Encryption

Case Study: Symmetric Encryption vs. Asymmetric Encryption

In the field of genetics, confidentiality and security is a major concern. Any breach in this security can lead to a loss of business, grants and reputation. The relationship between ABC and XYZ is a relationship that must be secured in order for their research to work. There are two ways to secure their information; symmetrically or asymmetrically. These two methods are similar in nature, but worlds apart in security. I will touch base on the advantages and disadvantages between the two and I will formulate a solution for this relationship between two confidential companies.

First method is symmetric encryption and it is the older of the two encryptions. This encryption requires a simple passkey that the sender and the receiver both know. If one does not know it, then the information does not pass. The advantages of using symmetric encryption are it is simple to use, there is no algorithm in place generating keys every time a packet is sent and security is dependant on the length of the key. The longer and more complex the key is the better the security. The major disadvantage is management of the keys. Since every trading partner between the two companies have to have a key, the managing can be difficult. Also, the trading partners must agree on the key since they will have to be dealing with it every time they try to send a secured packet.

The second method is asymmetric encryption and it is the more complex of the two encryptions. This method has two keys for every trading partner; a public and a private key. Even though the public key is the key that tags along with the packet, the private key allows the partners to encrypt the packet once it arrives decrypt the packet. The information is more secure therefore you can be more confident in sending and receiving the information. The disadvantages are that it is much slower than symmetric encryption, you depend on algorithms that professionals are not 100% confident in the security and confidentiality and rarely used for bulk encryption and decryption.

As I was putting together a solution, I was leaning towards asymmetric encryption because of the algorithms and the public and private keys. However, it is slow and symmetric allows the keys to be generated from the user to ensure tight communication. The best solution might be a combination of the two encryptions called Hybrid Cryptosystem. This takes the convenience of the symmetric and takes the power of the asymmetric and combines it. The two parties have random key generators that encrypt or decrypt the information. This way takes an extra step for the users where they have to encrypt publicly and privately and then the receiver decrypts both as well. There are three types of security that does this hybrid encryption; SSL, PGP and GPG.

In this case where security is an extreme importance, the combination of both encryptions has to be the best route for both parties involve. Anytime you can take the advantages of both methods and put them in a hybrid third method is the best solution. This data is very confidential and must be kept a secret at any cost. The third method is probably the most expensive, but will secure the data better than symmetric or asymmetric alone.

References

Microsoft (October 26, 2007).
Description of Symmetric and Asymmetric Encryption /support.microsoft.com,
Retrieved February 22, 2009, from
http://support.microsoft.com/kb/246071

Steve Matuszek (1999). Encryption: What is it and why is it necessary? /www.csee.umbc.edu,
Retrieved February 22, 2009, from
http://www.cs.umbc.edu/~wyvern/ta/encryption.html

larryjf (November 1, 2004). Combining Symmetric and Asymmetric Encryption? /www.codeguru.com,
Retrieved February 22, 2009, from
http://www.codeguru.com/csharp/.net/net_security/encryption/article.php/c8511/

Mads Haahr and Vinny Wade (Autumn 2004).Trinity College, Dublin. Crypto II,
Retrieved February 22, 2009, from
https://www.cs.tcd.ie/courses/baict/bass/4ict12/notes/23%20Crypto%20II.pdf

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: