What exactly is Advanced Encryption Standard (AES)?
The Advanced Encryption Standard (AES) is a universal standard for encrypting many types of electronic data. AES replaced the Data Encryption Standard (DES), a 56-bit encryption algorithm developed in the 1970s. DES became too easy to break with the increasing computing power of modern computers and was found insecure for most modern applications due to its short key length of 56 bits.
The process for choosing a new encryption standard, which would protect sensitive data held by the government including material classified as “Top Secret,” began with an open competition held by the National Institute of Standards and Technology (NIST). The competition format ensured the highest level of scrutiny possible, with international cryptographic experts subjecting the submitted algorithms to every available decryption process. The goal, according to NIST, was to make sure that the algorithm chosen as the AES would be, “capable of protecting sensitive government information well into the next century.”
Teams from universities and private industry around the globe entered cryptographic algorithms into the competition, with the winner being the Rijndael algorithm, created by two Belgian cryptographers, Vincent Rijmen and Joan Daemen. It was chosen “because it had the best combination of security, performance, efficiency, and flexibility.”
How does Advanced Encryption Standard work?
The AES algorithm is a block cipher that uses 128-bit block lengths with three variations in key length: 128-bit (AES-128), 192-bit (AES-192), and 256-bit (AES-256). The data to be sent is encrypted using a substitution permutation network, which means the data is first broken into blocks (of 128 bits in AES), in 4×4 rows, with each byte being substituted for a new one in line with the encryption key.
In Advanced Encryption Standard, the process goes through several rounds:
- Key Adding: The encryption key is added to the data, fusing them together.
- Substitution: Each byte of the cipher block is substituted for a new one, according to the cipher schedule.
- Row Shifting: The rows of bytes shift around to different positions.
- Column Mixing: The columns of bytes are further complicated through mathematical equations.
Depending on the strength of the AES key being used, the encryption process goes through 10, 12, or 14 rounds of substitution, shifting, mixing, and adding. With each round, the relationship between the cryptographic key and the data is made even more complex, which makes it virtually impossible to identify patterns and structures in the data which could be used to break the cipher.
The sender and receiver must both know what the encryption key is in order for the scrambled data to become readable.
What are the common uses of AES?
AES soon became the default encryption algorithm for protecting classified information, as well as the first publicly accessible and open cipher approved by the NSA for top secret information. After the US government adopted AES, its popularity grew quickly. It is currently the most widely used encryption method in the world. One academic estimate suggests that AES protects over half of the data in the world. It is found in a huge variety of hardware, software, and data transmission infrastructure and is used by everyone from Apple to NASA.
Most commonly, people will come into contact with Advanced Encryption Standard when online and browsing the internet. For example, WiFi routers use an AES/WPA2 protocol to encrypt the data that they send and receive. Websites using HTTPS connections include an AES layer to improve on the security of standard HTTP connections. When you log into Netflix, read a news site, or access your bank account online, AES is involved in keeping your information safe from would-be attackers.
Vulnerabilities of advanced encryption standard
Since AES is used so widely, it has also become a lightning rod for cybercriminals and state-sponsored attacks. While there have been some examples of AES-128 being breached by brute force (that is, trying every computation to crack the encryption), this requires an incredible amount of computing power. And the strongest encryption variant, AES-256, has 2 to the power of 256 possible key combinations (a number 78 digits long), making it virtually impossible to crack with brute force.
Given the difficulty of breaking Advanced Encryption Standard with brute force methods, hackers have found other ways to access encrypted data. These attacks focus on stealing the encryption key rather than breaking the code. It doesn’t matter how strong an encryption method is—once the wrong person has the key, they have full access.
Sometimes keys are insecurely stored within an application and program and attackers use reverse engineering techniques to find and steal them. Encryption keys are also often exposed when a program or application is running and using that key. Hackers can then use dynamic analysis methods on compromised devices to access the encryption key.
The most insidious type of attacks, however, are side-channel attacks where hackers use a variety of analysis techniques to identify what is being done on a device and either uncover the encryption key or reduce the variables necessary for a brute force attack.
Some examples of side-channel attacks are:
- Differential Fault Analysis: Hackers inject faults into code to manipulate it and see how it performs. They then measure results to try and obtain the cryptographic key.
- Correlation Power Analysis: By correlating power usage and data, hackers can identify the cryptographic key being used.
- Timing Analysis: By measuring how long an iteration takes to execute, hackers can minimize the range of possible values for a key’s bits.
- Electromagnetic Radiation Analysis: While a device is running cryptographic functions, it emits electromagnetic radiation, which can be analyzed to derive signals about encryption keys.
- Speculative Execution Attacks: These are a class of attacks that take advantage of security flaws in how CPUs perform certain tasks before they are actually needed, allowing attackers to grab secret information from data buffers exchanged between the processor and other hardware components.
The importance of key management & security
An encryption method, even one as strong as Advanced Encryption Standard, is only as strong as the protection of its secret keys. Therefore, key management and security are vital for keeping sensitive encrypted data safe. Public and private organizations, as well as individuals, should always employ best practices with regards to password usage and security to prevent unauthorized access to secure systems. This can be complemented with other factors such as firewalls or multifactor authentication.
When applications or programs are “in the wild,” outside of an organization’s secure environment, they need to be equipped with protection that ensures the security of their cryptographic keys. One of the most effective methods of key protection is whitebox cryptography. As an industry leader in cyber security and data protection, Intertrust offers one of the most secure whitebox cryptographic libraries available, whiteCryption Secure Key Box.
To find out more about how whiteCryption Secure Key Box is protecting Advanced Encryption Standard crypto keys from attacks, get in touch with our team today.
About Juris Olekss
A seasoned security professional, Juris has spent more than 17 years in the IT and security industries, with the majority dedicated to software security. Juris currently serves as a Senior Technical Writer for Intertrust’s whiteCryption application shielding solutions.