Figure
shows
symmetrical encryption, which is also known as secret key encryption.
Symmetrical encryption is used for large volumes of data since asymmetrical
encryption is much more CPU intensive. The three encryption algorithms
available in the IOS include Digital Encryption Standard (DES), Triple DES
(3DES), and Advanced Encryption Standard (AES).
DES is one of the most
widely used standards. DES turns clear text into ciphertext through an
encryption algorithm. The decryption algorithm on the remote end restores clear
text from ciphertext. Keys enable the encryption and decryption. DES is the
most widely used symmetric encryption scheme today. It operates on 64-bit
message blocks. The algorithm uses a series of steps to transform 64-input bits
into 64-output bits. In the standard form, the algorithm uses 64-bit keys. 56
of these 64-bits, are chosen randomly. The remaining 8 bits are parity bits,
one for each 7-bit block of the 56-bit random value.
3DES is an
alternative to DES that preserves the existing investment in software but makes
a brute-force attack more difficult. 3DES takes a 64-bit block of data and
performs the operations of encrypt, decrypt, and encrypt. 3DES can use one,
two, or three different keys. The advantage of using one key is that 3DES with
one key is the same as standard DES for backward compatibility. However,
additional processing time is required with one key. Both the DES and 3DES
algorithms are in the public domain and freely available. The US Government
restricts export of 3DES technology and many other goverments restrict
encryption technology within their own boundraries so they may monitor
communications.
AES is a newer encryption algorithm. It currently
specifies keys with a length of 128, 192, or 256 bits to encrypt blocks with a
length of 128, 192, or 256 bits. All nine combinations of key length and block
length are possible. AES is now available in the latest Cisco router images
that have IPSec DES/3DES functionality.
The most important feature of a
cryptographic algorithm is its security against being compromised. The security
of a cryptosystem, or the degree of difficulty for an attacker to determine the
contents of the ciphertext, is a function of a few variables. In most
protocols, the cornerstone to security lies in the secrecy of the key used to
encrypt data. Symmetric encryption algorithms are built so that it is extremely
difficult for anyone to determine the clear text without having this key. In
any cryptosystem, great lengths are taken to protect the secrecy of the
encryption key.