Since the early age, computers have been used to transmit confidential and sensitive messages. But, sometimes people intercept and use these messages for their gain. Therefore, to safeguard the important messages such as credit/debit card information, different methods of encryption have been implemented.
Cryptography or Cryptology is the study and practice of techniques for secure communication in the presence of third parties called adversaries. In general, cryptography is about constructing and analyzing protocols that prevent adversaries or the public from reading private messages.
Symmetric cryptography is a cryptographic system which uses a single key to encrypt and decrypt data. Both the sender and receiver use the same key to communicate.
However, symmetric keys also have a disadvantage. As both the sender and receiver use one key to encrypt or decrypt, sharing the key to each other is difficult. If they have to share the key through the internet, chances are there that a hacker can intercept the key.
Public/Asymmetric-key cryptography: Public-key cryptography, or asymmetric cryptography, is a cryptographic system that involves pairs of keys; public keys can be shared widely pairing with private keys that are known only to the owner. In other words, in a public-key encryption system, anyone can encrypt a message using the public key of the receiver. But, the message can be decrypted only with the receiver’s private key. Example: John wants to send a secret message to Jane, So he will encrypt these message with a public key (generated by Jane using a key generation program whose input is a large random number and whose output is one public and one private key. The private key secret and is kept by Jane and the public key is spread widely to the public) and sends this message to the Jane even if the message is captured, it cannot be decoded without the private key.
Disadvantages of public-key encryption
1. The public-key encryption methods are several orders of magnitude slower than the best known symmetric-key schemes. 2. Key sizes are usually larger than those required for symmetric key encryption. The size of public-key signatures is larger than that of tags providing data origin authentication from symmetric-key techniques. 3. No public-key scheme is proven secured. The most effective public-key encryption schemes have their security based on the set of number – theoretic problems. 4. Public-key cryptography does not have a history of symmetric-key encryption.
Which Is Stronger?
Both the symmetric and asymmetric encryptions are stronger. When we consider in terms of computational burden and ease of distribution, symmetric encryption requires less computational burden whereas asymmetric encryption involves with ease of distribution.
Digital certificate is the electronic format of physical or paper certificates such as passport, membership card, driving license, etc. It proves your identity or the right to access services or information on the internet. Digital certificates are issued by a trusted authority empowered by law, known as Certifying Authority (CA).
Public Key Infrastructures:
A PKI-based authentication uses hybrid cryptosystem and benefits from using both types of encryption.
Steps Involved in SSL Authentication Protocol
A client broker requests a secure page (SSL Hello)
The web server sends its public key with its certificate
The browser checks whether that certificate was issued by a trusted party (CA), valid or not, and relation to the site contacted
The browser creates a symmetric session key and encrypts it with the server’s asymmetric public key. Then sends it to the server.
By using the asymmetric private key, the server decrypts the encrypted session and gets the symmetric session key.
Server and Browser now encrypt and decrypt all transmitted data with the symmetric session key. This allows for a secure channel because only the server and browser know the symmetric session key, which can only be used for that session. If the browser has to connect to the same server the next day, a new session key would be created.
Applications of SSL:
1. SSL-secured transactions with e-commerce Web site: It is a typical use case of SSL transaction between a browser and a Web server where the protocol is used to authenticate if the server and then pass the customer’s credit/debit card details to the server. 2. Authenticated client access to an SSL-secured Web site: Both the client and server need certificates from a trusted certification authority (CA) that they both trust. 3. Remote access: SSL technology is used to provide authentication and data protection for users who want to log into their system (computer) remotely. 4. E-mail: The security protocol is used to transmit private communications via the Internet.
Communication using SSL-based encryption and authentication is highly secure with little to no chance that the communication can be decrypted by a hacker thus making software’s/websites highly secure and trustworthy.