Undoubtedly, many computer users working with the Internet (and not only) have heard of such a term as AES data encryption. What kind of system it is, what algorithms it uses and what it is used for, a fairly limited circle of people has an idea. An ordinary user, by and large, does not need to know this. Nevertheless, we will consider this cryptographic system, without particularly delving into complex mathematical calculations and formulas, so that it can be understood by any person.
What is AES encryption?
To begin with, the system itself is a set of algorithms that allow you to hide the initial view of some data transmitted, received by the user or stored on the computer. Most often it is used in Internet technologies when it is required to ensure complete confidentiality of information, and refers to the so-called symmetric encryption algorithms.
AES encryption type involves the use of the same key for converting information into a secure form and reverse decoding, which is known by both the sending and receiving parties, in contrast to symmetric encryption, which provides for the use of two keys - private and public. Thus, it is not difficult to conclude that if both parties know the correct key, the encryption and decryption process is quite simple.
A bit of history
For the first time, AES encryption was mentioned back in 2000, when the Rijndael algorithm became the winner in the contest for choosing the successor to the DES system, which has been the standard in the USA since 1977.
In 2001, the AES system was officially adopted as the new federal standard for data encryption and has since been used universally.
Types of AES Encryption
The evolution of the algorithms included several intermediate stages, which were mainly associated with an increase in the length of the key. Today, there are three main types: AES-128 encryption, AES-192 and AES-256.
The name speaks for itself. The numerical designation corresponds to the length of the applied key, expressed in bits. In addition, AES encryption refers to the block type, which works directly with blocks of information of a fixed length, encrypting each of them, in contrast to stream algorithms that operate with single characters of an open message, translating them into an encrypted form. In AES, the block length is 128 bits.
Speaking in a scientific language, the same algorithms that AES-256 encryption uses mean operations based on a polynomial representation of operations and codes when processing two-dimensional arrays (matrices).
How it works?
The algorithm of work is quite complicated, but includes the use of several basic elements. Initially, a two-dimensional matrix is โโused, transformation cycles (rounds), a round key, and tables of initial and reverse substitutions.
The data encryption process consists of several stages:
- calculation of all round keys;
- byte substitution using the main S-Box table;
- shift in shape using different values โโ(see figure above);
- mixing data inside each column of the matrix (form);
- addition of a form and a round key.
Decryption is performed in the reverse order, but instead of the S-Box table, the reverse setting table is used, which was mentioned above.
If you give an example, if you have a key with a length of 4 bits, it takes only 16 stages (rounds) to search, that is, you need to check all possible combinations, starting from 0000 and ending with 1111. Naturally, such protection is cracked quite quickly. But if you take more keys, 65 536 stages will be required for 16 bits, and 1.1 x 10 77 for 256 bits. And as stated by American experts, the selection of the right combination (key) will take about 149 trillion years.
What to use when setting up the network in practice: AES or TKIP encryption?
Now let's move on to using AES-256 when encrypting transmitted and received data in wireless networks.
As a rule, in any router (router) there are several parameters to choose from: only AES, only TKIP and AES + TKIP. They apply depending on the protocol (WEP or WEP2). But! TKIP is an outdated system because it has a lower degree of protection and does not support 802.11n connections with a data transfer rate exceeding 54 Mbps. Thus, the conclusion about the priority use of AES together with the WPA2-PSK security mode suggests itself, although you can use both algorithms in pairs.
Reliability and Security Considerations for AES Algorithms
Despite the loud statements of experts, AES algorithms are still theoretically vulnerable, since the very nature of encryption has a simple algebraic description. This was noted by Niels Ferguson. And in 2002, Joseph Pepshik and Nicolas Courtois published an article justifying a potential XSL attack. True, it caused a lot of controversy in the scientific world, and some considered their calculations erroneous.
In 2005, an assumption was made that the attack could use third-party channels, not just mathematical calculations. In this case, one of the attacks calculated the key after 800 operations, and the other received it after 2 32 operations (in the eighth round).
Without a doubt, today this system could be considered one of the most advanced, if not one but. Several years ago, a wave of virus attacks swept over the Internet, in which a cryptographic virus (and also a ransomware), penetrating computers, completely encrypted the data, requiring a tidy sum of money for decryption. At the same time, the message noted that encryption was performed using the AES1024 algorithm, which, as was considered until recently, does not exist in nature.
Like it or not, but even the most well-known anti-virus software developers, including Kaspersky Lab, turned out to be powerless when trying to decrypt the data. Many experts admitted that the notorious I Love You virus , which once infected millions of computers around the world and destroyed important information on them, turned out to be babble in comparison with this threat. In addition, I Love You was more focused on multimedia files, and the new virus gained access exclusively to the confidential information of large corporations. However, to argue with all the evidence that AES-1024 encryption was used here, no one undertakes.
Conclusion
To summarize, in any case, we can say that AES encryption is by far the most advanced and secure, regardless of what key length is used. It is not surprising that this particular standard is used in most cryptosystems and has rather broad prospects for development and improvement in the foreseeable future, all the more so since it may be very possible to combine several types of encryption into a single whole (for example, parallel use of symmetric and asymmetric or block and stream encryption).