Understanding Data Confidentiality In Cyber Security
What Is Covered
There are two classes of encryption used to provide data confidentiality; asymmetric and symmetric. These two classes differ in how they use keys. In this article, I want to talk about all that you need to know about Data confidentiality in Cyber Security. Follow me as we will look at that in this article.
Symmetric encryption algorithms such as Data Encryption Standard (DES), 3DES, and Advanced Encryption Standard (AES) are based on the premise that each communicating party knows the preshared key. Data confidentiality can also be ensured using asymmetric algorithms, including Rivest, Shamir, and Adleman (RSA) and the public key infrastructure (PKI).
Note: DES is a legacy algorithm and should not be used. 3DES should be avoided if possible.
The figure highlights some differences between symmetric and asymmetric encryption.
The figure shows the differences between symmetric and asymmetric encryption. Characteristics of symmetric encryption include: use the same key to encrypt and decrypt data; key lengths are short (40 bits – 256 bits); faster than asymmetric encryption; and commonly used for encrypting bulk data such as in VPN traffic. Characteristics of asymmetric encryption include: uses different keys to encrypt and decrypt data; key lengths are long (512 bits – 4096 bits); computationally tasking therefore slower than symmetric encryption; and commonly used for quick data transactions such as HTTPS when accessing your bank data.
Symmetric Encryption
Symmetric algorithms use the same preshared key to encrypt and decrypt data. A preshared key also called a secret key, is known by the sender and receiver before any encrypted communications can take place.
To help illustrate how symmetric encryption works, consider an example where Alice and Bob live in different locations and want to exchange secret messages with one another through the mail system. In this example, Alice wants to send a secret message to Bob.
In the figure, Alice and Bob have identical keys to a single padlock. These keys were exchanged prior to sending any secret messages. Alice writes a secret message and puts it in a small box that she locks using the padlock with her key. She mails the box to Bob. The message is safely locked inside the box as the box makes it’s way through the post office system. When Bob receives the box, he uses his key to unlock the padlock and retrieve the message. Bob can use the same box and padlock to send a secret reply back to Alice.
The figure shows the symmetric encryption analogy described in the text.
Symmetric Encryption Example
Today, symmetric encryption algorithms are commonly used with VPN traffic. This is because symmetric algorithms use less CPU resources than asymmetric encryption algorithms. This allows the encryption and decryption of data to be fast when using a VPN. When using symmetric encryption algorithms, like any other type of encryption, the longer the key, the longer it will take for someone to discover the key. Most encryption keys are between 112 and 256 bits. To ensure that the encryption is safe, a minimum key length of 128 bits should be used. Use a longer key for more secure communications.
Symmetric encryption algorithms are sometimes classified as either a block cipher or a stream cipher. Click the buttons to learn about these two cipher modes.
Wellknown symmetric encryption algorithms are described in the table.
Symmetric Encryption Algorithms  Description 

Data Encryption Standard (DES)  This is a legacy symmetric encryption algorithm. It uses a short key length that makes it insecure for most current uses. 
3DES (Triple DES)  The is the replacement for DES and repeats the DES algorithm process three times. It should be avoided if possible as it is scheduled to be retired in 2023. If implemented, use very short key lifetimes. 
Advanced Encryption Standard (AES)  AES is a popular and recommended symmetric encryption algorithm. It offers combinations of 128, 192, or 256bit keys to encrypt 128, 192, or 256 bitlong data blocks. 
SoftwareOptimized Encryption Algorithm (SEAL)  SEAL is a faster alternative symmetric encryption algorithm to AES. SEAL is a stream cypher that uses a 160bit encryption key and has a lower impact on the CPU compared to other softwarebased algorithms. 
Rivest ciphers (RC) series algorithms  This algorithm was developed by Ron Rivest. Several variations have been developed, but RC4 was the most prevalent in use. RC4 is a stream cypher that was used to secure web traffic. It has been found to have multiple vulnerabilities which have made it insecure. RC4 should not be used. 
Asymmetric Encryption
Asymmetric algorithms, also called publickey algorithms, are designed so that the key that is used for encryption is different from the key that is used for decryption, as shown in the figure. The decryption key cannot, in any reasonable amount of time, be calculated from the encryption key and vice versa.
The figure shows an example of asymmetric encryption where the encryption key is different from the decryption key.
Asymmetric Encryption Example
Asymmetric algorithms use a public key and a private key. Both keys are capable of the encryption process, but the complementary paired key is required for decryption. The process is also reversible. Data that is encrypted with the public key requires the private key to decrypt. Asymmetric algorithms achieve confidentiality and authenticity by using this process.
Because neither party has a shared secret, very long key lengths must be used. Asymmetric encryption can use key lengths between 512 to 4,096 bits. Key lengths greater than or equal to 2,048 bits can be trusted, while key lengths of 1,024 or shorter are considered insufficient.
Examples of protocols that use asymmetric key algorithms include:
 Internet Key Exchange (IKE) – This is a fundamental component of IPsec VPNs.
 Secure Socket Layer (SSL) – This is now implemented as IETF standard Transport Layer Security (TLS).
 Secure Shell (SSH) – This protocol provides a secure remote access connection to network devices.
 Pretty Good Privacy (PGP) – This computer program provides cryptographic privacy and authentication. It is often used to increase the security of email communications.
Asymmetric algorithms are substantially slower than symmetric algorithms. There design is based on computational problems, such as factoring extremely large numbers or computing discrete logarithms of extremely large numbers.
Because they are slow, asymmetric algorithms are typically used in lowvolume cryptographic mechanisms, such as digital signatures and key exchange. However, the key management of asymmetric algorithms tends to be simpler than symmetric algorithms, because usually one of the two encryption or decryption keys can be made public.
Common examples of asymmetric encryption algorithms are described in the table.
Asymmetric Encryption Algorithm  Key Length  Description 

DiffieHellman (DH)  512, 1024, 2048, 3072, 4096  The DiffieHellman algorithm allows two parties to agree on a key that they can use to encrypt messages they want to send to each other. The security of this algorithm depends on the assumption that it is easy to raise a number to a certain power, but difficult to compute which power was used given the number and the outcome. 
Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA)  512 – 1024  DSS specifies DSA as the algorithm for digital signatures. DSA is a public key algorithm based on the ElGamal signature scheme. Signature creation speed is similar to RSA, but is 10 to 40 times slower for verification. 
Rivest, Shamir, and Adleman encryption algorithms (RSA)  512 to 2048  RSA is for publickey cryptography that is based on the current difficulty of factoring very large numbers. It is the first algorithm known to be suitable for signing, as well as encryption. It is widely used in electronic commerce protocols and is believed to be secure given sufficiently long keys and the use of uptodate implementations. 
EIGamal  512 – 1024  An asymmetric key encryption algorithm for publickey cryptography which is based on the DiffieHellman key agreement. A disadvantage of the ElGamal system is that the encrypted message becomes very big, about twice the size of the original message and for this reason it is only used for small messages such as secret keys. 
Elliptic curve techniques  224 or higher  Elliptic curve cryptography can be used to adapt many cryptographic algorithms, such as DiffieHellman or ElGamal. The main advantage of elliptic curve cryptography is that the keys can be much smaller. 
Asymmetric Encryption – Confidentiality
Asymmetric algorithms are used to provide confidentiality without presharing a password. The confidentiality objective of asymmetric algorithms is initiated when the encryption process is started with the public key.
The process can be summarized using the formula:
Public Key (Encrypt) + Private Key (Decrypt) = Confidentiality
When the public key is used to encrypt the data, the private key must be used to decrypt the data. Only one host has the private key; therefore, confidentiality is achieved.
If the private key is compromised, another key pair must be generated to replace the compromised key.
Asymmetric Encryption – Authentication
The authentication objective of asymmetric algorithms is initiated when the encryption process is started with the private key.
The process can be summarized using the formula:
Private Key (Encrypt) + Public Key (Decrypt) = Authentication
When the private key is used to encrypt the data, the corresponding public key must be used to decrypt the data. Because only one host has the private key, only that host could have encrypted the message, providing authentication of the sender. Typically, no attempt is made to preserve the secrecy of the public key, so any number of hosts can decrypt the message. When a host successfully decrypts a message using a public key, it is trusted that the private key encrypted the message, which verifies who the sender is. This is a form of authentication.
Click the buttons to view how the private and public keys can be used to provide authentication to the data exchange between Bob and Alice.
Asymmetric Encryption – Integrity
Combining the two asymmetric encryption processes provides message confidentiality, authentication, and integrity.
The following example will be used to illustrate this process. In this example, a message will be ciphered using Bob’s public key and a ciphered hash will be encrypted using Alice’s private key to provide confidentiality, authenticity, and integrity.
DiffieHellman
DiffieHellman (DH) is an asymmetric mathematical algorithm that allows two computers to generate an identical shared secret without having communicated before. The new shared key is never actually exchanged between the sender and receiver. However, because both parties know it, the key can be used by an encryption algorithm to encrypt traffic between the two systems.
Here are two examples of instances when DH is commonly used:
 Data is exchanged using an IPsec VPN
 SSH data is exchanged
To help illustrate how DH operates, refer to the figure.
The figure illustrates how the DiffieHellman algorithm works by using colours. Assume Alice and Bob have agreed to start with 50 millilitres (50ml) of yellow paint. Alice adds 50 ml of red paint to the yellow paint to create a 100 ml amount of orange paint. Bob mixes his 50 ml of yellow paint with 50 ml of blue paint to create 100 ml of green paint. Alice sends Bob her 100 ml of orange colour paint and Bob sends Alice his 100 ml green colour paint. Alice than proceeds to add another 50 ml of her red paint to Bob’s 100 ml of green paint to create 150 ml of brown paint. Bob mixes another 50 ml of blue paint to the 100 ml of Alice’s orange paint to create 150 ml of the exact same colour brown colour paint that Alice created.
The colours in the figure will be used instead of complex long numbers to simplify the DH key agreement process. The DH key exchange begins with Alice and Bob agreeing on an arbitrary common colour that does not need to be kept secret. The agreedon colour in our example is yellow.
Next, Alice and Bob will each select a secret colour. Alice chose red while Bob chose blue. These secret colours will never be shared with anyone. The secret colour represents the chosen secret private key of each party.
Alice and Bob now mix the shared common colour (yellow) with there respective secret colour to produce a public colour. Therefore, Alice will mix the yellow with her red colour to produce a public colour of orange. Bob will mix the yellow and the blue to produce a public colour of green.
Alice sends her public colour (orange) to Bob and Bob sends his public colour (green) to Alice.
Alice and Bob each mix the colour they received with there own, original secret colour (Red for Alice and blue for Bob.). The result is a final brown colour mixture that is identical to the partner’s final colour mixture. The brown colour represents the resulting shared secret key between Bob and Alice.
The security of DH is based on the fact that it uses very large numbers in it’s calculations. For example, a DH 1024bit number is roughly equal to a decimal number of 309 digits. Considering that a billion is 10 decimal digits (1,000,000,000), one can easily imagine the complexity of working with not one, but multiple 309digit decimal numbers.
DiffieHellman uses different DH groups to determine the strength of the key that is used in the key agreement process. The higher group numbers are more secure, but require additional time to compute the key. The following identifies the DH groups supported by Cisco IOS Software and there associated prime number value:
 DH Group 1: 768 bits
 DH Group 2: 1024 bits
 DH Group 5: 1536 bits
 DH Group 14: 2048 bits
 DH Group 15: 3072 bits
 DH Group 16: 4096 bits
Note: A DH key agreement can also be based on elliptic curve cryptography. DH groups 19, 20, and 24, which are based on elliptic curve cryptography, are also supported by Cisco IOS Software.
Unfortunately, asymmetric key systems are extremely slow for any sort of bulk encryption. This is why it is common to encrypt the bulk of the traffic using a symmetric algorithm, such as 3DES or AES and use the DH algorithm to create keys that will be used by the encryption algorithm.
Action Point
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Download Our App.
Follow Us On Telegram

CEHNigeria On Google Playstore

GET SEOPOZ . OUTSMART YOUR BLOG COMPETITORS

Joint Our Whatsapp Group

Follow Us On Twitter and I will Follow Back
Follow Us On Twitter
Kindly follow me on Twitter and I promise I will follow back. Aside you will get updated when we post new articles. 
Thanks, this is very useful and easy to understand, especially to those who are not aware of cybersecurity in Data confidentiality.
Yes, we should keep our Data & Information ready to stop Ransomware and viruses. There are many companies that build Guardforce PC like Xphy, and with such methods, we can reduce the probability of cyberattacks and preserve data with a strong security system. Additionally, we can also make secure passwords with a special character and also use secure antivirus for Data protection.
There is always going to be so much more to learn in this highly intricate world of cyber, hence will keep referring back. Cheers!
Thanks
Cybersecurity is very important in today’s age with how easily accessible data are on the internet.
cybersecurity courses Australia recently posted…Cyber Security Training – a blog regarding why it’s important to be trained in cyber security
Thanks
This content is very helpful for me. Thanks for sharing