Cryptosystems

0
36

A cryptosystem is a system that implements cryptographic techniques and the infrastructure necessary to provide security services. A cryptosystem can also be called an encryption system.

Let’s look at a basic model of a cryptosystem which provides confidentiality for the information being transmitted. The illustration below shows the basic model.

This illustration shows a sender who wishes to transmit sensitive data to a recipient in such a manner that no one can intercept or eavesdrop on the communication channel.

This simple cryptosystem has the goal of ensuring that only the sender (or receiver) will be able to see the plaintext at the end.

The components of a cryptosystem

These are the components of a basic cryptosystem:

  • Plaintext. This is the data that must be transmitted with security.
  • Encryption algorithm. This is a mathematical process that generates a ciphertext from any given plaintext or encryption key. It is a cryptographic algorithm which takes plaintext and an encrypted key as input and creates a ciphertext.
  • Ciphertext. This is the scrambled text produced by an encryption algorithm that uses a particular encryption key. The ciphertext can be accessed by anyone. It is freely available on the public channel. Anyone with access to the communication channel can intercept or compromise it.
  • The Decryption Algorithm is a mathematical process that generates a unique plaintext from any given decryption key and ciphertext. It is a cryptographic algorithm which takes a ciphertext as input and outputs it as a plaintext. The decryption algorithm is essentially the reverse of encryption and is therefore closely related to it.
  • Encryption key. This value is known by the sender. To compute the ciphertext, the sender enters the encryption key and plaintext into the encryption algorithm.
  • The Decryption key. This value is known by the receiver. Although the decryption keys are related to encryption keys, they may not be identical. To compute the plaintext, the receiver enters the decryption keys into the decryption algorithm together with the ciphertext.

A key space is a collection of all possible decryption keys for a cryptosystem.

An attacker is an unauthorized entity that attempts to decrypt the plaintext. He may be able to see the ciphertext, and possibly know the decryption algorithm. However, he must not know the decryption keys.

Different types of cryptosystems

Fundamentally, there are two types of cryptosystems based on the manner in which encryption-decryption is carried out in the system –

  • Symmetric Key Encryption
  • Asymmetric Key Encryption

These cryptosystems differ in the way they relate to the encryption key and decryption keys. Logically speaking, the keys of any cryptosystem are closely related. It is virtually impossible to decrypt the encrypted ciphertext using a key that is not related to the encryption key.

Symmetric Key Encryption

Symmetric Key Encryption is an encryption process in which identical keys are used to encrypt and decrypt the information.

Symmetric cryptography is the term used to describe the study of symmetric cryptosystems. Sometimes, symmetric cryptosystems are also known as secret-key cryptosystems.

Some well-known examples of symmetric key encryption methods include Digital Encryption Standard, Triple-DES (3DES), IDEA and BLOWFISH.

All cryptosystems used symmetric key encryption before 1970. It is still used in numerous cryptosystems today. This encryption is unlikely to disappear, since it offers certain advantages over asymmetric keys encryption.

These are the key features of cryptosystems based on symmetric keys encryption:

  • Before a symmetric key encryption can be used, all parties must have a common key.
  • It is recommended that keys be replaced regularly in order to avoid any attacks on the system.
  • It is necessary to have a robust mechanism to allow key exchange between communicating parties. This mechanism is costly and cumbersome because keys must be regularly changed.
  • To enable two-party communication between two people in a group of n persons, the required number of keys for this group is n x (n-1)/2.
  • Length of Key (number of bits) in this encryption is smaller and hence, process of encryption-decryption is faster than asymmetric key encryption.
  • The processing power required for symmetric algorithms is lower.

Symmetric Key Cryptosystem: Challenge

Two limitations exist when using symmetric key cryptography.

  • Key establishment Before sending any communication, both sender and receiver must agree to a secret symmetrical key. This requires the use of a secure key establishment system.
  • Trust Issue- Because the sender uses the same symmetric key as the receiver, it is implicit that both the receiver and sender ‘trust each other. It could happen, for example, that an attacker has stolen the key from the receiver and the sender is unaware.

These two issues are extremely restrictive for modern communication. People today need to share information with strangers and untrusted parties. A communication between an online seller and customer is one example. These limitations led to the development of asymmetric key encryption.

Asymmetric Key Encryption

Asymmetric Key Encryption is a method of encryption where different keys can be used to encrypt and decrypt the information. Although the keys may be different, mathematically they are related so it is possible to retrieve the plaintext through decrypting the ciphertext. This illustration illustrates the process.

Public Key Cryptosystem Challenge

One of the major challenges with public-key cryptosystems is that users must trust that the public keys they use to communicate with people are genuine public keys and have not been stolen by malicious third parties.

This is often done through a Public Key Infrastructure, (PKI), which consists of a trusted third party. This third party secures public keys and attests their authenticity. If the third party is asked to provide the public keys for communicating persons X, they can be trusted to do so.

A third party certifies that the user is authentic by notarizing, attesting, or any other process. The easiest way to make the verified public keys accessible is to embed them into a certificate that is digitally signed by a trusted third party.

LEAVE A REPLY

Please enter your comment!
Please enter your name here