Business owners are now facing security issues since several years and with intention to say good-bye to security issues, they now turned towards SSL (secure socket layer) online security for better protection of their website and thereby keeping interest of their visitors and customers. Hackers are now becomes smarter in past few years and invented many tricks to steal data of users that results in loss of thousands of dollars to business owners. Because of this havoc, NIST (National Institute of Standard and Technology) has started to look into this matter and update encryption algorithm from time to time to provide a secure environment to online industries.
Authentication
SSL is a protocol that encrypts the user information travelling between the user’s website and the company server with the help of a public key and private key. Third party certificate authorities generally issue SSL certificate. However, there is also a self-signed certificate, which is deemed illegal or invalid as the owner himself signs it. People always believe in third party certificate and trust them. With SSL, the web address turns into HTTPS instead of HTTP. The extra “S” shows the strength and reliability of a website ensuring that the site is secure with SSL certificate.
In current time, mainly three algorithm-based certificates are available to protect the online information like RSA, ECC, and DSA. These three algorithms provide a broader way to choose encryption options for dissimilar circumstances.
Encryption at Present
As NIST is timely updating algorithms to fight against online attacks, currently the length of RSA key is 2048-bit will be effective by the end of 2013. Before the update came from NIST, 1024-bit RSA key was being used to encrypt the information. SSL/TLS have ability to carry different algorithms that works best for business online presence and infrastructure. To provide better protection NIST has issued some guidelines for use of RSA, DSA, and ECC.
|
Security(Bits) |
Minimum size (bits) ofPublic Keys | Key SizeRatio | Protection From Attack | ||
|
DSA |
RSA |
ECC |
ECC to RSA/DSA |
||
|
80 |
1024 |
1024 |
160-233 |
1:6 |
Until 2010 |
|
112 |
2048 |
2048 |
224-255 |
1:9 |
Until 2030 |
|
128 |
3072 |
3072 |
256-383 |
1:12 |
Beyond 2031 |
|
192 |
7680 |
7680 |
384-511 |
1:20 |
|
|
256 |
15360 |
15360 |
512 + |
1:30 |
|
If we observe the above table, there is a substantial growth in DSA and RSA key than ECC algorithm. The longer key the more space and bandwidth it needs. When a longer key is in use, it requires more processor power and time to make keys, encryption, and decryption. As security demands grew, and use of smartphones continues to grow, there is an increasing need for a suppler encryption for business owners to meet with rising security demands. An increasing demand of Smartphones, tablets and other mobile devices are carrying more traffic over the web. However, it also brings a security challenge and to cope with it algorithm agility can offer a scalable solution.
New Algorithms at a Glance:
Below is an overview of different algorithms used in SSL/TLS certificate to provide a strong protection to online industries.
RSA (Rivest-Shamir-Adleman)
As the name suggests Ron Rivest, Adi Shamir, and Leonard Adleman developed this RSA algorithm, in 1977, which is the most common and most used algorithm in online industry. RSA algorithm works on private key and a public key used to encrypt and decrypt the information. In this process, private key never requires to be sent across the internet. The private key is used to decrypt the message that has been encrypted by public key. For instance, a user encrypts the message with public key to other user. The other user decrypts the message with a private key. For authentication of a user, you can use a private key to encrypt a digital signature. On receiving digital signature, user can decrypt it with public key. This authentication is required to identify the real user on the opposite side.
DSA (Digital Signature Algorithm)
NSA (National Security Agency), US developed DSA in 1991 as an alternative to RSA algorithm, carrying distinct algorithm system. The protection level offered by RSA and DSA is the same but works on different signing algorithm pattern and the detection of transmitted message. Digital signatures are generated and verified by DSA. Signatures are generated in combination with a private key while verification is always done through public key. Each signature combines private and public key.
ECC (Elliptic Curve Cryptography)
It is a public key encryption technique to make faster, smaller and efficient cryptographic keys. It is based on elliptic curve theory that uses 164-bit key compare to 1024-bit key used by RSA and DSA algorithm because it comes with lesser computing power and battery resource usage. According to Symantec RSA certificate has ability to hold 450 requests per second with an average response time of 150 milliseconds to the desktop. While In ECC it carries 75 milliseconds. It intends ECC cryptography has much enhanced response time when it goes through for servers to desktop. An elliptic curve is not an oval shape, but is acted as a tying line coming across two axes. In the above table, we can see it needs 3072-bit RSA and DSA keys for 128-bit security while in ECC it need key only between 256-383 with a key ratio of 1:12. It shows that it is more difficult for hackers to break ECC algorithm. A shorter ECC key is more difficult to break; on opposite side it is easy for a hacker to break RSA with shorter key.
Which one you choose?
Many business owners choose DSA and RSA, ECC and RSA, which make their business more secure and increase their security coverage. To choose the best algorithm your browser must support that algorithm. Below are some factors on which organization should choose the algorithm method.
The first factor is organization’s web standard, many organizations have web servers running on a single domain name using all three algorithms. On contrary, some web servers cannot afford multiple algorithms and use one certificate per web server. The internal tools, grading, and structural design for these services would need to be conceived.
Second is velocity of authentication between different algorithms. RSA is faster on the client side authentication while ECC is faster on server side authentication. RSA signatures can be verified rapidly than ECC. The use of algorithm is also depends on the type of transaction and it considers processing power of the device, storage, bandwidth and the treatment of algorithm adopted by customers and client. Servers can handle more connections with ECC than RSA at the same time.
Third is the distinctiveness of customers as RSA and ECC is mostly adopted by government agencies which also includes government contracts, information exchange, and sub contracts.
As a matter of fact
If we observe from the above knowledge, it is a fact that ECC is a new-fangled algorithm and RSA and DSA is an important security serve at their best in current time. On one side, Security demand is increasing, and hacker becomes more complicated and influential, but security measurements are also improving together with the threats. Symantec has started to configure ECC algorithm along with RSA and DSA. A new ECC algorithm will enhance website security as well provides a convenient and secure environment to users.
