How Asymmetric Algorithm works

Asymmetric Algorithms are algorithms which are used to encrypt data that is needed to be transmitted from one PC to another over a network. These algorithms are used in "Asymmetric Cryptography" or "Public Key Cryptography".
Asymmetric Algorithms uses a Public key to encrypt the data(Plain text) before sending, and a Private key to decrypt it by the Receiver.

Scenario

There are 3 components taking part in this Scenario

The objective in this scenario that if the User requests for a Web-page/Web service through the internet from a Server, the Server in turn should reply to the request of the User and then the User uses this service where transmission of (private)data can get involved.

So is the reply/request communications between the user and the server secure enough, can any third party unauthorized person gain access to these data while transmission and spy/change/corrupt these data.

Real life Example with the problems faced

"You request to check your bank account balance online, so you request the server for the login page for your bank account, then once the page is loaded in the browser you enter your bank details in-order to login, these details will be sent back to the server and will be checked whether the details are valid, if valid it will reply back to the user with the details of his account accordingly".

Problem:
What if someone intercepted your communication with the bank server and steal your login details or change your bank accounts configurations or settings.
What if the request or the reply that is coming to the server or the user is not exactly from that particular source.

Solution:
Public key(Asymmetric) crypto-systems/algorithms and Digital Certificates can be used to minimize the above problem by providing a secure transmission of data.
The most widely used crypto-system is RSA (Rivest–Shamir–Adleman) and the below topics will be Related to RSA.

How Asymmetric Algorithms can help to minimize these Issues

The transmission of data occurs between 2 parties(Client and Server), so our objective is to ensure that the data comes from the right source and reaches the right receiver, and, no third-party persons can access the data(only receiver can access it).

The following is the procedure of a simple data transmission between a client and a server,

1. The client will generate 2 keys, namely, its Private Key and Public Key.


2. The Server will also generate a Private Key and a Public Key.


• Public Key and the Private Key of a single party has a mathematical relationship between them.
• Public Keys can only be used to Encrypt data(Plain text), and is available to the public.
• Private keys can only be used to Decrypt data(Cipher text), and is only known to the person who generated it.



The client will send its Public key to the Server from which he is requesting service/data/message from.





The server encrypts the required data using the Public key that was sent by the Client and is sent back to the Client.



The Client uses his Private Key to decrypt the message and read it.

"The vice versa happens when the Server starts a communication with a Client."

The above methods minimizes the problem of viewing or spying the communication between a Client and a server. But, another problem that arises is how the server and the client can authenticate each other while communication.

It is solved by the use of Digital Certificates.

Digital Certificates

A Digital Certificate is a set of information which uniquely identifies a Clients and Servers.
It contains information(Credentials) about a particular server or client, so that it solves the problem of identifying whether the correct client communicate with the correct Server.

The Digital Certificate is sent along with the Public at the first place in order to authenticate the establishment of communication.

Pros and Cons of Asymmetric Cryptography

Pros:

• Private key is not transmitted but will be kept only by the person who generated it, therefore more secure.
• Public key is available for the public, it wont be an issue because Public keys are only used for Encrypting messages.
• Digital Signatures can detect whether the message has been altered during transmission.

Cons:

• Asymmetric Cryptography is Slower in Comparison to other algorithms that exist today.

Symmetric vs Asymmetric CryptoSystems

• Symmetric cryptography is an old technique.
• Symmetric cryptography uses the same key to encrypt and decrypt a message, which could be a security issue, because since the key can be stolen by anyone and access the message.
• Asymmetric cryptography uses a Public key to encrypt which is okay even if the public key was known to others, and a Private Key which is only known to that particular client or Server.
• If a third party get to know the key of a Symmetric cryptosystem communication, each an every person with whom the key was shared,(both Client & Server/Sender & Receiver) should be made known of a new Key. But, in an Asymmetric cryptosystem, if the key gets known, only that particular party's public/private Key combination should be changed.

Conclusion

Different Types of Communication requires different kind of algorithms to encrypt it depending on the size of data.
Hackers get tougher and tougher day by day and find out new methods to hack into these existing algorithms, thus we cannot depend on a particular algorithm for a long time, therefore better and secured algorithms needs to be introduced with time.