the key that you and I share,
09:50
let's say that that information is leaked to the press.
09:54
It's encrypted with a key that both you and I have.
09:58
So once that information gets out there and weak, you can't trace it back to me or to you specifically because you and I both have the key. You know, like, let's say, um,
10:09
there's a locker in the back, that classroom Both you and I have the key to it.
10:13
Over the weekend, somebody leaves a tuna fish sandwich in that locker.
10:18
You all know it was me. I know it was me. But the fact that you have a key, I can say no, not my fault. This person had the key as well could have been them. So we don't get true authenticity with symmetric cryptography. Any time to party Sharqi. That key really isn't bound to either of their identities.
10:39
All right, we don't get authenticity. We also don't really get integrity,
10:43
you know, Let's say I encrypted message to you and I transmit it when you received that message just because it's encrypted doesn't guarantee that it didn't get corrupted along the way. Encryption in and of itself does not detect modifications,
10:58
so we don't get integrity.
11:00
If I don't get authenticity and I don't get integrity,
11:05
I don't get non repudiation, right, because non repudiation is a combination of the two.
11:09
So have these three major problems with symmetric cryptography we had out of Ban Ki exchange. It's not scalable it on. Lee gives us privacy is a security service. It doesn't give us authenticity, integrity or non repudiation.
11:22
Why in the world would we use it then?
11:24
These are some pretty serious drawbacks.
11:28
Well, the answer is
11:31
symmetric. Cryptography is much, much faster, thousands of times faster than asymmetric cryptography.
11:37
So the idea is, we really wanna use symmetric cryptography for speed, but we've got to find some solutions to all of those issues.
11:48
So that's your cliffhanger. Have you running back for the next module? How in the world that we solve the problems on the screen? Here's a hint. Use asymmetric Redox

Up Next

ISC2 CISSP

Our free online CISSP (8 domains) training covers topics ranging from operations security, telecommunications, network and internet security, access control systems and methodology and business continuity planning.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor