Cryptology or the science of encryption relates to the rapid and efficient transmission of

information, while protecting and maintain its verification. Encryption is the process that
occurs when data is passed through a mathematical operation resulting in an alternative
form of the original message (Whiteman and Mattord). This mathematical operation is known
as an algorithm; a programmatic process in which an unencrypted message is converted
into an encrypted sequence of bits, representing the original message. Encryption is also
known as cryptology and involves two processes.
1. Cryptography
- This process involves the use of keys or codes to ensure a secure method of
information
- A key can be described as a bit string consisting of a variable amount of bits.
When used in conjunction with an algorithm a message can be either encrypted
or decrypted.
- A key can be either a bit or a passphrase used by humans, which in turn is
converted into the series of bits understood by the computer program.
2. Cryptanalysis
Involves translating the cipher-text (encrypted) back to its plain-text (original
message), regardless of the algorithms or keys used to encrypt the message.
The value that information offers to a company relies on the characteristics that it possesses.
For Blue Steel, their main concern is the confidentiality and integrity of the information
passed through their communication channels.
-

Confidentiality
o Information is said to have confidentiality either when it has not been
disclosed to unauthorized individuals, while in transmission or when in
storage.
Integrity
o Information is described to have integrity when it is whole, uncorrupted
and complete. Integrity is compromised when there is a disruption to its
authentic state. When users cannot verify the integrity of information, then
that information becomes useless or has no value, sine information
integrity forms the cornerstone of all information systems.

In addition, there is another technique that is often incorporated into encryption process is
the hash function. This refers to a mathematical algorithm, which creates a fingerprint, or
message summary confirming the identity of a specific message and that there has been no
changes to the message during the transmission. Although no cipher-text is created, a hash
function ensures both integrity and message identity of the information.
Cryptographic Algorithms
There are two broad categories exist, namely symmetric and asymmetric algorithms. The
key types used for encryption and decryption distinguish both methods.

1. Symmetric Encryption / Private Key Encryption

This method of encryption involves a joint key being shared between the two parties
involved. As a result a single key is used to encrypt and decrypt the message, which means
both parties involved need to know the shared key before communication between them can
occur. This exclusive knowledge allows a secure and private communication channel to
occur between the two parties, without a third person listening in or attempting to tamper
with the message being transmitted.

Figure One: Symmetric Encryption

Since the use of just one encrypting and decrypting key is used, this makes the symmetric
method quite popular as well as a simple process to follow through. Moreover, the two
parties involved are using the same known encryption algorithm, resulting in no need to
create and exchange a secret algorithm. Security of the message transmission depends on
the key length. As only authorized persons are allowed to decrypt and read the message,
this reduces the overall problem of protecting the information, but rather protecting the share
key. Symmetric encryption is also known as private key encryption, as it provides
confidentiality to the information, as only authorized individuals would have access to it.
One of the limitations of this method is that the shared key needs to be agreed upon by both
the sender and receiver of the encrypted message. If multiple persons are set to receive an
encrypted message from one person, then multiple shared keys must be created, resulting in
one shared key for each receiver. This also makes maintain and management of symmetric
keys problematic. The key exchange is also a difficult process because this in itself needs to
be secure to avoid compromising the share knowledge of the key. Since the private key is
shared, its authenticity of receipt or origin cannot always be proven.
2. Asymmetric Encryption / Public Key Encryption
This method of encryption relies on public key technology and has created a new inroad in
modern cryptography. Asymmetric encryption employs the use of two different but related
keys. One key is used to encrypt the message while the other is used to decrypt the
message. The pair of keys used consists of a public key and a private key. The sender can
publish their public key, making it available to whoever wishes to send them an encrypted
message. And if this key is intercepted by a third party, all they can do is create and
encrypted message for the sender, and not decrypt any message meant for the sender. As a
result knowing just one half of the pair does not allow you to compute the other key. On the
other hand, the private key is only known to by the person, to whom it belongs, allowing only
that person to decrypt the message. Thus the use of these two keys extends the publics
ability to encrypt a message, but ensures that decryption can only occur by the owner of the

private key. As result, this is the primary difference between symmetric and asymmetric
encryption.

Figure Two: Asymmetric Encryption

Asymmetric encryption helps to ensure confidentiality as well as integrity since only the
corresponding keys can be used to encrypt and decrypt the message. In addition, there is no
need to send the public key through a secure medium as this is not used to decrypt the
message. This encryption method is often used in ecommerce transactions, since
verification as well as non-repudiation of a consumers information can be assured. In
addition, the establishment of a secure communication channel can exist without the
exchange of keys.
Since this encryption method is relatively new in comparison to symmetric method, it lacks
history of use. The algorithms used in this encryption are considered to be slower than that
of symmetric algorithms, therefore rarely used in bulk messaging or piece by piece message
occurs.
Comparison of Encryption Methods
In some instance asymmetric encryption presents greater functionality as opposed to
symmetric, but there are applications in which symmetric encryption performs the
information transmission more securely and efficient, availing itself as the better option.
Moreover, symmetric encryption is a far more cost effective measure due to the technology
employed.

Symmetric
Functionality

Computational

Asymmetric

When in a closed environment, involving Creates a far better sense of

two parties an efficient communication security
between
the
channel can occur
communicating
persons,
which
otherwise is not possible
Uses relatively simple process to Computation of encryption is

Efficiency

encrypt or decrypt, resulting in a faster relatively slower, since a more

and efficient method
complex process is used
Employs the use of 128 bit keys and Key size is at least 1000 bits, which
considered to be secure
is used to attain adequate security
Since comprises of a relatively simple More powerful equipment required
operation,
inexpensive
equipment due to the nature of the complex
required
algorithms implemented
Security is derived from the key size used in conjunction with the algorithms
strength. Since a high-quality algorithm exists for both methods, an effective
key size depends on the encryption method used

Key Size
Hardware

Security

Advice to Blue Steel

-

Asymmetric encryptions advantage is the functionality it offers. This method

creates security in a manner which symmetric encryption cannot.
However for this added sense of security, there is an increased cost associated
as well as computational competence.
Symmetric encryption is a more cost efficient and effective alternative without
compromising data security. Often regarded as a correct and appropriate
solution.
To be able to enjoy the benefits associated with both methods, Blue Steel could
look at the option of employing a hybrid encryption incorporating asymmetric and
symmetric techniques.
o Encrypted a message using a symmetric key that is only used for this
specific transmission
o Using the public key associated to the recipients private key, encrypt the
symmetric key
o Send both the encrypted key and message to the recipient, who can
decrypt the symmetric key via their private key. This then allows them to
decrypt the message.
The above suggestion would provide an advantage of the asymmetric set up with
the efficiency of symmetric encryption.

Types of Cryptographic Attacks

Such attacks are designed to weaken the security strength of an algorithm, in an attempt to
decrypt the message without the access to the decrypting key. An encryption system can be
compromised in one of three ways:
-

Weakness through the algorithm being used

Use of brute force against the encryption key
Vulnerabilities in the surrounding system

Below are just a few methods of attack:

1. Cipher-text Only Attack
Such an attack occurs when there is access to the encrypted message / cipher-text but not
to the equivalent plain-text. Utilizing a simple cipher such as the Caesar Cipher in
combination with frequency analysis the message can be decrypted.

2. Known Plain-text Attack

When a cryptanalysis has knowledge of the original, plain-text as well as the equivalent
encrypted message, they can use this information to ascertain any correlation between the
two.
3. Chosen Plain-text Attack
This occurs when a person can encrypt a message of their own choice and scrutinize the
resultant cipher-text created. This attack is most common against the asymmetric encryption
as the public key used to encrypt a message is known to the public.
4. Chosen Cipher-text Attack
Similarly to the above, only in this the cipher-text is chosen for analysis and attempts are
made to find its corresponding plain-text by searching for matching publicly known plain-text
data.
5. Adaptive Chosen Cipher-text and Plain-Text Attack
Based on prior attacks on a system, the cryptanalysis chooses the plain-text or cipher-text
accordingly.
6. Side Channel Attack
In the above mentioned attacks, it is assumed that either the plain-text or cipher-text is
known. However in this attack, the additional information relating to the physical
implementation of an algorithm is used to decrypt or encrypt the message. Such information
includes calculation performance time, voltage used etc.
7. Brute Force Attack
This is a systematic attempt of every key possible. Used mostly during plain-text cipher-text
attacks.
8. Meet-in-the-Middle Attack
Occurs when multiple keys are used for encryption. Similar to known plain-text attack as you
have access to both cipher-text and plain-text.

Reference List
Aladdin (2000), The Enduring Value of Symmetric Encryption. www.eAladdin.com (white
paper)
Bauchle, Robert, 19 May 2010, What is Encryption?
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212062,00.html
Accessed: 30 August 2010
Bellare, Mihir and Rogaway, Phillip (2005) Introduction to Modern Cryptography. California,
University of California
Cobb, Michael, 30 March 2010, What are the differences between symmetric and
asymmetric encryption algorithms?
http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1516
979,00.html
Accessed: 27 August 2010
Eisenbarth, T., Paar, C., Poshmann, A., Kumar, S., Uhsadel, L., (2007). A survey of
lightweight cryptography implementations, IEEE Design and Test for Computers, Vol. 11/12
(www.computer.org.csdl)
Hazen, Fred, May 2007, Encryption
http://www.cs.umbc.edu/~wyvern/ta/encryption.html
Accessed: 30 August 2010
KetuFile
White
Paper
(www.scholar.google.co.za)

(2004),

Symmetric

vs.

Asymmetric

Encryption

Midnightauthor, 20 May 2010, A Comparison of Symmetric Key and Asymmetric Key

Encryption Methods
http://webupon.com/security/a-comparison-of-symmetric-key-and-asymmetric-keyencryption-methods/
Accessed: 27 August 2010
Muller, Mark, 29 July 2010, Types of Encryption: Symmetric Encryption and Asymmetric
Encryption
http://www.brighthub.com/computing/smb-security/articles/53266.aspx
Accessed: 27 August 2010
ProProfs.com, 2007, Symmetric Key Cryptography
http://www.proprofs.com/mwiki/index.php/Symmetric_Key_Cryptography#Symmetric_v._Asy
mmetric
Accessed: 27 August 2010
Simmons, G. J. (1979). Symmetric and Asymmetric Encryption, Computer Surveys, Vol.
11, Number 4 (www.scholar.google.co.za)
Whitman, Michael, E. and Herbert J. Mattord. Principles of Information Security. 3rd edition.
Boston, Course Technology, 2009