Mediaboss Marketing

Understanding advanced encryption standard on basic level doesnt require a higher degree in computer science or Matrix-level consciousness lets break AES encryption down into laymans terms

Hey, all. We know of security of information to be a hot topic since, well, forever. We entrust our personal and sensitive information to lots of major entities and still have problems with data breaches, data leaks, etc. Some of this happens because of security protocols in networking, or bad practices of authentication management but, really, there are many ways that data breaches can occur. However, the actual process of decrypting a ciphertext without a key is far more difficult. For that, we can thank the encrypting algorithms like the popular advanced encryption standard and the secure keys that scramble our data into indecipherable gibberish.

Lets look into how AES works and different applications for it. Well be getting a little into some Matrix-based math so, grab your red pills and see how far this rabbit hole goes.

Lets hash it out.

You may have heard of advanced encryption standard, or AES for short but may not know the answer to the question what is AES? Here are four things you need to know about AES:

The National Institute of Standards and Technology (NIST) established AES as an encryption standard nearly 20 years ago to replace the aging data encryption standard (DES). After all, AES encryption keys can go up to 256 bits, whereas DES stopped at just 56 bits. NIST could have chosen a cipher that offered greater security, but the tradeoff would have required greater overhead that wouldnt be practical. So, they went with one that had great all-around performance and security.

AESs results are so successful that many entities and agencies have approved it and utilize it for encrypting sensitive information. The National Security Agency (NSA), as well as other governmental bodies, utilize AES encryption and keys to protect classified or other sensitive information. Furthermore, AES is often included in commercial based products, including but limited to:

Although it wouldnt literally take forever, it would take far longer than any of our lifetimes to crack an AES 256-bit encryption key using modern computing technology. This is from a brute force standpoint, as in trying every combination until we hear the click/unlocking sound. Certain protections are put in place to prevent stuff from like this happening quickly, such as a limit on password attempts before a lockdown, which may or may not include a time lapse, to occur before trying again. When we are dealing with computation in milliseconds, waiting 20 minutes to try another five times would seriously add to the time taken to crack a key.

Just how long would it take? We are venturing into a thousand monkeys working on a thousand typewriters to write A Tale of Two Cities territory. The possible combinations for AES 256-bit encryption is 2256. Even if a computer can do multiple quadrillions of instructions per second, then we are still in that eagles-wings-eroding-Mount-Everest time frame.

Needless to say, its waaaaaaaaaaaaaaaaaaay (theres not enough memory on our computers to support the number of a letters that I want to convey) longer than our current universe has been in existence. And thats just for a 16-byte block of data. So, as you can see, brute forcing AES even if it is 128 bits AES is futile.

That would likely change, though, once quantum computing becomes a little more mainstream, available, and effective. Quantum computing is expected to break AES encryption and require other methods to protect our data but thats still a ways down the road.

Manage Digital Certificates like a Boss

14 Certificate Management Best Practices to keep your organization running, secure and fully-compliant.

To better understand what AES is, you need to understand how it works. But in order to see how the advanced encryption standard actually works, however, we first need to look at how this is set up and the rules concerning the process based on the users selection of encryption strength. Typically, when we discuss using higher bit levels of security, were looking at things that are more secure and more difficult to break or hack. While the data blocks are broken up into 128 bits, the key size have a few varying lengths: 128 bits, 196 bits, and 256 bits. What does this mean? Lets back it up for a second here.

We know that encryption typically deals in the scrambling of information into something unreadable and an associated key to decrypt the scramble. AES scramble procedures use four scrambling operations in rounds, meaning that it will perform the operations, and then repeat the process based off of the previous rounds results X number of times. Simplistically, if we put in X and get out Y, that would be one round. We would then put Y through the paces and get out Z for round 2. Rinse and repeat until we have completed the specified number of rounds.

The AES key size, specified above, will determine the number of rounds that the procedure will execute. For example:

As mentioned, each round has four operations.

So, youve arrived this far. Now, you may be asking: why, oh why, didnt I take the blue pill?

Before we get to the operational parts of advanced encryption standard, lets look at how the data is structured. What we mean is that the data that the operations are performed upon is not left-to-right sequential as we normally think of it. Its stacked in a 44 matrix of 128 bits (16 bytes) per block in an array thats known as a state. A state looks something like this:

So, if your message was blue pill or red, it would look something like this:

So, just to be clear, this is just a 16-byte block so, this means that every group of 16 bytes in a file are arranged in such a fashion. At this point, the systematic scramble begins through the application of each AES encryption operation.

As mentioned earlier, once we have our data arrangement, there are certain linked operations that will perform the scramble on each state. The purpose here is to convert the plaintext data into ciphertext through the use of a secret key.

The four types of AES operations as follows (note: well get into the order of the operations in the next section):

As mentioned earlier, the key size determines the number of rounds of scrambling that will be performed. AES encryption uses the Rjindael Key Schedule, which derives the subkeys from the main key to perform the Key Expansion.

The AddRoundKey operation takes the current state of the data and executes the XOR Boolean operation against the current round subkey. XOR means Exclusively Or, which will yield a result of true if the inputs differ (e.g. one input must be 1 and the other input must be 0 to be true). There will be a unique subkey per round, plus one more (which will run at the end).

The SubBytes operation, which stands for substitute bytes, will take the 16-byte block and run it through an S-Box (substitution box) to produce an alternate value. Simply put, the operation will take a value and then replace it by spitting out another value.

The actual S-Box operation is a complicated process, but just know that its nearly impossible to decipher with conventional computing. Coupled with the rest of AES operations, it will do its job to effectively scramble and obfuscate the source data. The S in the white box in the image above represents the complex lookup table for the S-Box.

The ShiftRows operation is a little more straightforward and is easier to understand. Based off the arrangement of the data, the idea of ShiftRows is to move the positions of the data in their respective rows with wrapping. Remember, the data is arranged in a stacked arrangement and not left to right like most of us are used to reading. The image provided helps to visualize this operation.

The first row goes unchanged. The second row shifts the bytes to the left by one position with row wrap around. The third row shifts the bytes one position beyond that, moving the byte to the left by a total of two positions with row wrap around. Likewise, this means that the fourth row shifts the bytes to the left by a total of three positions with row wrap around.

The MixColumns operation, in a nutshell, is a linear transformation of the columns of the dataset. It uses matrix multiplication and bitwise XOR addition to output the results. The column data, which can be represented as a 41 matrix, will be multiplied against a 44 matrix in a format called the Gallois field, and set as an inverse of input and output. That will look something like the following:

As you can see, there are four bytes in that are ran against a 44 matrix. In this case, matrix multiplication has each input byte affecting each output byte and, obviously, yields the same size.

Now that we have a decent understanding of the different operations utilized to scramble our data via AES encryption, we can look at the order in which these operations execute. It will be as such:

Note: The MixColumns operation is not in the final round. Without getting into the actual math of this, theres no additional benefit to performing this operation. In fact, doing so would simply make the decryption process a bit more taxing in terms of overhead.

If we consider the number of rounds and the operations per round that are involved, by the end of it, you should have a nice scrambled block. And that is only a 16-byte block. Consider how much information that equates to in the big picture. Its miniscule when compared to todays file/packet sizes! So, if each 16-byte block has seemingly no discernable pattern at least, any pattern that can be deciphered in a timely manner Id say AES has done its job.

We know the advanced encryption standard algorithm itself is quite effective, but its level of effectiveness depends on how its implemented. Unlike the brute force attacks mentioned above, effective attacks are typically launched on the implementation and not on the algorithm itself. This can be equated to attacking users as in phishing attacks versus attacking the technology behind the service/function that may be hard to breach. These can be considered side-channel attacks where the attacks are being carried out on other aspects of the entire process and not the focal point of the security implementation.

While I always advocate going with a reasonable/effective security option, a lot of AES encryption is happening without you even knowing it. Its locking down spots of the computing world that would otherwise be wide open. In other words, there would be many more opportunities for hackers to capture data if advanced encryption standard wasnt implemented at all. We just need to know how to identify the open holes and figure out how to plug them. Some may be able to use AES and others may need another protocol or process.

Appreciate the encryption implementations we have, use the best ones when needed, and happy scrutinizing!

Link:
Advanced Encryption Standard (AES): What It Is and How It Works - Hashed Out by The SSL Store - Hashed Out by The SSL Store