### RESOURCES

In this article, the first of a 3-part series on symmetric key encryption technology, we will look at the principles of symmetric encryption, the two types of symmetric algorithm, and the lifecycle and management of symmetric keys.

## Introduction

Symmetric key algorithms (aka ciphers) are commonly used to protect the confidentiality of data, both at rest (e.g. in storage devices) and in transit (e.g. over networks). The term “symmetric” comes from the fact that the same key is used both for encryption and decryption. This contrasts to asymmetric encryption, where the encryption and decryption keys are different (but mathematically related).

## Symmetric vs. asymmetric encryption

The main advantage of symmetric encryption over asymmetric encryption is that it is fast and efficient for large amounts of data; the disadvantage is the need to keep the key secret - this can be especially challenging where encryption and decryption take place in different locations, requiring the key to be moved safely between locations.

Before the advent of public key cryptography (PKC) in the mid-1970s, it was necessary to distribute secret keys, or even entire code books, by secure means (e.g. a trusted courier). This can present significant challenges, especially in a wartime scenario where the couriers become targets for the enemy. If the secret keys (“red” keys in military parlance) are intercepted, then the enemy can decipher your communications or (if you’re aware of the interception) prevent you communicating sensitive information at all, thereby creating a denial-of-service.

The threat of interception can be mitigated by splitting a secret key into two or more components using a special algorithm and sending the components by separate couriers. The components can then be re- combined into the key at the other end. Intercepting a single component does not reveal the key.

Today, PKC (which is based on asymmetric algorithms) is most commonly used to share a secret key, which is then used by a symmetric algorithm to encrypt the data – this is known as hybrid encryption, as it combines both asymmetric and symmetric techniques. This enables a secure communication channel to be rapidly set up between two parties over an untrusted network, and is the basis for most Internet communications and electronic transactions today.

Nonetheless, the use of pure symmetric encryption may still be necessary (or even desirable) in some rare situations, especially in a military context where secret keys can be distributed by military personnel protected with guns - for example, due to the use of outdated systems or a distrust of PKC (particularly in light of the vulnerability of PKC to the threat of quantum computing).

Recently, quantum key distribution has been demonstrated as an alternative means to securely share a secret key between two parties – this technology uses light (e.g. fiber optics) to distribute a secret key and is based on the quantum nature of photons and the ability to detect whether they arrive without having been intercepted.

Symmetric algorithms fall into two categories – block ciphers and stream ciphers. Block ciphers such as DES and AES operate on a fixed-size block of data, encrypting the whole block (usually 64, 128 or 256 bits) using a cryptographic key (a minimum of 112 bits long to be secure today).

Most block ciphers are based on a “Fiestel network”, named after the IBM cryptographer Horst Fiestel. This design has the advantage that encryption and decryption operations are very similar, even identical in some cases, making it efficient to implement in either hardware or software. To further simplify implementation, Feistel networks use iterations based on an internal function called a “round function”.

A round consists of several processing steps that include substitution, transposition and mixing of the input plaintext to transform it into ciphertext. Algorithms use many rounds to reduce their vulnerability to attack. The substitution aspect is governed by an “S-box”, essentially a look-up table that may be either fixed or generated dynamically from the key. This is an intrinsic part of the algorithm and changing the S-box will fundamentally change its cryptographic characteristics, but a cryptographic expert could potentially modify the S-box to create unique variants of an algorithm.

## Stream ciphers

Stream ciphers such as RC4 encrypt the plaintext one bit at a time and require a key in the form of a pseudo-random bit stream (PRBS) – this must be the same for encryption and decryption, hence the need for a secret key to seed the PRBS. Stream ciphers are less commonly used than block ciphers, as the latter offer certain security benefits – specifically, they feature high diffusion (i.e. information from one plaintext symbol is diffused into several ciphertext symbols) and immunity to tampering (i.e. it is difficult to insert symbols into the ciphertext without detection).

The very earliest ciphers, namely simple substitution ciphers, were stream ciphers. The ultimate encryption system is also a type of stream cipher – it uses a “one-time pad”, which is a string of random data that is as long as the plaintext message it is used to encrypt. This is very fast and the only encryption method that is mathematically 100% secure, provided that the one-time pad is truly random and that it is kept secret. For most purposes, it is impractical to generate and use a key that is as long as the plaintext data, not to mention the challenge of sharing it secretly between the sender and recipient.

## The lifecycle and management of keys

As can be seen from the foregoing, keys are a critical component of modern cryptography. Without keys, cryptography depends on the algorithm itself being secret, whereas using keys means that the algorithm can be fully known to an attacker, as long as the keys (i.e. symmetric keys or asymmetric private keys) are kept secret. Thus, strong algorithms can be developed and used by everyone.

It is also vitally important that keys are completely random, as any non-randomness reduces the effective strength of the encryption, and that they are “rotated” on a regular basis in keeping with best practice. The generation, protection, rotation, distribution and eventual retirement of keys, collectively known as the “key lifecycle”, must therefore be handled with the utmost care, especially keys used to protect particularly sensitive or valuable data (e.g. personal information, financial transactions, etc.).

Modern key management systems are designed for this purpose, enabling keys to be pro-actively managed throughout their entire life-cycle. Keys are typically generated and protected by special hardware devices called hardware security modules (HSMs) that are independently certified to standards such as FIPS 140-2, Common Criteria or PCI-HSM. Key management systems also maintain secure audit logs to keep track of the keys.

Keys can be securely distributed to wherever they are needed by encrypting them under a pre-shared transport key (aka key encryption key, or KEK); the transport key may be either a symmetric or asymmetric key. Note that such a hierarchical system results in even more keys that must be correctly managed. Alternatively, a secret key can be distributed manually by “splitting” the key, with each key component entrusted to a different individual.

In the next article in this series, we will look at the development of symmetric key algorithms and the range of algorithms available today along with their strengths and weaknesses, as well as the
importance of crypto agility.