Symmetric Cryptography

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Hello. We talked about
00:00
the basic elements of cryptography,
00:00
and in the last section we talked about algorithms.
00:00
We said that algorithms are
00:00
the math functions that are used to provide
00:00
the substitution from plaintext to ciphertext,
00:00
and then we said an algorithm
00:00
>> has to be used with the key
00:00
>> because a key provides
00:00
the instructions on how to
00:00
use the mouth of the algorithm.
00:00
Now we're going to talk about two different types of
00:00
cryptography: symmetric and asymmetric.,
00:00
and these terms refer to the key that is used.
00:00
It has to do with what key is,
00:00
how you get the key, and how you
00:00
use the key, and so forth.
00:00
The first type we're going to talk
00:00
about is symmetric cryptography.
00:00
With symmetric cryptography,
00:00
the same key is used by both parties.
00:00
Encrypt data with that key and when you get it,
00:00
you have to decrypt it with the same key.
00:00
It's like your house key you, use it to
00:00
lock the door and unlock the door.
00:00
Now let's take a look at some of
00:00
the drawbacks to symmetric cryptography.
00:00
It's really important with symmetric cryptography that
00:00
we find a way to securely distribute the keys.
00:00
Let's say I need a person to watch my dogs
00:00
this weekend and you offer to do it.
00:00
I have two puppies and a 14-year-old dog.
00:00
As you can imagine the 14-year-old dog
00:00
is not amused by the puppies at all,
00:00
but anyway the problem is that I
00:00
need to find a way to give my house key to you.
00:00
I could hide it under my little garden or
00:00
my front porch, but that's not secure.
00:00
How can I get it to you in a secure fashion?
00:00
The most secure way is to walk
00:00
over and give it to you in-person,
00:00
but that's not practical.
00:00
Since I will be giving you the key in
00:00
a different environment that are normal communications,
00:00
we call this an out-of-band key distribution.
00:00
That's one of the downsides of symmetric cryptography.
00:00
Symmetric cryptography is usually
00:00
pretty easy to understand
00:00
because most of the logs we work with in
00:00
our lives use symmetric cryptography.
00:00
The hardest thing about symmetric cryptography
00:00
is to remember all the different names it can go by;
00:00
secret key, private key,
00:00
shared key, or in some cases session key.
00:00
Now going back to my need for a dog walker, Let's see,
00:00
I've chosen one person to walk my dogs,
00:00
and let's see that I do find a way to
00:00
get that person the key security.
00:00
As long as we're both trustworthy, it can work.
00:00
Next, let's say we decide
00:00
we're going to join in dogs and in club,
00:00
and at any given moment you could ask one of
00:00
us to come over that evening and walk your dogs.
00:00
They would be able to do it because we are
00:00
all going to share our house keys.
00:00
Everyone would have everyone's house key.
00:00
Can you imagine how many
00:00
keys we would have to keep up with?
00:00
That's just not possible, that's crazy.
00:00
Well, that's the second problem
00:00
is symmetric cryptography.
00:00
As your numbers increase you need a key for
00:00
each communication channel but
00:00
also they need a key for each communication channel,
00:00
so this is not a solution that scales well.
00:00
Then the other problem with
00:00
symmetric cryptography is that
00:00
it does not provide non repudiation.
00:00
Remember when we talked about pain and
00:00
the security services you want with
00:00
cryptography: privacy,
00:00
authenticity, integrity, and non-repudiation,
00:00
we said that those are security systems
00:00
that we want with cryptography.
00:00
Well, the only one of those services that you get
00:00
with symmetric cryptography is privacy.
00:00
There is nothing that guarantees
00:00
non-repudiation because the key is shared.
00:00
If you and I share a key to
00:00
some data and that data gets leaked to media,
00:00
I can only say that you leaked
00:00
it because we both share the same key.
00:00
Or as another example,
00:00
if you and I share a locker
00:00
>> in the back of the classroom
00:00
>> and one of us leaves a [inaudible] damage
00:00
in the locker over the weekend,
00:00
even though we all know it was me I could
00:00
see it was you because we share the same logger.
00:00
With all the issues in symmetric cryptography,
00:00
why do we even talk about it?
00:00
Because it's fast.
00:00
We want speed, so just put
00:00
it in the back of your mind for future use
00:00
that we want to send bulk data with
00:00
symmetric cryptography due to its speed.
Up Next