Understanding Data Confidentiality In Cybersecurity
Understanding Data Confidentiality In Cybersecurity
The figure highlights some differences between symmetric and asymmetric encryption.
Symmetric Encryption
Symmetric Encryption Example
Symmetric Encryption Algorithms  Description 

Data Encryption Standard (DES)  This is a legacy symmetric encryption algorithm. It uses a short key length that makes it insecure for most current uses. 
3DES (Triple DES)  The is the replacement for DES and repeats the DES algorithm process three times. It should be avoided if possible as it is scheduled to be retired in 2023. If implemented, use very short key lifetimes. 
Advanced Encryption Standard (AES)  AES is a popular and recommended symmetric encryption algorithm. It offers combinations of 128, 192, or 256bit keys to encrypt 128, 192, or 256 bitlong data blocks. 
SoftwareOptimized Encryption Algorithm (SEAL)  SEAL is a faster alternative symmetric encryption algorithm to AES. SEAL is a stream cypher that uses a 160bit encryption key and has a lower impact on the CPU compared to other softwarebased algorithms. 
Rivest ciphers (RC) series algorithms  This algorithm was developed by Ron Rivest. Several variations have been developed, but RC4 was the most prevalent in use. RC4 is a stream cypher that was used to secure web traffic. It has been found to have multiple vulnerabilities which have made it insecure. RC4 should not be used. 
Asymmetric Encryption
Asymmetric Encryption Example
Examples of protocols that use asymmetric key algorithms include:
 Internet Key Exchange (IKE) – This is a fundamental component of IPsec VPNs.
 Secure Socket Layer (SSL) – This is now implemented as IETF standard Transport Layer Security (TLS).
 Secure Shell (SSH) – This protocol provides a secure remote access connection to network devices.
 Pretty Good Privacy (PGP) – This computer program provides cryptographic privacy and authentication. It is often used to increase the security of email communications.
Asymmetric algorithms are substantially slower than symmetric algorithms. Their design is based on computational problems, such as factoring extremely large numbers or computing discrete logarithms of extremely large numbers.
Because they are slow, asymmetric algorithms are typically used in lowvolume cryptographic mechanisms, such as digital signatures and key exchange. However, the key management of asymmetric algorithms tends to be simpler than symmetric algorithms, because usually one of the two encryption or decryption keys can be made public.
Common examples of asymmetric encryption algorithms are described in the table.
Asymmetric Encryption Algorithm  Key Length  Description 

DiffieHellman (DH)  512, 1024, 2048, 3072, 4096  The DiffieHellman algorithm allows two parties to agree on a key that they can use to encrypt messages they want to send to each other. The security of this algorithm depends on the assumption that it is easy to raise a number to a certain power, but difficult to compute which power was used given the number and the outcome. 
Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA)  512 – 1024  DSS specifies DSA as the algorithm for digital signatures. DSA is a public key algorithm based on the ElGamal signature scheme. Signature creation speed is similar to RSA, but is 10 to 40 times slower for verification. 
Rivest, Shamir, and Adleman encryption algorithms (RSA)  512 to 2048  RSA is for publickey cryptography that is based on the current difficulty of factoring very large numbers. It is the first algorithm known to be suitable for signing, as well as encryption. It is widely used in electronic commerce protocols and is believed to be secure given sufficiently long keys and the use of uptodate implementations. 
EIGamal  512 – 1024  An asymmetric key encryption algorithm for publickey cryptography which is based on the DiffieHellman key agreement. A disadvantage of the ElGamal system is that the encrypted message becomes very big, about twice the size of the original message and for this reason it is only used for small messages such as secret keys. 
Elliptic curve techniques  224 or higher  Elliptic curve cryptography can be used to adapt many cryptographic algorithms, such as DiffieHellman or ElGamal. The main advantage of elliptic curve cryptography is that the keys can be much smaller. 
Asymmetric Encryption – Confidentiality
The process can be summarized using the formula:
When the public key is used to encrypt the data, the private key must be used to decrypt the data. Only one host has a private key; therefore, confidentiality is achieved.
Asymmetric Encryption – Authentication
The process can be summarized using the formula:
When the private key is used to encrypt the data, the corresponding public key must be used to decrypt the data. Because only one host has the private key, only that host could have encrypted the message, providing authentication of the sender. Typically, no attempt is made to preserve the secrecy of the public key, so any number of hosts can decrypt the message. When a host successfully decrypts a message using a public key, it is trusted that the private key encrypted the message, which verifies who the sender is. This is a form of authentication.
Asymmetric Encryption – Integrity
The following example will be used to illustrate this process. In this example, a message will be ciphered using Bob’s public key and a ciphered hash will be encrypted using Alice’s private key to provide confidentiality, authenticity, and integrity.
DiffieHellman
Here are two examples of instances when DH is commonly used:
 Data is exchanged using an IPsec VPN
 SSH data is exchanged
To help illustrate how DH operates, refer to the figure.
 DH Group 1: 768 bits
 DH Group 2: 1024 bits
 DH Group 5: 1536 bits
 DH Group 14: 2048 bits
 DH Group 15: 3072 bits
 DH Group 16: 4096 bits
Note: A DH key agreement can also be based on elliptic curve cryptography. DH groups 19, 20, and 24, which are based on elliptic curve cryptography, are also supported by Cisco IOS Software.
Unfortunately, asymmetric key systems are extremely slow for any sort of bulk encryption. This is why it is common to encrypt the bulk of the traffic using a symmetric algorithm, such as 3DES or AES and use the DH algorithm to create keys that will be used by the encryption algorithm.
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Fact Check Policy
CRMNIGERIA is committed to factchecking in a fair, transparent and nonpartisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.
