本文是计算机专业的留学生作业范例,题目是“Symmetric Vs Asymmetric Algorithms Computer Science Essay(对称与非对称算法计算机科学论文)”,在网络、应用程序和存储手段上的数据完整性、保密性和可用性已经成为计算机世界的主要关注点。如果数据暴露给攻击者,将对业务产生重大影响。密码学在利用加密和解密机制防止对敏感数据的攻击方面起着重要作用。加密有两种主要的方法:对称和非对称,每一种方法都包含自己的各种加密算法。这两种类型都有各自的优点和缺点,没有一种在效率和高安全性上都有优势。
Abstract 摘要
Data integrity, confidentiality and availability over the web, applications and storage means have become the major concerns in computer world. If data are exposed to an attacker, it will have a significant impact to business. Cryptography has a major role to play to prevent attacks to sensitive data employing encryption and decryption mechanisms. There are two main approaches to encryption: symmetric and asymmetric, and each of them contains its own variety of encryption algorithms. Both types have their advantages and disadvantages as none of them excels at both efficiency and high security.
As illustrated in this paper it is not sufficient enough to use a single type of encryption methods in applications. Rapid development of network technology and expansion of information around the world, information security has to be balanced with processing efficiency requiring hybrid approaches. This paper discusses the advantages and disadvantages of each type of cryptography and proposes in reference to literature integration approaches.
正如本文所说明的,在应用程序中使用单一类型的加密方法是不够的。随着网络技术的快速发展和信息在全球范围内的扩展,信息安全与处理效率之间的平衡需要混合的方法。本文讨论了各种密码学的优缺点,并提出了借鉴文献集成的方法。
1.Introduction 引言
Cryptography is the study of the mathematical techniques related to aspects of information security such as confidentiality, data integrity, message authentication, and entity authentication (Piper, 2002). Cryptography has many applications including those in key management for digital communication (communication equipment, electronic mail and data interchange, access control and audit trails, e-banking), commercial software (software verification and virus detection).
密码学是与信息安全相关的数学技术的研究,如机密性、数据完整性、消息验证和实体验证(Piper, 2002)。密码学有许多应用,包括数字通信(通信设备、电子邮件和数据交换、访问控制和审计跟踪、电子银行)、商业软件(软件验证和病毒检测)的密钥管理。
Encryption of electronic messages has been considcred for Electronic Data Interchange (EDI), where contracts and purchase orders are signed and delivered electronically. Similar system has been used by the British banks for Electronic Funds Transfer (EFT) for Point Of Sales (POS). For Local Area Networks (L.4Ns) the IEEE 802.10 LAN Security Working Group is currently drafting security standard using public-key techniques for key management.
Access control to buildings or computers relies on use of passwords or Personal Identification Number (PIN). Passwords are either stored to the computer or are dynamically generated using battery-powered devices (“tokens”). In some cases (e.g. in banking) the token is activated by entering a PIN. State-of-the art smart card devices embed personal or payment data which can be decrypted as long as the user enters a password or provides biometric data (e.g. voice, fingerprint, handwritten signature, or scanned picture).
In theory of cryptography, the information to be encrypted is called the message and the operation of disguising is known as encryption (or enciphering). The enciphered message is called the ciphertext or cryptogram. The algorithm used for this operation also has a second input known as the enciphering key. The process of obtaining the message from the ciphertext is known as decryption, and, in addition to the ciphertext, the deciphering algorithm needs a deciphering key. The receiver will obtain the correct message, if they use the right deciphering key.
An encryption system is said to be symmetric if, for each corresponding pair of enciphering and deciphering keys, it is easy to determine the deciphering key from the enciphering key. If, on the other hand, it is computationally impossible to determine the deciphering key from the enciphering key, then we have a public key system or, else, an asymmetric system.
Symmetric and asymmetric cryptography are almost two different subjects, therefore the algorithms are different, and the key management problems are different. In the sections below we present the main algorithms of each system and a comparison between the algorithms of each system is performed.
2.SYMMETRIC ALGORITHMS 对称算法
In symmetric algorithms, the sender and receiver of messages and files share the same key for encryption and decryption. Symmetric algorithms have the advantage of not consuming too much computing power. The most typical examples are: DES, Triple-DES (3DES), IDEA, CAST5, BLOWFISH, TWOFISH.
在对称算法中,消息和文件的发送方和接收方共享用于加密和解密的相同密钥。对称算法的优点是不会消耗太多的计算能力。最典型的例子有:DES, Triple-DES (3DES), IDEA, CAST5, BLOWFISH, TWOFISH。
In symmetric algorithms an important aspect of their effectiveness is the strength of the key encryption or else the size of the key used. Since the same key is used for encryption and decryption, the longer the keys are, the harder to unlock them. Strong versus weak key is one of the typical classification of symmetric algorithms.
DES (Data Encryption Standard) was the first symmetric algorithm to be introduced by NIST (National Institute of Standards and Technology) in 1974. DES uses one 64-bits key and many attacks have been recorded in literature against it and that caused the need to propose 3DES (Triple DES). Triple DES (3DES) uses three 64-bits keys. Therefore, 3DES applies 3 times the core encryption method of DES however this makes it slower than other symmetric algorithms (Nadeem and Javed, 2005).
DES (Data Encryption Standard) was the first symmetric algorithm to be introduced by NIST (National Institute of Standards and Technology) in 1974. DES uses one 64-bits key and many attacks have been recorded in literature against it and that caused the need to propose 3DES (Triple DES). Triple DES (3DES) uses three 64-bits keys. Therefore, 3DES applies 3 times the core encryption method of DES however this makes it slower than other symmetric algorithms (Nadeem and Javed, 2005).
Running simulation tests, Nadeem and Javed (2005) showed that Blowfish has better performance than other symmetric algorithms and no any security weak points to its record.
AES and 3DES showed poor performance since it requires more processing power. Similar results have been produced in (Elminaam et al, 2009).
3.ASSYMETRIC ALGORITHMS ASSYMETRIC算法
Nowadays confidential messages around the world are encrypted and decrypted relying on asymmetric techniques. This is because the key used for encryption and decryption is not the same but rather it relies on a key distribution mechanism which is called public-private key distribution. Confidential messages are encrypted using the public key and can only be decrypted using the private key. RSA, DSA, ELGAMAL, TLS, PGP are some of the examples of asymmetric algorithms.
如今,全世界的机密信息都是依靠非对称技术进行加密和解密的。这是因为用于加密和解密的密钥不是相同的,而是依赖于一种称为公私密钥分发的密钥分发机制。机密消息使用公钥加密,并且只能使用私钥解密。RSA, DSA, ELGAMAL, TLS, PGP是一些非对称算法的例子。
RSA is one of the well known public key (asymmetric type of) algorithms used for generating digital signatures over messages (Das and Madhavan, 2009). In addition, NIST published the Digital Signature Standard (DSS) in 1991 for generating digital signatures. DSS uses the SHA-1 algorithm for calculating the message digest of the plain message and then applies the DSA (Digital Signature Algorithm) for creating the digital signature of the message based on the message digest. DSA is only used for performing digital signatures. It cannot be used for encryption and this is the main difference with RSA (Das and Madhavan, 2009).
4.PGP Configuration PGP配置
One of the main applications of public key encryption techniques is in the PGP (Pretty Good Privacy) program for data communication. It is primarily used for signing, encrypting emails, files, text and anything else that is involved in email communication (Zimmermann, 1995).
公钥加密技术的主要应用之一是用于数据通信的PGP (Pretty Good Privacy)程序。它主要用于签名,加密电子邮件,文件,文本和其他任何涉及电子邮件通信(Zimmermann, 1995)。
RSA key of 1024 bits are still considered secure (given the available options of 512, 1024, 2048 bits). On the other hand, Kaliski (2003) considers that an 1024-bit RSA key can be broken in one year and that an 2048-bit RSA public key is secure enough for a PGP configuration which includes also the AES and the SHA-1 algorithm. RSA/IDEA/MD5 or any other other similar configuration is less secure according to Lenstra and Verheul (2003).
PGP works as follows (Benz, 2001):
compresses the plain message in order to reduce the pattern of the typical plaintext
creates a session key which is a random number, usually generated given mouse movements or keystrokes
a symmetric encryption algorithm is applied on the random number (e.g. Triple DES, Twofish, CAST, or AES) to generate a one-time-only secret key (session key)
additional input might be required by the user if the collected information is not sufficient enough (e.g. additional mouse movements, keystrokes)
the session key is used along a symmetric algorithm to encrypt the message to a ciphertext.
The session key is also encrypted using an asymmetric technique such as RSA
The recipient receives the ciphertext along with the public key-encrypted session key.
Indeed the combination of the two encryption methods exploits the convenience of public-key encryption with the speed of symmetric encryption (Benz, 2001). Symmetric encryption is about 100 to 1,000 times faster than public-key encryption, solving the problem of slow encryption which asymmetric algorithms suffer from. Public-key encryption provides a solution to key distribution and data transmission issues. Hence, performance and key distribution are improved by combining both approaches without any sacrifice in security.
On the othe hand, the PGP process described above can be a complex process for users requiring though some training. Apart of awareness it is important both parties to have installed PGP-compatible programs to be able to exchange PGP messages (Benz, 2001).
5.PGP2 Configuration PGP2配置
PGP2 implements the public key encryption using the RSA and IDEA algorithms to provide secure electronic mail communication either between individuals or known sources (e.g. EDI). This approach of authentication through cryptography ensures that the encrypted message does not provide any information that it is carrying even if it is intercepted by attackers. The recipient of the mail can decrypt the mail using the associated private or public key (Simmons, 1993).
PGP2使用RSA和IDEA算法实现公钥加密,以提供个人或已知源(例如EDI)之间的安全电子邮件通信。这种通过加密进行身份验证的方法确保加密的消息不会提供它所携带的任何信息,即使它被攻击者拦截。邮件的收件人可以使用相关的私钥或公钥解密邮件(Simmons, 1993)。
This approach verifies that the recipient is certain that the message is from the original sender and the contents has not been changed or lost during data transmission from sender to recipient. Furthermore, a digital signature can be attached together with the mail to further confirm the identity of the sender. This approach complements password authentication and is therefore utilized in interpersonal communication between known parties.
Similar combination of asymmetric and symmetric encryption techniques can be generalized to other application domains involving collaboration between large groups. Common prerequisite is to obtain the secret key information before the recipient is able to decrypt the mail.
6.GnuPG Configuration GnuPG配置
The aim of GnuPG was to create a “digital signature” mechanism which would be compatible with OpenPGP but at the same time it should avoid the use of patented algorithms like RSA. GnuPG provides therefore encryption and decryption services based on a range of both symmetric and asymmetric algorithms (Garloff and Jaeger, 2000).
GnuPG的目标是创建一个“数字签名”机制,它将与OpenPGP兼容,但同时它应该避免使用专利算法,如RSA。因此,GnuPG提供基于一系列对称和非对称算法的加密和解密服务(Garloff和Jaeger, 2000)。
Keyring: is the key management solution of GnuPG maintaining a database of private keys and a range of corresponding public keys
Hashing modules verify the authenticity of the public keys
Web of trust: a collection of signatures which have been declared as trusted by other users form a web of trusted keys
In comparison to PGP2, GnuPG rejects emai;s signed with RSA and IDEA keys, potentially been produced by PGP2. And vice versa, PGP2 rejects emails signed with DSA/ELGAMAL keys from GnuPG. GnuPG is compatible with PGP5 (Garloff and Jaeger, 2000).
Since it is insufficient to use a single kind of cryptographic algorithm in applications, the hybrid approach in cryptography fills the gap of efficiency or performance of each of the types of cryptography (symmetric, asymmetric) along with the objectives of confidentiality, data integrity, authentication, and trust between two communication parties. This need is generalized to any type of collaboration between individuals (email exchange, group collaboration, file sharing, etc).
由于在应用程序中使用单一类型的加密算法是不够的,密码学中的混合方法填补了每一种类型的加密(对称、非对称)的效率或性能的空白,同时实现了机密性、数据完整性、身份验证、以及沟通双方之间的信任。这种需求可以推广到个人之间的任何类型的协作(电子邮件交换、组协作、文件共享等)。
留学生作业相关专业范文素材资料,尽在本网,可以随时查阅参考。本站也提供多国留学生课程作业写作指导服务,如有需要可咨询本平台。