AES: data encryption

Undoubtedly, many computer users working with the Internet (and not only) have heard about the term, like AES data encryption. What kind of system it is, what algorithms it uses and for what it is used, has a fairly limited circle of people. Usual user is by and large to know and do not need. Nevertheless, we will consider this cryptographic system, especially without going into complicated mathematical calculations and formulas, so that it is understandable to any person.

What is AES encryption?

To begin with, the system itself represents a set of algorithms that make it possible to hide the initial appearance of some data that is transmitted or received by the user or stored on the computer. Most often it is used in Internet technologies, when it is required to ensure complete confidentiality of information, and refers to the so-called symmetric encryption algorithms.

The type of AES encryption is used to convert information into a protected view and reverse decode the same key that is known to both the sending and receiving side, in contrast to symmetric encryption, which involves the use of two keys - closed and open. Thus, it is easy to conclude that if both sides know the right key, the process of encryption and decryption is quite simple.

A bit of history

For the first time, AES encryption was mentioned back in 2000, when the Rijndael algorithm became the winner in the selection contest for the DES successor, which was the standard in the US since 1977.

In 2001, the AES system was officially adopted as the new federal standard for data encryption and has since been used universally.

Types of AES encryption

The evolution of the algorithms included several intermediate stages, which were mainly associated with increasing the length of the key. Today, there are three main types: AES-128-encryption, AES-192 and AES-256.

The name speaks for itself. The numerical designation corresponds to the length of the key used, expressed in bits. In addition, AES encryption refers to a block type that works directly with blocks of information of fixed length, encrypting each of them, in contrast to streaming algorithms operating with single symbols of an open message, translating them into an encrypted form. In AES, the block length is 128 bits.

In scientific terms, the same algorithms that use AES-256 encryption involve operations based on the polynomial representation of operations and codes when processing two-dimensional arrays (matrices).

How it works?

The algorithm of operation is rather complicated, but it involves the use of several basic elements. Initially, a two-dimensional matrix, conversion cycles (rounds), a round key and tables of initial and reverse substitutions are used.

The process of data encryption consists of several stages:

• Calculation of all round keys;
• Substitution of bytes using the main S-Box table;
• Shift in the form using different values (see the figure above);
• Mixing data within each column of the matrix (form);
• Add a shape and a round key.

The decryption is done in the reverse order, but instead of the S-Box table, the reverse setting table is applied, which was mentioned above.

If you give an example, if you have a 4-bit key, you need only 16 stages (rounds) to scan, that is, you need to check all possible combinations, starting from 0000 to 1111. Naturally, such protection is hacked quickly enough. But if you take more keys, for 65 bits, 65 536 stages are required, and for 256 bits - 1.1 x 10 ⁷⁷ . And as it was stated by American specialists, the selection of the right combination (key) will take about 149 trillion years.

What to apply when setting up the network in practice: AES or TKIP encryption?

Now we turn to the use of AES-256 when encrypting transmitted and received data in wireless networks.

As a rule, in any router (router) there are several parameters to choose from: only AES, only TKIP and AES + TKIP. They are used depending on the protocol (WEP or WEP2). But! TKIP is an obsolete system because it has less protection and does not support 802.11n connections with data rates exceeding 54 Mbps. Thus, the conclusion about the priority use of AES together with the security mode WPA2-PSK suggests itself, although it is possible to use both algorithms in a pair.

The reliability and safety of AES algorithms

Despite loud statements of specialists, algorithms of AES are theoretically still vulnerable, since the very nature of encryption has a simple algebraic description. This was noted by Niels Fergusson. And in 2002, Josef Pepshik and Nicolas Courtois published an article that substantiates the potentially possible attack of XSL. True, it has caused a lot of controversy in the scientific world, and some have considered their calculations to be erroneous.

In 2005, it was suggested that the attack could use third-party channels, not just mathematical calculations. In this case, one of the attacks calculated the key after 800 operations, and the other received it through 2 ³² operations (in the eighth round).

Without a doubt, to date, this system could be considered one of the most advanced, if not one but. A few years ago, a wave of virus attacks swept the Internet, in which the virus-encryptor (and at the same time also the extortionist), penetrating computers, fully encrypted the data, demanding a tidy amount of money for deciphering. At the same time, it was noted in the message that the encryption was performed using the algorithm AES1024, which, as was thought until recently, does not exist in nature.

So it is or not, but even the most famous developers of anti-virus software, including Kaspersky Lab, were powerless when trying to decrypt the data. Many experts recognized that the notorious I Love You virus, which at one time hit millions of computers around the world and destroyed important information on them, compared to this threat, was a childish babble. In addition, I Love You was more focused on multimedia files, and the new virus only accessed the confidential information of large corporations. However, to state with all evidence that the encryption of AES-1024 was used here, no one is taking it.

Conclusion

If we sum up some results, in any case we can say that AES-encryption is by far the most advanced and protected, regardless of which key length is used. It is not surprising that this standard is used in most cryptosystems and has quite broad prospects for development and improvement in the foreseeable future, especially since it is very likely that several types of encryption can be combined into one (for example, the parallel use of symmetric and asymmetric or block and streaming Encryption).