Symmetric encryption is a method of encryption that utilizes a secret key to both encrypt and decrypt electronic information; this key is exchanged between each entity communicating. Symmetric encryption differs from asymmetric encryption due to not requiring two keys, one public and one private, to encrypt and decrypt messages. By utilizing symmetric algorithms for encryption, messages, and their data, are transformed into a manner that can’t be read unless the secret key is possessed. Once the encrypted message reaches its intended target, the decryption process begins, thus reversing the original algorithm (Smirnoff, Turner, 2019).
As for the algorithm itself, the two methods of symmetric encryption are block and stream. In a stream algorithm, data is encrypted while streaming, while a block algorithm encrypts in predefined lengths of bits. The data in a block algorithm is held by the system’s memory while waiting for completed blocks to finish. There are numerous examples of symmetric encryption algorithms, such as DES (Data Encryption Standard), IDEA (International Data Encryption Algorithm), AES (Advanced Encryption Standard), RC4 (Rivest Cipher 4), RC5 (Rivest Cipher 5), RC6 (Rivest Cipher 6), and Blowfish. Of the various abovementioned examples, RC4 is a stream cipher, while IDEA, Blowfish, RC5, RC6, DES, and AES are all block ciphers (Smirnoff, Turner, 2019).
For those who find this material to be somewhat confusing, symmetric cryptology can be simply explained. Let’s say the front door of a building is typically unlocked and locked via a specific key; this key is similar to the single key utilized in symmetric encryption. Since a particular key opens the building’s door, only people who have the key, or a copy of it, can access the building. Now, let’s imagine that the entire staff who works at the building is working from home due to COVID-19. Since the one person who holds the key is not at the building, a maintenance team is not going to be able to access the building. Hopefully, the owner of the key gave a copy of it to the maintenance staff before he/she left the location. Now, both the owner of the key, as well as the maintenance team, have access to the building (if a copy of the key was provided). In this scenario, the building is an encrypted message, while the building’s interior is the encrypted data. Since a single key is used, access to the building is encrypted (or prevented) for all others. While this straightforward explanation makes it easier to understand symmetric cryptography, you may have noticed an apparent problem with this method. Since a single key is used, if that key is lost, duplicated, or stolen, the security of the building (encrypted data) is rendered useless.
Now that symmetric encryption is defined and explained in simpler terms let’s discuss how this method of cryptology is used. EFS (Encrypting File System) is part of the NTFS File system featured on Windows XP Pro, Windows 2000, and Windows Server 2003 and is Window’s built-in file encryption method. EFS allows the transparent decryption and encryption of files using cryptographic algorithms by only allowing programs or users to decrypt data if they have the right key. Unlike early forms of cryptography such as ciphers, even if the device that holds the data is in possession of an unauthorized user, they cannot access its files unless the key is provided; this also prevents against authorized users on a computer from gaining access to the encrypted data if the key is not provided. EMS occurs at the file-system level and uses a symmetric key, which is a key that is encrypted with a public key/public key pair; this key pair is set to a user’s identity.
However, not fully understanding how EMS works before using it can cause significant problems. Failure to properly encrypt data, using weak passwords, or making passwords available to others can be quite problematic. Furthermore, if a private key is misplaced or damaged, the files cannot be decrypted by even the original user that encrypted the data. The key can be recovered if the key has been archived, but if this didn’t happen, the file might be as good as dead. In my personal experience, I have found EFS to be very reliable and secure. Its operation is relatively simple and can secure even prone-to-theft laptops from having their sensitive data accessed. I love the fact that you do not require full control permissions or ownership to encrypt files, rather only read and write.
I have used EMS Recovery a few times before to recover files from encrypted drives by using the volume recovery key. Contrary to what I had previously thought, this was easy to do since it automatically scanned the BitLocker volumes to locate any recoverable items; it also does this while finding and fixing errors. Overall, EFS can be a great tool in the hands of an experienced user, yet risky for an amateur. Symmetric encryption can be of excellent help to many cases where data needs to be securely sent and received.
Another use of symmetric encryption is in digital certificates. Digital certificates are a lot like identification cards, as they are electronic credentials that are used to prove the identity of users, devices, or organizations. Issued by Certification Authorities (CA), digital certificates bind an owner’s public key with his or her private key. These certificates contain data that identifies the owner of the certificate, such as the subject’s identification information, public-key value, CA’s name, CA’s digital signature, CA’s private key, and also generates a digital signature. These certificates are often distributed by public folders, email, web pages, and directories. These certificates are used in the digital signing of electronic data to protect and verify it, to authenticate users who are communicating over networks, and protect symmetric secret encryption, which is sent and shared over networks. Digital certificates also secure mail, web communications, code signing, and local and remote access to network resources.
By utilizing plaintext input, the encryption algorithm, a secret key (shared between sender and recipient), and the associated decryption algorithm, a plaintext output is created of the previously encrypted data, using symmetric encryption (Stallings, 2017). Symmetric encryption offers many benefits, such as that it is both quick and efficient when used with significant amounts of data; however, it has many downsides as well, such as the necessity to keep the key private (which offers challenges when both communication entities are in remote locations). As the world progresses in the digital front, protecting our precious data is vital to the continued success of personal/ business operations and security.
Stallings, W. (2017). Network Security Essentials: Applications and Standards (Sixth). Pearson.
Bragg, Roberta. (n.d.) The Encrypting File System. Retrieved from https://technet.microsoft.com/en-us/library/cc700811.aspx.
Peter Smirnoff & Dawn M. Turner. (2019, January 18). Symmetric Key Encryption – why, where and how it’s used in banking. Retrieved March 18, 2020, from https://www.cryptomathic.com/news-events/blog/symmetric-key-encryption-why-where-and-how-its-used-in-banking.