Asymmetric Algorithms

(OBJ 1.4)

Public Key Cryptography

• No shared secret key required
• Uses a key pair
  • Public key for encryption
  • Private key for decryption
• Provides confidentiality, integrity, authentication, and non-repudiation

Confidentiality with Public Key

• Encrypt data using the receiver's public key
• Only the recipient with the corresponding private key can decrypt it

Non-Repudiation with Private Key

• Encrypt data using the sender's private key
• Anyone with access to the sender's public key can verify the sender's identity

Integrity and Authentication with Digital Signature

• Create a hash digest of the message

• Encrypt the hash digest with the sender's private key

  • Digital Signature
    • A hash digest of a message encrypted with the sender’s private key to let the recipient know the document was created and sent by the person claiming to have sent it

• Encrypt the message with the receiver's public key

• Ensures message integrity, non-repudiation, and confidentiality

  

Common Asymmetric Algorithms

• Diffie-Hellman

  • Used for key exchange and secure key distribution over an unsecure network
  • Vulnerable to man-in-the-middle attacks, requires authentication
  • You need to make sure you have some form of authentication such as requiring a password or digital certificate at the beginning of that exchange process.
  • Commonly used for key exchange inside of creating a VPN tunnel establishment (IPSec)

• RSA (Ron Rivest, Adi Shamir, Leonard Adleman)

  • Used for key exchange, encryption, and digital signatures
  • Relies on the mathematical difficulty of factoring large prime numbers
    • See Ch. 4.6 Cryptography
  • Supports key sizes from 1024 to 4096 bits
  • Widely used in organizations and multi-factor authentication around the world
    • Secure tokens on key chain actually use RSA
    • That token actually is storing RSA asymmetric one-time-use keys that you're going to enter in as a form of authentication showing you have possession of that token

• Elliptic Curve Cryptography (ECC)

  • Efficient and secure, uses algebraic structure of elliptical curves
  • ECC is most commonly used in mobile devices and low-power computing
  • Six times more efficient than RSA for equivalent security
    • ECC with a 256-bit key is just as secure as RSA with a 2048-bit key
  • Variants include
    • ECDH (Elliptic Curve Diffie-Hellman)
      • ECC version of the popular Diffie-Hellman key exchange protocol
    • ECDHE (Elliptic Curve Diffie-Hellman Ephemeral)
      • Uses a different key for each portion of the key establishment process inside the Diffie-Hellman key exchange
    • ECDSA (Elliptic Curve Digital Signature Algorithm)
      • Used as a public key encryption algorithm by the US Government in their digital signatures