What is AES and how does it work
AES, or Advanced Encryption Standards, is a cryptographic cipher that is responsible for a large amount of the information security that you enjoy on a daily basis.
Applied by everyone from the NSA to Microsoft to Apple, AES is one of the most important cryptographic algorithms being used in 2018.
What exactly is AES? How does it work? And can non-techie people like you and me apply it to be more secure in our daily lives?
Thats exactly what we will be discussing in this guide.
AES or Advanced Encryption Standards (also known as Rijndael) is one of the most widely used methods for encrypting and decrypting sensitive information in 2017.
This encryption method uses what is known as a block cipher algorithm (which I will explain later) to ensure that data can be stored securely.
And while I will dive into the technical nuances and plenty of fun cryptography jargon in a moment, in order to fully appreciate AES we must first backtrack for a brief history lesson.
Before diving into AES in all of its encrypted glory, I want to discuss how AES achieved standardization and briefly talk about its predecessor DES or Data Encryption Standards.
Basing their development on a prototype algorithm designed by Horst Feistel, IBM developed the initial DES algorithm in the early 1970s.
The encryption was then submitted to the National Bureau of Standards who, in a later collaboration with the NSA, modified the original algorithm and later published it as a Federal Information Processing Standard in 1977.
DES became the standard algorithm used by the United States government for over two decades, until, in January of 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in under 24 hours.
They successfully concluded their efforts after only 22 hours and 15 minutes, bringing the algorithms weakness into the spotlight for all to see.
Over 5-years, the National Institute of Standards and Technology stringently evaluated cipher designs from 15 competing parties including, MARS from IBM, RC6 from RSA Security, Serpent, Twofish, and Rijndael, among many others.
Their decision was not made lightly, and throughout the 5-year process, the entire cryptographic community banded together to execute detailed tests, discussions, and mock attacks in order to find potential weaknesses and vulnerabilities that could compromise each ciphers security.
While the strength of the competing ciphers was obviously of paramount importance, it was not the only factor assessed by the various panels. Speed, versatility, and computational requirements were also reviewed as the government needed an encryption that was easy to implement, reliable, and fast.
And while there were many other algorithms that performed admirably (in fact many of them are still widely used today), the Rijndael cipher ultimately took home the trophy and was declared a federal standard.
Upon its victory, the Rijndael cipher, designed by two Belgian cryptographers (Joan Daemen and Vincent Rijmen) was renamed Advanced Encryption Standard.
But this ciphers success didnt end with its standardization.
In fact, after the standardization of AES, the cipher continued to rise through the ranks, and in 2003 it was deemed suitable by the NSA for guarding Top Secret Information.
So why exactly am I telling you all of this?
Well, in recent years, AES has been the subject of much controversy as many cryptographers and hackers questions its suitability for continued use. And while I am not posing as an industry expert, I want you to understand the process required to develop the algorithm and the tremendous amount of confidence that even the most secretive agencies place in the Rijndael cipher.
Before I dive into some of the more technical details about how AES works, lets first discuss how its being used in 2017.
It should be noted that AES is free for any public, private, commercial, or non-commercial use. (Although you should proceed with caution when implementing AES in software since the algorithm was designed on a big-endian system and the majority of personal computers run on little-endian systems.)
If any of you have ever downloaded a file off the internet and then gone to open that file only to notice that the file was compressed, (meaning that the original file size was reduced to minimize its affect on your hard drive) then you have likely installed software that relies on an AES encryption.
Common compression tools like WinZip, 7 Zip, and RAR allow you to compress and then decompress files in order to optimize storage space, and nearly all of them use AES to ensure file security.
If youre already familiar with the concept of cryptography and have taken extra measures to ensure the security of your personal data, the disk/partition encryption software that you use likely uses an AES algorithm.
BitLocker, FileVault, and CipherShed are all encryption software that run on AES to keep your information private.
The AES algorithm is also commonly applied to VPNs, or Virtual Private Networks.
For those of you who are unfamiliar with the term, a VPN is a tool that allows you to use a public internet connection in order to connect to a more secure network.
VPNs work by creating a tunnel between your public network connection and an encrypted network on a server operated by the VPN provider.
For example, if you regularly do work from your local coffee shop, you are probably aware that the public connection is incredibly insecure and leaves you vulnerable to all types of hacking.
With a VPN, you can easily solve this problem by connecting to a private network that will mask your online activities and keep your data secure.
Or, lets say that you are traveling to a country with stringent censorship laws and you notice that all of your favorite sites are restricted.
Once again, with a simple VPN setup, you can quickly regain access to these websites by connecting to a private network in your home country.
It should be noted, however, that not all VPNs are created equally.
While the best VPNs (likeExpressVPNand NordVPN) rely on an AES-256 encryption, there are a number of outdated services that still rely on PPTP and Blowfish (a long since obsolete 64-bit encryption), so be sure to do your research before selecting a provider.
In addition to the above applications, AES is used in a plethora of different softwareand applications with which you are undoubtedly familiar.
If you use any sort of master password tools like LastPass or 1Password, then you have been privy to the benefits of 256-bit AES encryption.
Have you ever played Grand Theft Auto? Well, the folks over at Rockstar developed a game engine that uses AES in order to prevent multiplayer hacking.
Oh, and lets not forget, any of you who like to send messages over WhatsApp or Facebook Messenger You guessed it! AES in action.
Hopefully, you are now beginning to realize just how integral AES in running the entire framework of modern society.
And now that you understand what it is and how its used, its time to get into the fun stuff. How this bad boy works.
The AES cipher is part of a family known as block ciphers, which are algorithms that encrypt data on a per-block basis.
These blocks which are measured in bits determine the input of plaintext and output of ciphertext. So for example, since AES is 128 bits long, for every 128 bits of plaintext, 128 bits of ciphertext are produced.
Like nearly all encryption algorithms, AES relies on the use of keys during the encryption and decryption process. Since the AES algorithm is symmetric, the same key is used for both encryption and decryption (I will talk more about what this means in a moment).
AES operates on what is known as a 4 x 4 column major order matrix of bytes. If that seems like too much of a mouthful to you, the cryptography community agrees and termed this process the state.
The key size used for this cipher specifies the number of repetitions or rounds required to put the plaintext through the cipher and convert it into ciphertext.
Heres how the cycles break down.
While longer keys provide the users with stronger encryptions, the strength comes at the cost of performance, meaning that they will take longer to encrypt.
Conversely, while the shorter keys arent as strong as the longer ones, they provide much faster encryption times for the user.
Now before we move on, I want to briefly touch on a topic that has sparked a significant amount of controversy within the cryptographic community.
As I noted earlier, AES relies on a symmetric algorithm, meaning that thekey used to encrypt information is the same one used to decrypt it. When compared to an asymmetric algorithm, which relies on a private key for decryption and a separate public key for file encryption, symmetric algorithms are often said to be less secure.
And while it is true that asymmetric encryptions do have an added layer of security because they do not require the distribution of your private key, this does not necessarily mean that they are better in every scenario.
Symmetric algorithms do not require the same computational power as asymmetric keys, making them significantly faster than their counterparts.
However, where symmetric keys fall short is within the realm of file transferring. Because they rely on the same key for encryption and decryption, symmetric algorithms require you to find a secure method of transferring the key to the desired recipient.
With asymmetric algorithms, you can safely distribute your public key to anyone and everyone without worry, because only your private key can decrypt encrypted files.
So while asymmetric algorithms are certainly better for file transfers, I wanted to point out that AES is not necessarily less secure because it relies on symmetric cryptography, it is simply limited in its application.
AES has yet to be broken in the same way that DES was back in 1999, and the largest successful brute-force attack against any block cipher was only against a 64-bit encryption (at least to public knowledge).
The majority of cryptographers agree that, with current hardware, successfully attacking the AES algorithm, even on a 128-bit key would take billions of years and is, therefore, highly improbable.
At the present moment, there isnt a single known method that would allow someone to attack and decrypt data encrypted by AES so long as the algorithm was properly implemented.
However, many of the documents leaked by Edward Snowden show that the NSA is researching whether or not something known as the tau statistic could be used to break AES.
Side Channel Attacks
Despite all of the evidence pointing to the impracticality of an AES attack with current hardware, this doesnt mean that AES is completely secure.
Side channel attacks, which are an attack based on information gained from the physical implementation of a cryptosystem, can still be exploited to attack a system encrypted with AES. These attacks are not based on weaknesses in the algorithm, but rather physical indications of a potential weakness that can be exploited to breach the system.
Here are a few common examples.
The Anthem Hacking: How AES Could Have Saved 80 Million Peoples Personal Data
During February of 2015, the database for the Anthem insurance company was hacked, compromising the personal data of over 80 million Americans.
The personal data in question included everything from the names, addresses, and social security numbers of the victims.
And while the CEO of Anthem reassured the public by stating the credit card information of their clients was not compromised, any hacker worth his salt can easily commit financial fraud with the stolen information.
While the companys spokesperson claimed that the attack was unpreventable and that they had taken every measure to ensure the security of their clients information, nearly every major data security company in the world disputed this claim, pointing out that the breach was, in fact, completely preventable.
While Anthem encrypted data in transit, they did not encrypt that same data while it was at rest. Meaning that their entire database.
So even though the attack itself might have been unpreventable, by applying a simple AES encryption to the data at rest, Anthem could have prevented the hackers from viewing their customers data.
With the increasing prevalence of cyber-attacks and the growing concerns surrounding information security, it is more important now than ever before to have a strong understanding of the systems that keep you and your personal information safe.
And hopefully, this guide has helped you gain a general understanding of one of the most important security algorithms currently in use today.
AES is here to stay and understanding not only how it works, but how you can make it work for you will help you to maximize your digital security and mitigate your vulnerability to online attacks.
If you really want to dig into AES, I consider watching the video below by Christof Paar (it goes in-depth and its interesting, too):
If you have any further questions about AES or any insights that you have gained from cryptography-related research, please feel free to comment below and I will do my best to get back to you.
Here is the original post:
What is Advanced Encryption Standard (AES): Beginner's Guide
- Report: NSA building comp to crack encryption types [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Report: NSA looking to crack all encryption with quantum computer [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Sound Advice: Explaining Comcast cable encryption [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- NSA Building Encryption-Busting Super Computer [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- NSA researches quantum computing to crack most encryption [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Advanced Encryption Standard - Wikipedia, the free encyclopedia [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- How Encryption Works - HowStuffWorks "Computer" [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Email Encryption - MB Technology Solutions - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Email Encryption - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Reversible Data Hiding in Encrypted Images by Reserving Room Before Encryption - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Toshiba WT8 Full Disk Encryption, Miracast, Easy Stand - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Australian Encryption | Text encryption software for the protection of your privacy - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- njRAT v0 6 4 server Clean Encryption - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- AlertBoot New Encryption Compliance Reports Prepare Covered Entities For HIPAA Audits [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- BlackBerry denies using backdoor-enabled encryption code [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- What Is Encryption? (with pictures) - wiseGEEK [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- HowStuffWorks "How Encryption Works" [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Gambling with Secrets Part 5 8 Encryption Machines - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- The Benefits of Hosted Disk Encryption - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Quill Encryption - what's that? - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- WhatsApp Encryption - Shmoocon 2014 by @segofensiva @psaneme - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- encryption demo2 - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- encryption demo - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Seven - Encryption Official Lyric Visual - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Quantum Computers - The Ultimate Encryption Backdoor? - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Eric Schmidt: Encryption will break through the Great Firewall of China [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- From NSA to Gmail: Ex-spy launches free email encryption service [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Tennessee bill takes on NSA encryption-breaking facility at Oak Ridge/SHUT. IT. DOWN. - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Substitute for:Measurements. 1 Episode. Strength of the encryption algorithm - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- RSA Encryption Checkpoint - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Gambling with Secrets 8 8 RSA Encryption 1 - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Google chairman says 'encrypting everything' could end China's censorship, stop NSA snooping [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Ex-spy launches free email encryption service [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- 3 2 The Data Encryption Standard 22 min - Video [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- RSA Encryption step 3 - Video [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- RSA Encryption step 2 - Video [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- aes tutorial, cryptography Advanced Encryption Standard AES Tutorial,fips 197 - Video [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Townsend Security Release First Encryption Key Management Module for Drupal [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- RSA Encryption step 5 - Video [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- Lavabit case highlights legal fuzziness around encryption rules [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- A Beginner's Guide To Encryption: What It Is And How To Set It Up [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- How App Developers Leave the Door Open to NSA Surveillance [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- Intro to RSA Encryption step 1 - Video [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- “Honey Encryption” Will Bamboozle Attackers with Fake Secrets [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Encryption - A Life Unlived (DEMO) - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Baffle thy enemy: The case for Honey Encryption [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- New AlertBoot Encryption Reports Make Dental HIPAA Compliance Easier [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Encryption - The Protest - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Encryption - New Life - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Encryption - Intro - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Encryption - Blank Canvas - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Security First SPxBitFiler-IPA encryption pattern for the IBM PureApplication System - Video [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
- Revolutionary new cryptography tool could make software unhackable [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- viaForensics webinar: Mobile encryption - the good, bad, and broken - Aug 2013 - Video [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- K.OStream 0.2 File Encryption Test - Video [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Tumblr adds SSL encryption option, but not as the default [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Latest Java Project Source Code on Chaotic Image Encryption Techniques - Video [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Encryption - University of Illinois at Urbana–Champaign [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
- A Beginner's Guide to Encryption: What It Is and How to ... [Last Updated On: February 6th, 2014] [Originally Added On: February 6th, 2014]
- Real Data Encryption Software is More Important than Ever ... [Last Updated On: February 8th, 2014] [Originally Added On: February 8th, 2014]
- Caesar Cipher Encryption method With example in C Language - Video [Last Updated On: February 8th, 2014] [Originally Added On: February 8th, 2014]
- Hytera DMR 256 bit encryption - Video [Last Updated On: February 9th, 2014] [Originally Added On: February 9th, 2014]
- Townsend Security Releases Encryption Key Management Virtual Machine for Windows Azure [Last Updated On: February 10th, 2014] [Originally Added On: February 10th, 2014]
- Unitrends Data Backup Webinar: Utilizing The Cloud, Deduplication, and Encryption - Video [Last Updated On: February 10th, 2014] [Originally Added On: February 10th, 2014]
- Main menu [Last Updated On: February 12th, 2014] [Originally Added On: February 12th, 2014]
- Use of encryption growing but businesses struggle with it – study [Last Updated On: February 12th, 2014] [Originally Added On: February 12th, 2014]
- SlingSecure Mobile Voice Encryption Installation Video for Android - Video [Last Updated On: February 12th, 2014] [Originally Added On: February 12th, 2014]
- Data breaches drive growth in use of encryption, global study finds [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- Darren Moffat: ZFS Encryption - Part 2 - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- Darren Moffat: ZFS Encryption - Part 1 - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- How do I configure User Local Recovery in Endpoint Encryption Manager 276 - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- Symmetric Cipher (Private-key) Encryption - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- SafeGuard File Encryption for Mac - Installation and Configuration - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- Fundamentals of Next Generation Encryption - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- Tutorial: Einrichten der EgoSecure Endpoint Removable Device Encryption - Video [Last Updated On: February 14th, 2014] [Originally Added On: February 14th, 2014]
- 'PGP' encryption has had stay-powering but does it meet today's enterprise demands? [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
- Fact or Fiction: Encryption Prevents Digital Eavesdropping [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
- RHCSA PREP:answer to question 20 (Central Authentication Using LDAP with TLS/SSL Encryption) - Video [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]
- Protect+ Voice Recorder with Encryption - Video [Last Updated On: February 15th, 2014] [Originally Added On: February 15th, 2014]