Symmetric VS. Asymmetric Encryption

This introduces the concept of digital signatures wherein integrity and non-repudiation are preserved within the signature but may also have confidentiality added to the message via public key encryption. Within this scenario, the sender will encrypt the message with their own private key and hash the message with an agreed-upon hash with the receiver. The recipient of the message has a guarantee that if the hashed value of the message is the same as the value calculated by the original sender, the message has not been tampered with by an adversary. If the value differs from the calculated hash value, it would indicate that the message has been tampered with during transit. The message which has been encrypted with the sender’s PRIVATE KEY and decrypted with the sender’s PUBLIC KEY ensures that the message in fact came from the intended sender granting us non-repudiation.  In short, a hashing function compiles a message into a numerical or character value. The content of the message is the calculated static value. Changing a single space, comma, or anything within the document will change the hash value and indicate tampering.  In this exchange, the message itself is encrypted and its hashed value or message digest is determined to ensure that the message has not been tampered with and came from the intended sender (non-repudiation).  

The process to ensure confidentiality of the message would be to encrypt the package with the recipient’s PUBLIC KEY as in theory the only recipient who would be able to decrypt the message would be the intended recipient as they are the only entity with the recipient’s PRIVATE KEY.   

These methods of encryption mainly deal with data in transit, but data at rest uses a similar encryption scheme using keys. The end goal is the same: ensuring that only persons or machines with appropriate access rights are able to read or decrypt the data. Encrypting data at rest allows us to store data that would be worthless to anyone without a key or passcode. Following the same method or process, data is transformed using a key (or split keys) known only to certain individuals or machines.  This process alters the data so that it is indecipherable without the aforementioned key to undo the transformation.    

In a scenario where symmetric keys are used for the storage of information, the same individual or group would be decrypting the stored data using the same key which would have encrypted that data. Asymmetric key encryption may also be used to secure stored data. The data is encrypted using a public key and can later be decrypted using the private key associated with that key pair.  This approach can facilitate encryption of your own data or encrypting a file prior to transmitting it to a third party such as over secure file transfer protocol (SFTP).  

Organizations use data classification policies and standards to define what data elements require encryption. These policies and standards are generally driven by external requirements and require the participation of multiple internal resources to successfully implement and maintain secure data and systems. For example, companies that store sensitive information (e.g., PCI DSS compliance, HIPAA, GLBA) may apply encryption to specific files, data records, or data elements such as stored credit card numbers, social security numbers, and date of birth.  

Encryption, whether it be symmetric or asymmetric, has the same end goal of encoding messages, contents, or data in such a way that only intended parties gain access. This affects both data at rest and data in motion because both are subject to confidentiality. Encryption can also provide non-repudiation and verify message integrity. In addition to selecting the appropriate cryptographic techniques and algorithms, the secure implementation of these methods plays a critical role in the overall effectiveness of the solution. Attempting to crack the encryption of today can be a very time and resource-intensive task if implemented properly; however, poor implementation, side-channel attacks, and inadequate key management processes may be detrimental to the security of your data.  

Here at MegaplanIT, we have many years of experience with deployed encryption solutions, ranging from PKI, database encryption, and system-level security.  We can guide your organization through every step of your assessment process, including audit preparation, onsite assessment of data flows and processes, policy and procedure development, and secure key management. Call us today to speak with industry-certified experts and learn how we can keep your data secure.