What is the Advanced Encryption Standard (AES)?
The internet plays an essential role in the transmission of huge volumes of data in a variety of industries. From sender to receiver, some data may be sent across an unsecured channel.
Private and public sectors have used a variety of methods and ways to protect sensitive data from intruders. One of the most important and widely used methods for protecting data from hackers is encryption and decryption. The two together are known as Cryptography.
A variety of algorithms have been developed to encrypt and decrypt sensitive data. Among these algorithms, the most commonly used algorithm is AES. The Advanced Encryption Standard (AES) is a cryptography standard that is used to encrypt data to keep it secure. Nowadays, AES is also known as Rijndael. This name is a combination of the names of two Belgian cryptographers, Joan Daemen and Vincent Rijmen who wrote the algorithm that sets the current standard today.
Why was AES Developed?
The main usage purpose of the Advanced Encryption Standard (AES) is to encrypt data and protect it from unauthorized access. This is accomplished through the use of a cryptographic process key of various lengths. Depending on the length, this is labeled AES-128, AES-192, or AES-256.
A brief history of AES development;
In 1970, The National Bureau of Standards (NBS) in the United States needed a secret algorithm to encrypt critical government data. On this need, a new symmetric key algorithm: Data Encryption Standard (DES) has been revealed.
In 1997, The DES algorithm was discovered to be vulnerable to brute-force attacks. The National Institute of Standards and Technology (NIST) has launched a public competition to discover an alternative for the DES algorithm.
In 1998, 15 different groups from all over the world participated in the contest organized by NIST by submitting their own AES algorithms.
In 2001, The Rijndael group was chosen by NIST as the winner of the AES competition.
After all long-term selection and validation tests, The Advanced Encryption Standard (AES) was published as FIPS 197 on November 26, 2001. The fact that Rijndael is royalty-free and that it can be easily implemented on a wide range of systems without significantly lowering bandwidth are two main drivers in its rapid adoption.
How Does AES Encryption Work?
The Rijndael algorithm employs symmetrical encryption, in contrast to earlier algorithms. For transmissions from the sender to the receiver and from the receiver to the sender, there is only one key. This key is used by AES to encrypt and decode data via a mathematical process.
The AES encryption method is widely renowned for its speed and security. The security of the algorithm comes from the data being encrypted using a complex block cipher technique. And AES uses less processing power so it is faster than other equivalents
AES, like many other block ciphers, performs cipher transformations using rounds of encryption. It divides the input plaintext into a four-row, four-column block. Each box contains one byte, with a total of 16 bytes in a block. Each round is made up of various building steps that work together to form a function that is then repeated multiple times. The number of rounds performed by AES is determined by the length of the key. It does 10 rounds at 128 bits, 12 rounds at 192 bits, and 14 rounds at 256 bits. With the algorithm running in each round, a previous state and a Round key are created at the end. According to FIPS 197, the Round Key is produced from the cryptographic key using the Rijndael key schedule. After the last AES cycle, the State produces "ciphertext", which has no relation to plaintext. In the inverse of the encryption processes, decryption of the ciphertext is performed using the same symmetric key used for encryption.
AES is built on a substitution-permutation network, in which the input field(commonly known as "plaintext") and the cryptographic key are processed in a series of mathematical operations using substitution boxes (S-boxes) or permutation boxes (P-boxes).
There are mainly 4 operations while converting the plaintext data into ciphertext through the use of a secret key.
- SubBytes: SubBytes transformation is the initial stage of each round. This stage relies on a nonlinear S-box to replace a byte in the state with a different byte. For example, if the hexadecimal code for a byte was 84, the procedure would be to identify the cell in the S-box where row 8 and column 4 intersect, and that value would be used. According to the graphic below, the new value in this scenario would be "5f".
Figure 1. S-Box: Substitution values for the byte xy (hexadecimal format)
- ShiftRow: To produce diffusion, the data is shifted from its initial location. The goal of ShiftRows is to relocate the data locations in their appropriate rows using wrapping. The first row is left unchanged. With the row wrapped around, the second row pushes the bytes to the left by one place. With the row wrap around, the third row pushes the bytes to the left by two positions, and the fourth row shifts the bytes to the left by three positions.
Figure 2. ShiftRow
- MixColumn: In this step, the AES algorithm uses a mathematical process known as a linear transformation to combine the bytes. it performs a complicated XOR algorithm function to each column, combining all four-byte values mathematically and producing four new bytes as outputs.
Figure 3. MixColumn
- AddRoundKey: This is the first and last operation that the state array goes through during encryption. It is the most vital stage in the algorithm. Each round generates a new key using a key schedule specific to the Rijndael algorithm on which the AES is based. The mixed column's result is added to the first round key. It then returns to the first step(SubByte) and the entire process (round) begins all over again.
The Advantages of AES
Compared to other encryption protocols, AES has the following advantages:
- The encryption processes of AES are easy to learn, making it more attractive to those dealing with AES.
- It's easy to implement.
- Faster encryption and decryption times.
- AES consumes less memory and system resources.
- AES can be combined with other security protocols when it needs an extra security layer.
Where is the AES Algorithm Used?
The AES algorithm is widely used in a variety of applications, including wireless security, processor security, file encryption, and SSL/TLS. AES encryption is used regularly by federal government departments as well as non-government entities, commercial firms, and organizations, to secure sensitive data.
AES encryption is now used in devices and applications that are also used by consumers today. For example, SSDs for data storage, Google Cloud storage service, internet browser programs such as Firefox and Opera, security certificates for websites. Many popular apps (such as Snapchat and Facebook Messenger) use AES encryption to safely send information such as photographs and messages.
Well-known file compression programs such as 7z, WinRAR, Winzip also use the AES algorithm to prevent data breaches. AES encryption is also implemented in the libraries of programming languages such as Java, Python, and C++.
When Should AES be Used?
AES is a cryptography standard that is used to encrypt data to keep it private. The purpose of encryption is to make it more difficult for others to discover our secrets. The concept is that whatever level of skill and computer time is required to break our encryption should be more expensive than the perceived worth of the material being decrypted. The AES protocol provides a security standard for storing data when we don't want other parties to see or access it, for transferring data from one location to another, and for the infrastructure that supports our transactions.
What are AES Features?
Following are the features of AES:
- It is the most secure security protocol because it can be implemented in both hardware and software.
- Because it works with longer key sizes(128, 192, and 256 bits), it is resistant to hacking efforts
- It is the most widely used security protocol for a wide range of applications, including wireless communication, e-commerce, financial transactions, and encrypted data storage.
- It is an open-free standard that can be used for any purpose, whether public, private, commercial, or non-commercial.
- The Advanced encryption standard is adaptable, highly adjustable, and simple to implement.
How to Choose AES Algorithms?
The AES algorithm is a widely used block encryption method. The AES algorithm's five modes of operation were standardized in 2001. Here are the modes:
ECB mode: Electronic Code Book
CBC mode: Cipher Block Chaining
CFB mode: Cipher FeedBack
OFB mode: Output FeedBack
CTR mode: Counter mode
The modes of operation, regardless of whether they are implemented in software or hardware, are the most necessary for a successful AES implementation. Each operating mode has advantages and disadvantages compared to each other. There are some parameters to consider when choosing the most suitable algorithm mode.
The ECB is the most basic form of operation. When encrypting multiple blocks of data with the same key, ECB should not be utilized. We can use ECB to encrypt the tables, indexes, wal, temp files, and system catalogs in the database encryption. But it will not be secure.
CBC, OFB, and CFB are all similar, but OFB/CFB is preferable because it only requires encryption rather than decryption, saving code space.
Instead of CBC/OFB/CFB modes, CTR mode is used if you desire good parallelization (i.e. speed).
The OFB mode of operation is frequently utilized in communication through noise-carrying mediums such as satellite communications.
Examples of AES Usage
Here are some examples where AES technology is used:
File transfer protocols ( FTPS, HTTPS, SFTP, OFTP, AS2, WebDAVS )
Wi-Fi security protocols (WPA-PSK, WPA2-PSK)
Programming language libraries ( Java, Python )
Mobile apps ( Whatsapp, Facebook Messenger)
File compression tools
Some other apps like password tools, video games, disk partition encryption
Does AES Encryption Have Any Security Problems?
AES is one of the most secure encryption algorithms currently available for use in implementations. Even so, in general, no encryption method is totally secure. AES has been investigated by researchers and they've discovered a few possible vulnerabilities.
A known-key attack on AES-128 was discovered in 2009. The structure of the encryption was decoded using a well-known key. The attack, however, was limited to an eight-round variant of AES-128, rather than the regular 10-round version. This caused the threat to remain relatively small.
Side-channel attacks are a significant threat to AES encryption. Side-channel attacks include gathering information about a computer device's cryptographic processes and exploiting that information to reverse-engineer the device's cryptography system. Timing information, such as how long it takes the computer to do computations; electromagnetic leakage; audio clues; and optical information may all be used in these assaults. With this information, side-channel attacks may minimize the number of feasible combinations needed to brute-force an AES assault.
Even in the best attack method made with good intentions to show how secure the system is, researchers were only able to show the way to crack the password 3-5 times faster. With this method, and even with the best supercomputers, it would still take billions of years to crack the password. Although the newly revealed vulnerability is important, much more research is required before we can even consider AES implementations to be insecure.
Is AES Free?
NIST issued a request for suitable AES algorithms in 1997. The demand in this request was that the algorithm is royalty-free. As a result, the algorithm itself is completely free. However, it doesn't imply that algorithm implementations are free. Some commercial AES implementations are for a fee.
What is an Advanced Encryption Standard Example?
The operation of the AES algorithm is realized through the following steps:
wwwsunnyvalleyio(1 byte each, total 16 characters Key text;
powerfulzenarmor(1 byte each, total 16 characters)
Convert each character to hexadecimal values
- After Hex conversion, convert a plain text to 4x4 matrix. The first four bytes of plain text will occupy the first column in 4x4 matrix. The next four bytes of text will occupy the second column and so on. AES operates on 4x4 column matrix and its called as "state array".
- In the initial round, Operate with XOR(exclusive-or) function. First addroundkey, XOR the plain text with key.
- Now on this matrix we have obtained; apply SubBytes, ShiftRows, and Mixcolumns functions in order.
By applying the latest mixcolumns function, we get a new matrix. Then XOR this matrix with the new round key obtained with the "Key schedule" implementation.
Repeat these operations 10 times if we are using 128bit encryption and 14 times if we are using 256bit encryption. After applying all functions except mixcolumn in the last round, the resulting matrix becomes our ciphertext.
After 10 round encryption process our ciphertext output:
There are pages on the Internet where you can perform encryption and decryption operations and get very fast results.
Why is AES so Popular?
According to the world-renowned expert, AES cryptography is utilized to encrypt more than half of all data on the planet. Also, some governments are using AES today for the encryption of top-secret classified official state information. Some reasons make AES so popular, here are some:
- At first, AES used encryption keys with lengths of 128, 192, and 256 bits to encrypt and decrypt data in 128-bit blocks. Military-grade encryption is achieved by using the largest AES encryption key length. So it's secure and it's really hard to crack encryption.
- It is one of the most widely used commercial and open source solutions in the world.
- It is fast and compact across a wide range of platforms. It can even be run on an average home computer.
What is the Difference Between AES and DES Encryption?
We can list the differences between AES and DES as follows;
- DES was created in 1976 while AES was created in 1999.
- AES stands for Advanced Encryption Standard. DES stands for Data Encryption Standard.
- AES is byte-oriented, DES is bit-oriented.
- The key length in AES might be 128 bits, 192 bits, or 256 bits. On the other hand, DES is just 56 bits. Because of the small key size, DES is less secure than AES.
- The number of rounds in AES is determined by the key length: 10 (128 bits), 12 (192 bits), or 14 (256 bits) (256-bits). DES is composed of 16 rounds of operations that are all identical.
- The structure of AES is designed around a substitution-permutation network. The structure of DES is based on the Feistel network.
- AES is more secure than the DES cipher, and it is currently the international standard. Because it has known flaws, DES is readily broken.
- AES was created by Vincent Rijmen and Joan Daemen. DES was created by IBM.
- AES can encrypt 128-bit plaintext while DES can only encrypt 64 bits.
- The AES cipher is based on a square cipher with an aside channel. The DES cipher is based on the Lucifer cipher.
Why is RSA better than AES?
In contrast to AES, which uses symmetric encryption, RSA is the basis of asymmetric cryptography. RSA is an asymmetric encryption algorithm that uses two keys, one that you keep private and the other that you share with the rest of the world (public). While encrypting and decrypting; AES uses a single identical key, while RSA uses separate keys for both transactions. The keys that RSA uses are different but mathematically linked.
For one-way encryption of a message, RSA employs the prime factorization method. Two gigantic-sized random prime numbers are multiplied to make another giant number in this method. Multiplying these two numbers is simple, but identifying the original prime numbers from the multiplied number is nearly impossible at least for supercomputers today. It would take billions and billions of years to decrypt, even with thousands of supercomputers. RSA is both more computationally intensive and slower than AES. It's usually only used to encrypt small quantities of information.
When there are two physically different endpoints, RSA keys are typically utilized. RSA encryption is commonly used in online browsers to connect to your favorite websites, as well as in VPN connections and a variety of other applications. While RSA encryption is effective at securing data transfer across regional boundaries, it has a low speed. The solution is to combine RSA encryption with AES encryption to get the best of both worlds: RSA security and AES performance.