Encryption Algorithms

Many encryption algorithms are commonly used to protect data. Of these, most can be categorized as symmetric or asymmetric key algorithmstwo very different approaches to encryption.

Shared Key: Symmetric

A shared key, or symmetric key, is an encryption method that uses the same key value for both encryption and decryption. Its use assumes that everyone involved has had time in advance to securely exchange a secret key that no one else knows. This key value is then used to encrypt information that is exchanged. This means of encryption can be fast because the mathematics needed to create ciphertext from a shared secret key does not have to be as complex as the type used with asymmetric algorithms. The main disadvantage to the symmetric algorithm is that it is difficult to remotely exchange keys or start a symmetric exchange with an unknown party and authenticate that person is who he says he is. How can you give a remote party your key if he doesn't already have it? You would need to have a secure channel to pass the key. Because you most likely don't have such a channel (otherwise you wouldn't need to pass the key), you are in the middle of a catch-22. With a symmetric algorithm, we have established confidentiality of data as long as the key remains secret, and we have some basic key-exchange issues.

Many symmetric encryption algorithms are available for use today, including Data Encryption Standard (DES), 3DES, Advanced Encryption Standard (AES), Rijndael, Blowfish, and International Data Encryption Algorithm (IDEA). Of these, DES, 3DES, and AES are the most commonly used encryption algorithms in today's VPNs. DES was an encryption standard set by the National Institute of Standards and Technology (NIST) in 1977. DES, a symmetric algorithm with a 56-bit key, seemed unbreakable with the technology of the time. However, as time has passed and processing power has multiplied, DES has been proven breakable many times.

Does this mean that DES is not a suitable algorithm to use for your VPN? Maybe. You have to weigh the value of your data against the price paid to retrieve it. No one wants his payroll posted on a billboard, but by the same token, it is unlikely that you will install a walk-in vault to protect it from interlopers. (If you would, don't use DES.) Some businesses that are exchanging standard transactions that have no real value to outside parties are effectively using DES as their VPN algorithm because DES is less resource and bandwidth intensive than the stronger alternatives. If you operate a financial institution or you have top-secret information that you are exchanging, don't use DES.

As an interim solution to the vulnerability of DES, 3DES has become popular. Most popularly used with three 56-bit keys for a total of a 168-bit key strength, 3DES provides considerably more protection. Even so, with the breaking of DES, a call went out for a new Advanced Encryption Standard (AES). The winner was Rijndael, an algorithm made by Vincent Rijmen and Joan Daemen, two highly respected Belgian cryptographers. Although AES is considered stronger than 3DES, it has taken considerable time for VPN vendors to add AES support to their products. 3DES is still a fine solution for most secure implementations today, but many organizations are moving to AES as it becomes available in their VPN products.

Symmetric algorithms are important to VPNs because they supply the confidentiality component that the VPN supplies. They work well to protect the heavy burden of the VPN's data flow because of their speed-per-strength advantage over other encryption algorithm types.

PublicPrivate Key: Asymmetric

Asymmetric key algorithms use a different method of encryption. Two different keys are used: a public key and a private key. The public key is used to encrypt the ciphertext, and the private key is used to decode it back to cleartext. The interesting thing about this process is the relationship between these two keys. The public key cannot be used to reverse-engineer the private key. Therefore, although ciphertext can be generated by anyone with a copy of the public key, only the person who possesses the private key can decrypt it. For this reason, the mathematics behind asymmetric algorithms are considerably more complex than those used in symmetric algorithms. In turn, asymmetric algorithms are also much slower and more processor intensive.

We still haven't resolved the issue of how to start an encrypted communication session with someone whom you haven't previously been able to exchange keys with. Because the public key cannot compromise the ciphertext, it can be freely distributed. This does not guarantee, however, that the message is coming from the person it claims to be. Despite still lacking guaranteed authentication, integrity, and nonrepudiation, we still have confidentiality of our data and no more key exchange issues.

One popular example of asymmetric key encryption is Pretty Good Privacy (PGP). PGP is a means to exchange information securely with persons whom you might not ever have met face to face. It uses publicly dispersible keys (in coordination with private keys) and even has specific key servers set up for the distribution of these public keys. This way, if the person with whom you are exchanging information has "posted" his public key on a key server, you can search for it by the person's email address or name. Then the communication can begin. Posting public keys to a key server is not a necessary part of the process; keys can just be emailed back and forth.

The two most commonly used asymmetric algorithms are Diffie-Hellman and RSA's public-key algorithm. Diffie-Hellman is used heavily in VPN technology, as a part of the Oakley key exchange protocol. It and Internet Security Association Key Management Protocol (ISAKMP) make up the standard negotiation and key-management option of IPSec, called the Internet Key Exchange (IKE) protocol. Whitfield Diffie and Martin Hellman created Diffie-Hellman in 1976. It was the first of the public key algorithms.¹

Diffie-Hellman is most commonly used in VPNs as a means to exchange information to set up a symmetric algorithm tunnel using a protocol such as DES or 3DES. The advantages of public-key cryptography are used to allow the creation of an outside connection without previous knowledge. This connection is used to pass the vital symmetric-key information and configuration data that cannot be securely transferred otherwise. Then the symmetric algorithm communication can begin. When using the Diffie-Hellman algorithm in conjunction with a VPN, you have to choose the group type that will be used: group 1 or group 2. The differences between the groups include the size of the prime number that is used (768 bit for group 1 and 1024 bit for group 2) and the length of the prime modulus in 32-bit words (24 for group 1 and 32 for group 2). Group 2 provides more security but takes more processing power to implement.

Although asymmetric algorithms are too slow to be practical as a means to encrypt the main data flow transmitted via the VPN, they are an effective way to exchange key information in the negotiation and key exchange phase of VPN initialization. Because symmetric algorithms have key-exchange woes and faster encryption speeds, asymmetric and symmetric algorithms make an excellent pair. By using asymmetric algorithms to exchange keys to be used for a symmetric connection, you have removed your key exchange issues, while benefiting from the speed advantage of the symmetric algorithm.

Digital Signatures and Hash Algorithms

Digital signatures and hash functions are the missing pieces in our secure communication method. They help provide integrity of data, additional authentication, and nonrepudiation. Digital signatures are meant to prove that a piece of information came from a certain individual or entity. This authentication is accomplished with encryption. If you receive a message that was encrypted with a key that only one other person has, then it is most likely from that person.

However, a symmetric key does not function well in this model because you have all the same key-management issues that occur with standard symmetric key transactions. For this reason, asymmetric encryption has become a popular means to integrate digital signature capability. You can encrypt a document with your private key, and the person to whom you are sending the document can decrypt it with your public key, proving (because you are the only individual with your private key) that the message was from you. Therefore, we have nonrepudiation and integrity checking because any changes in the encrypted text result in jumbled output. However, we lack true confidentiality because anyone with our public key can decrypt the message. The biggest disadvantage of this as a signing method is the sluggishness of asymmetric encryption. A signature should be able to be retrieved in a timely fashion; otherwise, it loses its practicality. Also, anyone with your public key can read the document, so the document loses its confidentiality unless you then encrypt it a second time, adding even more time to the whole process. Wouldn't it be nice to have a means to ensure integrity, authentication, and nonrepudiation and not have the speed disadvantage of asymmetrically encrypting an entire message?

Enter the hash algorithm. Hash algorithms are used to create a "fingerprint" of a piece of information or file. You can use this fingerprint, called a hash or message digest, to verify that the file has not been changed. If the file changes, so will its hash. This helps guarantee the integrity of the information without having to verify the entire file, bit by bit. With a one-way hash, it is difficult to reverse-engineer the original source information, or find or create information that can produce the same hash. People are confused about how one-way hashes can be verified. If these hashes can't be reversed, how do you know that they correctly represent the original information? The answer is deceptively simple. You take the document for which you are verifying integrity and create a second hash using the same algorithm. You then compare the hashes. If the documents are the same, the hashes will be the same as well. Also, because a one-way hash function is being used, it is unlikely that you just happened upon a document that produced the same hash.

Two of the more popular hash algorithms are Message Digest 5 (MD5) and Secure Hash Algorithm (SHA-1). SHA-1 is the more secure hash algorithm of the two, but it is slower than MD5. In most practical applications, it is okay to use either, unless your security policy dictates the use of the more secure SHA-1. Both algorithms are available and commonly used in VPN setups for integrity checking of information.

Understanding the basics of cryptography is essential for designing, implementing, and maintaining VPN solutions. The use of speedy symmetric encryption algorithms keep data flows confidential, and asymmetric algorithms allow for easy key exchange. Hash algorithms ensure integrity with digital signatures, which provide authentication and ensure nonrepudiation. Combine these technologies and you ensure the three goals of a secure communication channelconfidentiality, integrity, and authenticationcan be successfully established.