What is symmetric key cryptography?
A cryptographic operation in which the sender and receiver share a single known key that is used to both encrypt and decrypt data. With symmetric key cryptography there is an increased need to provide a higher level of key security since the same key is used by both parties to encrypt and decrypt the data exchanged. That key security must be maintained at an equal level by both parties to ensure key secrecy. Compared to asymmetric cryptography (aka public-key cryptography) where the sender and receiver use their own key pairs to encrypt and decrypt data that is exchanged and neither party has access to the others private key therefore security of the private key is maintained independently.
So if there is increased risk why use symmetric key cryptography?
- The number one reason why a symmetric key would be used over an asymmetric key for data encryption is speed. Symmetric key encryption and decryption is done quicker and with less processing power.
- Because it’s built in. Many vendors use symmetric key technology within their products to protect sensitive data and operations. The keys always remain local and there is no need for an entity to exchange or move those keys.
So what is the risk associate with symmetric key cryptography?
- Symmetric keys never expire so rotation dates must be tracked manually. For compliance purposes this requires extensive logging and auditing of the entire key lifecycle.
- The two parties involved must somehow securely exchange the key. Once exchanged both parties must maintain equivalent levels of security.
- Symmetric keys live forever. If a key is compromised there is no way to recall it, all data must be decrypted and re-encrypted using a new key.
If both parties have to use the same key, they how are they exchanged securely?
One way that symmetric keys are exchanged between relaying parties is via custodians.
- Custodian 1 of the sending entity retrieves a component of the key from the HSM
- Custodian 2 of the sending entity retrieves a component of the key from the HSM
- Custodian 1 secures the component and mails it the receiving entity
- Custodian 2 secures the component and mails it the receiving entity
- Custodian 1 of the receiving entity enters the component that was mailed into the HSM
- Custodian 2 of the receiving entity enters the component that was mailed into the HSM
- Once both components are entered into the HSM they are formed into a key that can then be used to encrypt and decrypt data.
Another way that symmetric keys are exchanged is via a wrapping key. Asymmetric keys can be used as a wrapping key in the exchange of a symmetric key. In this case the HSM would use an asymmetric key to wrap the symmetric key to create a keystore. Once that keystore is created the symmetric key can safely leave the confines of the HSM. Here is an example of a symmetric key exchange using a wrapping key:
- The custodian of the sending entity instructs the HSM to wrap the symmetric key in a keystore that can be exported from the HSM
- The custodian attaches the keystore to an email which is sent to the receiving entity
- The custodian of the receiving entity move the keystore that was emailed into the HSM
- After the keystore is secured in the HSM it is unwrapped to reveal the symmetric key that can then be used to encrypt and decrypt data.