In symmetric encryption, what key does the receiver need in order to decrypt data from a sender?

2.2 SKE-based systems

The SKE approach uses a single key for encryption and decryption. The SKE due to better encryption of data procedures is more complex than the other forms of encryption. The SKE currently in use is Advanced Encryption Standard which is the most standard one as recommended by the National Institute of Standards and Technology. Under the AES system, the most common stream cipher system is RC4 and A5/1.

Li et al. Ref. [61] proposed a mechanism where the hospitals can apply for cloud storages without having their own setup to store electronic medical record information. The health records can be even shared among the hospitals through this platform. The medical personnel can log into the cloud platform and upload the patient's electronic health record in an encrypted manner through SKE. Every patient has a health card which contains an identity seed which is used to generate anonymity information and the key seed is the basic information used to encrypt the information. Therefore, the Electronic Medical Record Number, the identity seed, and serial number for treatment are necessary to access the patient's health records. The Medical Record Number is unique in two different parts to prevent malicious attacks over the patient's health records.

Chen et al. used SKE mechanism to encrypt health record of the patients in normal and emergency situations [62]. In this approach, there can be three types: New Electronic Medical Record Creation, Electronic Medical Record Access, and Emergency Electronic Medical Record Access. In the first type, a patient's health records are stored in an encrypted file format and uploaded into the cloud environment. In the Electronic Medical Record Access, there can be two situations: either the data will be available in the public and private cloud so that the data owner can access it any time and when necessary, the data will be accessible by the hospital only if the data owner gives such permission. In the Emergency Electronic Medical Record Access, the hospital will notify the data owner and immediately decrypt the patient's data at emergency center.

Zhang et al. introduced a functional-based and time-enabled access regulatory protocol that allows effective storing of encrypted EHRs [63]. Their mechanism is also applicable for the less trusted clouds which resolve key distribution–related concerns between users. Their proposed system works on the basis of an algorithmic integration of several access control protocols with hierarchical key control as such only an authorized entity of EHR system is permitted EHR data on basis of their role. Authors developed a dynamic key structure for role-based access and management of EHR data that addresses the privacy issues. Based on performance of access authorizations, the health records are encrypted using SKE. Still, this method is somewhat restricted because it needs an entity to operate in numerous functionalities. Subsequently, users need to acquire and regulate multiple keys, which is an additional burden to users, and thus, it is not a user-friendly system.

7.9.3.1 Symmetric Key Encryption Algorithm

With symmetric key encryption, the source text is encrypted by means of a symmetric key and the scrambled text sent to its destination over the Internet. The scrambled text is decrypted into the original text by means of the same key. To accomplish this, the key and the encryption and decryption algorithms have to be shared between the source and its destination. Until recently, this was the widely used method of encryption. With symmetric key encryption, the source and the destination share a common key. The common key is secret, but the algorithm that encrypts and decrypts is not.

Data Encryption Standard (DES): Data Encryption Standard (DES), one of the usual symmetric key encryption methods, is a modification of the best of the symmetric key methods proposed by the National Institute of Standards and Technology (NIST). Its symmetric key is 56 bits long. When text is encrypted, it is broken into components, each 64 bits long. Every component is scrambled by means of the symmetric key, after which all of the scrambled text is sent to its destination over the Internet. At the destination, the scrambled text is decrypted by means of the same key to produce the original text.

Improved Data Encryption Algorithm (IDEA): The improved data encryption algorithm (IDEA) was invented by James Massey and Xuejia Lai of Switzerland in the 1990s. It is said to be faster and more resistant to hacker attack than DES. However, it has not yet been proved better than DES.

Fast Encryption Algorithm (FEAL): The fast encryption algorithm (FEAL) was invented by NTT, Japan, in 1985. Its key length is 64 bits. The text is broken into 64-bit-long components and each component encrypted and decrypted the same way at source and destination, respectively. The several versions of FEAL (FEAL-4, FEAL-8, FEAL-16, and FEAL-32) differ in the number of times the algorithm is applied. In the case of FEAL-4, for example, the encryption algorithm is applied four times to get the scrambled text.

Symmetric key cryptography

Symmetric ciphers use the same secret key for the encryption and decryption of information. Parties that want to use such a cipher need to agree on the same secret key before using the cipher. For example, the secret can be shared by the parties when they meet in person, or the key can be exchanged using a different security protocol (e.g., using a trusted third party).

A very simple example of symmetric key cryptography is shown in Figure 10-8. The sender shown on the left uses the encryption algorithm to convert the cleartext information into ciphertext (shaded). The encrypted information is sent across the network. On the receiver side on the right, the decryption algorithm uses the same secret key to decrypt the ciphertext back into plaintext. This illustration does not show practical considerations for secure network protocols (e.g., packets need a cleartext IP header to be handled by the network).

A very important aspect of this (and any other) encryption and decryption process is that the algorithm used for the process is not secret—only the keys are secret. In fact, most practically used symmetric key algorithms are standardized and well documented. Thus, anyone can program the same encryption and decryption algorithm. This approach to limiting secrecy to key material only is an important principle of security engineering. Kerckhoffs' principle summarizes this idea by stating that a cryptosystem should be secure even if everything about the system, with exception of the secret key, is publicly known. In contrast, developing an encryption/decryption process that relies on secrecy for the algorithm has several disadvantages. First, if any information about the algorithm is leaked, all instances of the system become vulnerable. Second, the lack of public scrutiny of the algorithm in the design phase makes it more likely that there are fundamental flaws in the system not detected by the designers.

Two symmetric key encryption algorithms are widely used in networks. These are:

Data Encryption Standard (DES): The DES encryption algorithm is a “block cipher” that encrypts information in blocks of 64 bits (8 bytes). Using a 56-bit key, DES encrypts each block in 16 identical rounds. Each round operates on alternating 32-bit halves of the block and uses different 48-bit subkeys derived from the original key. The main operation in each round is the substitution of input bits through 8 S-boxes, which perform a nonlinear transformation based on a lookup table. The final step of each round is a permutation of the outputs of the S-boxes. The design of DES allows the same sequence of operations to be used for encryption and decryption. The only difference is that the sequence of subkeys needs to be reversed. DES was published as a U.S. federal standard in 1977. Triple DES, an improvement to DES, was published in 1999. Triple DES uses three encryption steps with different keys to improve the better security. More details on the functionality of these algorithms can be found elsewhere [130].

Advanced Encryption Standard (AES): The AES encryption algorithm is also a block cipher with 128-bit blocks. The block is arranged in a 4 × 4 grid of bytes. There are three variants with key sizes of 128, 192, and 256 bits. Larger key sizes increase the security of the algorithm but require more processing: 128-bit keys use 10 rounds, 192-bit keys use 12 rounds, and 256-bit keys use 14 rounds. In each round, each byte is substituted with another based on a lookup table. Then, the columns of the 4 × 4 grid are shifted cyclically. Next, each column is multiplied with a fixed polynomial. Finally, each byte is combined with the key used in that round. AES was published as a U.S. federal standard in 2001. The algorithm was chosen among numerous competitors through an extensive selection process. One of the concerns when selecting the algorithm was to ensure that it can be implemented efficiently in software and in hardware. The latter allows for high-throughput encryption in systems that need to support high data rates (e.g., network devices). The details of AES are described elsewhere [131].

Symmetric key encryption algorithms are widely used to encrypt data traffic in networks. However, their main limitation lies in the need for a preshared key. In a large-scale network it is impractical to assume that all pairs of end systems have a secret key setup. Therefore, it is necessary to have an additional system for the exchange of keys that can be used by symmetric key algorithms. Asymmetric key cryptography can provide such a key exchange mechanism (as well as other security functions).

Encrypting File System

Supported only on NTFS volumes, Encrypting File System (EFS) has been with us since Windows 2000. Just like BitLocker, EFS also protects against offline attacks. To the end user, EFS is transparent. They still access files just as they did before EFS was implemented, as long as they have the correct decryption key––without it, any files that have been encrypted are impossible to open.

EFS uses a symmetric key encryption along with public key technology in protecting files and folders of the system. Users of EFS are issued a digital certificate with a public and private key pair. It then uses these keys to encrypt and decrypt files for the logged-on user. Files are encrypted using a single symmetrical key. That key is then encrypted twice: once with the user’s EFS public key, and once with the recovery agent’s key to allow for data recovery. Windows Vista includes two new features in its EFS implementation.

The ability to store both user and recovery keys on smart cards

The ability to encrypt pagefile.sys

In our example here, we will encrypt a folder called Finance on our Windows Vista machine. First, we’ll go to the Finance folder, which for our example is located at C:\Finance. Right-click the Finance folder (as shown in Figure 4.33) and select Properties.

Once the properties box for the Finance folder comes up, click the Advanced button on the right (as shown in Figure 4.34).

The Advanced Attributes control box should now appear. Go to the section at the bottom called Compress or Encrypt attributes and put a check mark in the box beside Encrypt contents to secure data (as shown in Figure 4.35).

After you click OK, you will be asked to Confirm Attribute Changes. The option to Apply changes to this folder, subfolders and files should be selected for this example (as shown in Figure 4.36).

Now click OK and you will see Windows Vista applying attributes on the Finance directory. After the encryption is complete, the Finance directory will change to a green color, indicating the folder has indeed been encrypted. More detailed information about EFS can be found at www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx.

Another way we could have encrypted the Finance directory would have been via the cipher command. To accomplish the same results in our example using cipher.exe, you would open a command window and type:

cipher /e /s:C:\Finance

The results are the same regardless of which method you choose.

Best Practices According To Microsoft

Microsoft recommends using both BitLocker and EFS together. BitLocker is able to encrypt all files on the system partition, including the system files, while EFS is able to encrypt volumes that are outside of the system partition, which BitLocker cannot touch. Together they provide a solid solution.

Some Independent Advice

Encrypt the pagefile, this is one of the new features of EFS within Windows Vista. By encrypting it, you make reading the pagefile practically impossible for thieves.

Long-Term Symmetric Keys

The symmetric-key Needham–Schroeder key establishment protocol, which is the main building block of the popular Kerberos system, was first proposed in 1978 [4] and slightly modified in 1987 [5]. In addition to the two parties A and B, there is a trusted server T. A (resp., B) shares a secret long symmetric key KAT (resp., KBT) with T . The protocol we shall describe now is the original version from Ref. [4] (see Fig. e49.3).

Let E denote a symmetric-key encryption algorithm; for any key K, EK is the encryption function obtained from E under key K. Also, M and N will be used to designate nonces. (A nonce is a Number used once. Here, they are strings of some agreed upon length picked randomly.) The protocol runs as follows:

A sends IDA, IDB, NA, to T, where NA is a nonce she picked randomly.

T computes EKAT(NA,KAB,I DB,EKBT(KAB,I DA)) and sends it back to A, where KAB is a key T chooses randomly for A and B. KAB will be the session key.

A decrypts the message received and checks that the identity of her intended partner is correct and that the nonce NA is the one picked previously. If any checks fail, the protocol is aborted. Otherwise, she sends EKBT (KAB,IDA) to B.

B decrypts the received message and discovers the identity of his intended partner IDA. B computes EKAB(IDA,NB) and sends it to A, where NB is a nonce generated randomly.

A decrypts the message received using key KAB, and checks to see if the identity is correct. If it is, she computes EKAB(NB−1), and sends it to B.

Finally, B decrypts the last message received using key KAB, and checks to see if the decrypted value is indeed equal to NB−1.

The protocol seems complex, but the underlying authentication mechanism that is exploited throughout is essentially this: When one entity, say A, encrypts a string (m, N), where m is some message and N is a nonce that A chose randomly, and that nonce is returned to A subsequently, then A has the proof that the nonce N and message m were indeed decrypted by the correct entity. Thus, A can safely continue participating in the protocol. In contrast, if the returned value of the nonce is not what is expected, the protocol is abandoned. Using randomly chosen nonces from one exchange to the next associates unique numbers to each exchange. This keeps a man in the middle from replaying stale data from previous unrelated exchanges. Also, incorporating identities in the clear (and in the encryptions) prevents the adversary from trying to transmit messages to unintended recipients. Finally, notice that the last two flows are composed of encryptions under the session key KAB. This is used to prove to each party that the other actually possesses the right key. We shall return to this important property later.

Encryption Key Types

Cryptography uses two types of keys: symmetric and asymmetric. Symmetric keys have been around the longest; they utilize a single key for both the encryption and decryption of the ciphertext. This type of key is called a secret key, because you must keep it secret. Otherwise, anyone in possession of the key can decrypt messages that have been encrypted with it. The algorithms used in symmetric key encryption have, for the most part, been around for many years and are well known, so the only thing that is secret is the key being used. Indeed, all of the really useful algorithms in use today are completely open to the public.

A couple of problems immediately come to mind when you are using symmetric key encryption as the sole means of cryptography. First, how do you ensure that the sender and receiver each have the same key? Usually this requires the use of a courier service or some other trusted means of key transport. Second, a problem exists if the recipient does not have the same key to decrypt the ciphertext from the sender. For example, take a situation where the symmetric key for a piece of crypto hardware is changed at 0400 every morning at both ends of a circuit. What happens if one end forgets to change the key (whether it is done with a strip tape, patch blocks, or some other method) at the appropriate time and sends ciphertext using the old key to another site that has properly changed to the new key? The end receiving the transmission will not be able to decrypt the ciphertext, since it is using the wrong key. This can create major problems in a time of crisis, especially if the old key has been destroyed. This is an overly simple example, but it should provide a good idea of what can go wrong if the sender and receiver do not use the same secret key.

Tools & Traps…

Asymmetric cryptography is relatively new in the history of cryptography, and it is probably more recognizable to you under the synonymous term public key cryptography. Asymmetric algorithms use two different keys, one for encryption and one for decryption—a public key and a private key, respectively Whitfield Diffie and Martin Heilman first publicly released public key cryptography in 1976 as a method of exchanging keys in a secret key system. Their algorithm, called the Diffie-Hellman (DH) algorithm, is examined later in the chapter. Even though it is commonly reported that public key cryptography was first invented by the duo, some reports state that the British Secret Service actually invented it a few years prior to the release by Diffie and Heilman. It is alleged, however, that the British Secret Service never actually did anything with their algorithm after they developed it. More information on the subject can be found at the following location: www.wired.com/wired/archive/7.04/crypto_pr.html

Some time after Diffie and Heilman, Phil Zimmermann made public key encryption popular when he released Pretty Good Privacy (PGP) v1.0 for DOS in August 1991. Support for multiple platforms including UNIX and Amiga were added in 1994 with the v2.3 release. Over time, PGP has been enhanced and released by multiple entities, including ViaCrypt and PGP Inc., which is now part of Network Associates. Both commercial versions and free versions (for noncommercial use) are available. For those readers in the United States and Canada, you can retrieve the free version from http://web.mit.edu/network/pgp.html. The commercial version can be purchased from Network Associates at www.pgp.com.

II.A. Bassic Principles

Public key cryptography has made some aspects of the protection of communications much easier. With symmetric key encryption, both the sender and the receiver needed the same key to decrypt the message so there is the problem of distributing the keys in a secure manner. With public key encryption, a key pair is created: a public key and a private key. The public key can be given out to the people you need to communicate with or it can even be placed in a public database. The private key is kept secret and known only to yourself. To communicate securely, the public key of the receiver is retrieved. The message is then encrypted using the receiver's public key. The encrypted message is then sent to the receiver, and they use their private key to decrypt the message. Keys no longer need to be distributed in a confidential way

Because an attacker can obtain the public keys of people communicating, public key cryptography can always be analyzed with respect to chosen plaintext attacks. That is, an attacker can pick whatever plaintext they want, and encrypt it using the intercepted public key to perform analysis on the resulting ciphertext. This information is then used to try to uncover plaintext from real intercepted ciphertext. Another problem with public key cryptography is that the sender must be sure he is encrypting the message with an authentic public key from the receiver. If an attacker can replace the receiver's public key in a public database (or other means) with her own and the sender does not verify that he is in fact using the correct public key, the sender will mistakenly encrypt the message with the attacker's public key and the attacker will be able to decrypt the message

II.C Confidentiality

The confidentiality service ensures that protected resources are not legible by unauthorized users or processes. Public key and symmetric key encryption can secure resources for both confidentiality and authorization. The confidentiality is provided by the encrypted text, and only the person authorized to have the corresponding private or secret key can decrypt the information. Public key encryption utilizes a public and private key pair, which is unique for each user. A user's public key is made available to the public usually through a repository in the form of a certificate. The certificate's integrity is guaranteed through the use of a digital signature applied to the certificate by a trusted third party. User A secures a resource to User B by encrypting the resource with User B's public key. User B is the only party who is able to decrypt the resources by using the private key associated with the public key used to encrypt the resource, User B's private key.

Symmetric key encryption utilizes a shared secret between two parties. The shared secret would have to be communicated securely, either via a secure protocol or out-of-band, between the two parties before any encrypted communication could proceed. Symmetric key encryption has two drawbacks. The secret has to be communicated in a secure method and there must be a unique secret between each originator and receiver.

Phase 2

In phase two, keys need to be generated and exchanged between the endpoints if they are to use a symmetric key encryption algorithm for the data exchange. The key is generated on the client side of the connection, because once generated, it can be encrypted with the public key of the server. The server is the only one that possesses the corresponding private key that can be used to successfully decrypt the message. What does the key look like? It varies. Keys are usually a string of 46 randomly generated byte values.

4.1.2 Transport Layer Security (TLS)

TLS [9] is a network security protocol that provides reliable, end-to-end transport between Internet applications. It is built on top of some reliable transport protocol such as TCP, and it consists of two sublayers: the TLS Record Protocol and the TLS Handshake Protocol.

The TLS Record Protocol establishes a secure, reliable channel for higher level protocols such as the TLS Record protocol. Specifically, it provides data confidentiality with symmetric key encryption, and data integrity with keyed MAC (e.g., SHA-1). The TLS Handshake Protocol provides the following functionalities:

Negotiates the cipher suite, which includes the encryption and hash algorithms, authentication and key establishment methods, to be used.

Authenticate the participating parties (e.g., client and server) and the exchanged data. In most e-commerce applications, servers are nearly always authenticated, and clients are rarely authenticated by TLS.

Establish fresh, shared secret used by various encryption and authentication algorithms.

TLS is suited for securing SIP on a hop-by-hop basis. The SIP RFC [2] mandates that SIP proxy servers, redirect servers, and registrars must support TLS. However, UAs are strongly recommended to be able to initiate TLS.