Exploring Symmetric Key Encryption
The simplest, most scalable cryptosystems to implement are those that use symmetric key encryption. Ciphers that use symmetric keys use the same key to encrypt and decrypt the data. We will examine the principles and operation of symmetric key encryption algorithms and look at examples of its implementation while weighing its strengths and weaknesses. Figure 6.4 represents a typical symmetric key cryptosystem. The data flow is from left to right. Cleartext data is rendered into ciphertext by the sender by encrypting the data with an encryption key and a cipher. The ciphertext is turned back into cleartext when the receiver in the cryptosystem uses the same encryption algorithm with an identical key to decrypt the data.
Here are some facts about the key lengths used with symmetric key encryption algorithms:
- 40 to 256 bits are typical key lengths.
- Trusted key lengths are 80 bits or greater.
- Regardless of which encryption algorithm employs them, key lengths of less than 80 bits are considered obsolete and should not be used.
Now that we’ve established that 80 bits or greater is acceptable, let’s speak about the longevity of the keys’ protection. What length of key should be used, grouped by the algorithm that employs it and longevity of protection? Table 6.2 explores those parameters as they relate to longevity of protection. The assumption made in Table 6.2 is that we are protecting against brute force attack. Also, when you look at the table, recall that symmetric algorithms are considered the strongest type of algorithms, thus they necessitate a shorter key length than asymmetric encryption algorithms.
The remainder of this section explores the details of the most common Symmetric Key Encryption algorithms individually.
DES
The following are the main characteristics of DES:
- Fixed key length of 64 bits, though only 56 bits are always used for encryption.
- Hardware acceleration is relatively simple because of its logical (binary) operation.
- 40-bit DES is still 56-bits: 40-bit key plus 16 known bits to pad the key out to 56 bits.
- Block cipher modes include the following:
- ECB (Electronic Code Block) mode.
- CBC (Cipher Block Chaining) mode. IPsec VPNs mostly choose this.
- Stream cipher modes include the following:
- CFB mode (Cipher Feedback). Similar to CBC.
- OFB mode (Output Feedback).
Cisco IPsec VPNs use DES and 3DES in CBC mode.
Although DES is considered obsolete, mostly because of its small key size, it can be used for small amounts of data where no alternative exists. It is susceptible to brute force attacks on its keys, having been cracked in 2001 in 22 hours. Here are some other guidelines to make a DES cryptosystem as secure as possible:
- Change keys frequently.
- Use a secure channel to exchange keys between the sender and receiver. (Diffie-Hellman is one method.)
- Use CBC if possible. In CBC block cipher mode, encryption of one 64- bit block depends on the previous blocks.
- Use 3DES if possible.
3DES
The following are the main characteristics of 3DES:
Basic algorithm is identical to DES, just applied three successive times.
- Can use two or three 56-bit keys to achieve 112- or 168-bit key strength. (See the next Exam Alert.)
- 3DES is not significantly more processor-intensive than DES, making it a good choice for software-based encryption.
- 3DES is considered the most trusted of symmetric encryption algorithms by virtue of how long it has been used, as well as its key length.
Don’t confuse the trustworthiness of an encryption algorithm with its strength. Although AES is considered cryptographically stronger than 3DES, it has only been a NIST standard since 2001 and an official U.S. government standard since May 2002, whereas 3DES has been tested in the field for more than 35 years and has not been found to possess any flaws. Brute force attacks are considered to be unfeasible against 3DES.
Cisco IPsec VPNs use the 168-bit 3DES implementation in the CBC block cipher mode.
If you use DES as a verb, 3DES has sometimes (and rather lazily) been described as producing ciphertext from cleartext that has been DES’d three times. Strictly speaking this is true, but it also implies that the cleartext is encrypted three times. This is incorrect. In fact, Figure 6.5 illustrates how 3DES operates. The numbering in the figure matches the following steps:
- The cleartext data is first encrypted with a 56-bit key creating ciphertext.
- This ciphertext is then decrypted (not encrypted!) with a second 56-bit key. Because the second key is always different than the first key, actual decryption doesn’t occur, so effectively the result is also ciphertext.
- The ciphertext from step 2 is again encrypted, either with a third different key or with the same one that was used in step
1
If three different keys are used, (K1, K2, and K3 in Figure 6.5), then the total key length is said to be 168 bits. If only two keys are used (that is, K1 and K3 are the same and K2 is different), then the total key length is said to be 112 bits. Cisco does not use 112-bit 3DES in its IPsec VPN implementation.
Surprisingly, if you use the three different keys, and all three steps encrypted in succession from the original cleartext, the composite key strength would be only 58 bits! The encrypt-decrypt-encrypt (EDE) process that 3DES uses is known as 3DES-EDE.
AES
It might take several years before AES is as trusted as 3DES, but it is considered a stronger algorithm. In 1997, NIST announced a competition that was open to the public, inviting them to submit a proposal for an encryption algorithm that would eventually replace DES. Of the fifteen proposed candidates, the Rijndael algorithm was chosen to become AES. Twofish and RC6 were two other candidates. Rijndael is a combination of the names of the inventors, Vincent Rijmen and Joan Daemen. The following are the main features of AES:
- AES uses a variable block length and variable key length. Blocks can be 128, 192, or 256 bits in length and encryption keys can be 128, 192, or 256 bits in length.
- AES is future-proof because both block and key lengths can be added to in 32-bit increments.
- AES is much faster than 3DES, making it ideal for software encryption.
- AES is specifically designed for efficient implementation in software or hardware on a number of processor platforms.
- AES is gaining trust in the security community because it has exhibited no known flaws in 10 years of review.
- AES is considered to be stronger than 3DES because it is faster and it allows 192- and 256-bit key lengths.
The default encryption algorithm on Cisco platforms remains 3DES, probably because of its maturity relative to AES.
AES is supported on the following Cisco platforms:
- Cisco IOS Software Release 12.2(13)T and later
- Cisco PIX Firewall Software Version 6.3 and later
- Cisco ASA Software Version 7.0 and later
- Cisco VPN 3000 Software Version 3.6 and later
SEAL
The Software Encryption Algorithm (SEAL) was first published in 1994. The current version, 3.0, was published in 1997.
The following are the main features of SEAL:
- SEAL is a stream cipher and is considered very fast.
- SEAL was first supported in IOS with Release 12.3(7)T.
- SEAL uses a 160-bit encryption key.
- SEAL is less processor-intensive than equivalent encryption algorithms.
Routers that have hardware-accelerated encryption do not support SEAL. Also, the VPN peers must support IPsec and have the K9 subsystem.
You can use the show version CLI command to confirm whether your version of IOS has the K9 subsystem required to run SEAL:
CiscoISR-A#show version Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 01-May-08 02:31 by prod_rel_team ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE CiscoISR-A uptime is 21 hours, 6 minutes System returned to ROM by power-on System restarted at 20:45:39 UTC Mon May 26 2008 System image file is “flash:c870-advipservicesk9-mz.124-15.T5.bin” Rivest Ciphers (RC)
These encryption algorithms are called Rivest Ciphers, as they were written by Ron Rivest of RSA fame. They are sometimes also called Ron’s Code. They are popular encryption algorithms because of their relative speed and variable keylength. The following are the main features of Rivest Ciphers:
- RC2. Block cipher that features a variable-length key.
- It was designed as a plug-in replacement for DES.
- RC4. Stream cipher that features a variable length key.
- RC4 uses the Vernam cipher, but is not considered a one-time pad (OTP) because it uses a pseudo-random key.
- RC4 Runs very quickly in software.
- RC4 is often used to secure real-time communications such as ecommerce sites that use SSL or SSL VPNs like Cisco’s SSL VPN solution. (See the example in Figure 6.6.)
- Wired Equivalent Privacy (WEP) is an example of how RC4 can be implemented poorly.
- RC5. Block cipher that features speed and a variable block size and a variable key length.
- RC6. Block cipher that lost out to Rijndael in the AES competition. Based on RC5.
Figure 6.6 illustrates a website certificate for a Cisco Content Engine CE-590 indicating a 128-bit RC4 encrypted SSL link.