Most people are familiar with symmetric encryption , if only at a visceral, intuitive level: Plaintexts are encrypted with a secret key and some set of procedures, and they are decrypted with the same key and the same set of procedures. If you have the key, you can decrypt all data that has been encrypted with that key. Sometimes known as secret key encryption , symmetric encryption is computationally efficient and it is the most frequent type of encryption for network transmission of volumes of data.
In October 2000, the National Institute of Standards and Technology (NIST) announced that the Rijndael 2 data encryption algorithm had been selected for the Advanced Encryption Standard ( AES ), replacing the outdated Data Encryption Standard ( DES ) algorithm originally developed during the 1970s by IBM. DES uses 56-bit keys, although a variation called triple DES encrypts data three times with the DES algorithm, providing improved security.
Using a secure encryption requires using suffi ciently long keys. Shorter keys are vulnerable to brute-force attacks, in which an attacker uses a computer to try all the different possible keys. Key lengths on the order of 40 bits, for example, are considered insecure because they can be broken by brute-force attacks in very short order by relatively inexpensive computers. Single-DES has been brute-forced as well; in general, 128-bit and longer keys are likely to be secure against such attacks for the immediate future.
Symmetric encryption algorithms can be vulnerable to other types of attacks. Most applications that use symmetric encryption for Internet communications use session keys, meaning that the key is used for only a single-session data transmission (sometimes several keys are used in one session). Loss of a session key thus compromises only the data that was sent during that session or portion of a session.
These are some of the other symmetric encryption algorithms that have been or are currently being used for Internet applications.
RC2/RC4 These commercial symmetric encryption algorithms were developed and marketed by the cryptography firm RSA.
CAST Developed in Canada and used by Nortel's Entrust products, CAST supports up to 128-bit keys.
IDEA The International Data Encryption Algorithm supports 128-bit keys. It was patented by Swiss firm Ascom, which granted permission for IDEA to be used for free noncommercial use in the seminal and open source encryption program Pretty Good Privacy (PGP), written by Philip Zimmermann and published for a time by Network Associates, Inc.
GOST This algorithm was reportedly developed by a Soviet security agency. Blowfi sh This algorithm was developed by Bruce Schneier and released to the public domain.
Twofish This was Bruce Schneier's submission to the AES competition. Skipjack This algorithm was developed by the National Security Agency for use with the Clipper chip's escrowed key system.
In this tutorial:
- IP Security
- IP Security Issues
- Security Goals
- Encryption and Authentication Algorithms
- Symmetric Encryption
- Public Key Encryption
- Key Management
- Secure Hashes
- Digital Signature
- IPSEC: The Protocols
- IP and IPSEC
- Security Associations
- Using Security Associations
- Tunnel and Transport Mode
- Encapsulating Security Payload (ESP)
- Authentication Header
- Calculating the Integrity Check Value (ICV)
- IPsec Headers in Action
- Implementing and Deploying IPSEC