Free Description of Symmetric and Asymmetric Encryption Essay Sample
When using the Symmetric and Asymmetric algorithms for encryption and decryption, the main difference between the two lies in the security standard for decryption, determined by the number of keys used. Symmetric Algorithms consists of a single key for both encryption and decryption. On the other hand, the Asymmetric model is such that there is a pair of keys; one would be for encryption, and the other for decryption. In light of that, it goes to logic that the more secure model would be the asymmetric model, where the decryption key is called the ‘private key’ and the encryption key is the ‘public key’ (Garloff, 2000). The public key can be sent to anyone, without danger of the information being decrypted, and the private key is kept solely by the owner; in this case, the ABC Institute.
In this case, the ABC Institute will have the ‘private key’ and XYZ Inc. is the trust anchor that is represented through a ‘public key’. Hence the XYZ Inc. becomes the Root Certification Authority, the trust anchor for the ABC Institute. This assigning of the public key to the XYZ Inc. creates a level of trust between the two institutions, and XYZ Inc. becomes the top-most certification authority (incase other certificate authorities were to be assigned). Various certificate paths maybe constructed between any candidate and the trust anchor, which are then validated by the root certification authority (Lloyd, 2002).
The main advantage of the Asymmetric trust model is that the ‘private key’ is kept completely confidential, and will be kept in the hands of ABC Institute. Only they will be able to decrypt any encrypted message or data sent their way. This proves better than a system where the only key may be compromised and offsets the security of the whole structure. The recommended asymmetric trust model entails that every party would trust in a different and personally customized structure that is an adversary (Damg˚ard, 2011).
Also, this model creates a two-way domain trust, where ABC Institute trusts and relies on XYZ Inc. and vice versa. This domain trust is as such, that any message encrypted using the public key can only be decrypted using the matching private key, and any message encrypted by using a private key and be only decrypted by using a matching public key (Description of Symmetric and Asymmetric Encryption, 2007).
A reasonable risk here, of course, is the threat where the private key needs to be sent over the Internet and may end up in the wrong hands. Once that happens, the message will be compromised and the data can be encrypted and used by anyone (Description of Symmetric and Asymmetric Encryption, 2007).
In the general sense, when considering security protocols, three things need to be validated. These are mainly integrity, secrecy and authenticity. If any of these are missing from the structure or are compromised then the structure falls apart. This is where establishment and validation of certificate path comes in (Lloyd, 2002). When building the certificate paths there are several validation procedures that should be taken into consideration, including name constraints and the certificate itself. Through this validation process, the certificates that fail to meet the subset criteria as part of the plan are discarded. The root certification authority only permits the usage of those paths and certificates that are validated.