Describe one situation where it is most appropriate to use symmetric encryption and one situation where it is most appropriate to use asymmetric encryption. Justify your choices.
In response to your peers, select one of the situations described by a peer and think about a way that you could increase the overall security measures of the situation. Use a systems thinking approach, and think outside of the box!
To complete this assignment, review the Discussion Rubric.
RESPONSE ONE
A situation where symmetric encryption would be appropriate would be securing data backups. Leveraging Advanced Encryption Standard (AES) algorithms to secure data-at-rest would give more benefit than using asymmetric encryption. Modern CPU’s have AES acceleration which allows you to preform AES operations much faster than others. These accelerators makes using AES more attractive for things requiring speed.
I have used asymmetric encryption where you need additional features with encryption such as authentication or when you can not deliver a symmetric key securely. An example of this is Public Key Infrastructure (PKI). With PKI each entity has a private and public key, the public keys are published to a database that can be looked up easily. If Bob wants to send a secret message to Alice, Bob would look up Alice’s public key and encrypt the message. Once encrypted with Alice’s public key, she will send it to Bob. Only Bob’s private key can decrypt the message. Bob could also post a message publicly with a encrypted hash of the message. Any one who wants to authenticate that Bob’s private key was the one what created the signature could use his public key to do so.
RESPONSE TWO
One situation where symmetric encryption is appropriate is protecting a sensitive document stored locally on your computer, such as spreadsheet containing personally identifiable information (PII). In this case, using a file encryption tool (like WinZip or WinRAR) that relies on symmetric encryption makes sense because it is efficient and fast. The file is encrypted with a key (a password). That key is also used for decryption. Symmetric encryption makes a lot of sense in situations where one person is doing the encrypting and decrypting because there is a single key.
Sending emails securely is an ideal scenario for using asymmetric encryption. A common practice today is that users in an organization are issued public and private keys which allows asymmetric encryption. If I want to send an email to a coworker, I use his or her public key to encrypt the message. Since only the recipient’s private key can decrypt that message, I can be confident that no one else can read the message. The encrypted message would be useless to an attacker who does not possess the private key. In this same scenario, asymmetric encryption allows for digital signatures which verify that a message comes from the digital signer. They also encrypt a files hash with a private key, guaranteeing integrity (Badman & Kosinski, 2024).