Asymmetric Encryption

Asymmetric algorithms (also sometimes called public-key algorithms) are designed in such a way that the key used for encryption is different from the key used for decryption, as shown in Figure 24-3. The decryption key cannot (at least in any reasonable amount of time) be calculated from the encryption key and vice versa.

Figure 24-3. Asymmetric (Public Key) Encryption

The main feature of asymmetric encryption algorithms is that the encryption key (often called the public key) does not have to be secret; it can be published freely and anyone can use this key to encrypt data. The corresponding decryption key (often called the private key) is known only to a single entity that can decrypt data encrypted with the encryption key. Therefore, when you need to send an encrypted message to someone else, you first obtain the public (encryption) key of the other person and transform the message with it. Only the recipient knows the private (decryption) key and can, therefore, decrypt the message.

Asymmetric algorithms are relatively slow (up to 1000 times slower than symmetric algorithms). Their design is based on computational problems, such as factoring extremely large numbers or computing discrete logarithms of extremely large numbers.

The best-known asymmetric cryptographic algorithms are the Rivest, Shamir, and Adleman (RSA); ElGamal; and elliptic curve algorithms. RSA is recommended because it is widely trusted for its resistance against attacks and well-known internals. Because of their lack of speed, asymmetric encryption algorithms are usually used to protect small quantities of data (such as digital signatures or key exchange). Key exchange allows you to use the slower, more secure asymmetric algorithm to protect the exchange of a faster symmetric key algorithm over a public network, such as the Internet.

Key management tends to be simpler compared to symmetric (secret key) algorithms. As stated earlier, with asymmetric encryption, each device has a pair of keys (public and private). The public key of each device has to be publicly available (known by all other devices) to allow a full mesh of encrypted communication, whereas with symmetric encryption different symmetric keys have to be safely distributed for each combination of two peers. Asymmetric keys are usually used for a longer time (months to years).

Symmetric Encryption Example: RSA

Ronald L. Rivest, Adi Shamir, and Leonard M Adleman invented the RSA algorithm in 1977. It was a patented public-key algorithm, and its patent expired in September 2000, putting the algorithm in the public domain. Of all the public-key algorithms proposed over the years, RSA is still the most strongly preferred.

RSA has withstood years of extensive cryptoanalysis, and although analysis has neither proven nor disproven the security of the RSA algorithm, it does suggest a justifiable confidence. The security of RSA is based on the difficulty of factoring very large numbers, that is, breaking them into multiplicative factors. If an easy method of factoring these large numbers were discovered, the effectiveness of RSA would be destroyed (and, as a side effect, mathematics might take a huge leap). RSA keys are usually 1024 to 2048 bits long.

RSA, like all asymmetric encryption algorithms, can be used in two different ways:

  • Confidentiality The sender encrypts the data with the public key of the receiver. This guarantees that only the receiver can decrypt the data.
  • Authenticity of digital signatures The sender uses its private key to sign (encrypt) the data. Such a signature can be verified by everybody because only the public key is needed to verify (decrypt) the signature.

RSA is used for device authentication (IP phone to Cisco CallManager and vice versa) in Cisco IP telephony.

Part I: Cisco CallManager Fundamentals

Introduction to Cisco Unified Communications and Cisco Unified CallManager

Cisco Unified CallManager Clustering and Deployment Options

Cisco Unified CallManager Installation and Upgrades

Part II: IPT Devices and Users

Cisco IP Phones and Other User Devices

Configuring Cisco Unified CallManager to Support IP Phones

Cisco IP Telephony Users

Cisco Bulk Administration Tool

Part III: IPT Network Integration and Route Plan

Cisco Catalyst Switches

Configuring Cisco Gateways and Trunks

Cisco Unified CallManager Route Plan Basics

Cisco Unified CallManager Advanced Route Plans

Configuring Hunt Groups and Call Coverage

Implementing Telephony Call Restrictions and Control

Implementing Multiple-Site Deployments

Part IV: VoIP Features

Media Resources

Configuring User Features, Part 1

Configuring User Features, Part 2

Configuring Cisco Unified CallManager Attendant Console

Configuring Cisco IP Manager Assistant

Part V: IPT Security

Securing the Windows Operating System

Securing Cisco Unified CallManager Administration

Preventing Toll Fraud

Hardening the IP Phone

Understanding Cryptographic Fundamentals

Understanding the Public Key Infrastructure

Understanding Cisco IP Telephony Authentication and Encryption Fundamentals

Configuring Cisco IP Telephony Authentication and Encryption

Part VI: IP Video

Introducing IP Video Telephony

Configuring Cisco VT Advantage

Part VII: IPT Management

Introducing Database Tools and Cisco Unified CallManager Serviceability

Monitoring Performance

Configuring Alarms and Traces

Configuring CAR

Using Additional Management and Monitoring Tools

Part VIII: Appendix

Appendix A. Answers to Review Questions


Authorized Self-Study Guide Cisco IP Telephony (CIPT)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
ISBN: 158705261X
EAN: 2147483647
Year: 2004
Pages: 329 © 2008-2020.
If you may any questions please contact us: