Is AES Encryption Crackable?
Nov 3, 2009 4:00 AM PT
In the field of computer technology, some topics are so frequently and fiercely disputed that they almost resemble religious feuds -- Mac vs. PC, for instance, or open source vs. proprietary software.
Other topics, though, don't see nearly the same level of high-profile debate. Take the invulnerability of AES (the Advanced Encryption Standard) encryption, for example. Governments and businesses place a great deal of faith in the belief that AES is so secure that its security key can never be broken. However, a team of researchers from Germany, France and Israel has recently demonstrated what may be an inherent flaw in AES -- theoretically, at least.
So how secure is AES really? Is AES now vulnerable to a new attack, as the researchers claim?
Maybe yes, and maybe no. The research is mainly theoretical. Still, as technology evolves, successful attacks against AES may turn up, and they may be difficult to ignore.
"Can somebody repurpose and weaken the strength of the AES algorithm? Yes. That's what cryptographers do. But we don't have to worry about AES being weakened anytime soon. Still, AES in theory has flaws. The bottom line is that AES isn't broken," Ozzie Diaz, president and CEO of wireless security firm AirPatrol, told TeckNewsWorld.
What Is It?
The AES protocol is a set of three block ciphers selected by NIST in 2000 after a three-year competition. NIST, or The National Institute of Standards and Technology, is a federal technology agency that develops and promotes measurement standards. Its selection ousted DES (Data Encryption Standard) as the national and international security encryption standard. DES was the most widely deployed block cipher in both software and hardware applications.
Why should you care? AES encryption is the vault that secures online information and financial transactions by financial institutions, banks and e-commerce sites. So a tear in the AES fabric means an opening for hackers to get at valuable personal and business information.
AES is used in three versions: AES-128, AES-192 and AES-256. These numbers represent the encryption key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively) required to open the vault that is wrapped around the data.
In their published report, entitled "Key Recovery Attacks of Practical Complexity on AES Variants With Up to 10 Rounds," three researchers challenged the structural integrity of the AES protocol. The full report is available here.
Although the research suggests AES might no longer be considered theoretically secure, the crucial question facing all of us now is how far it is from becoming practically insecure, concluded Alex Biryukov and Dmitry Khovratovich (University of Luxembourg, Luxembourg), Orr Dunkelman (of Paris, France), Nathan Keller (Einstein Institute of Mathematics, Hebrew University) and Adi Shamir (Computer Science department of the the Weizmann Institute at Rehovot, Israel).
"The findings discussed in 'Key Recovery Attacks of Practical Complexity on AES Variants With Up to 10 Rounds' are academic in nature and do not threaten the security of systems today. But because most people depend on the encryption standard to keep sensitive information secure, the findings are nonetheless significant," Fred Touchette, AppRiver senior security analyst, told TechNewsWorld.
A New Worry?
If AES is now theoretically compromised, the real-world impact could be considerable, according to Diaz.
"My speculation is that the greatest vulnerabilities will be for wireless systems for two reasons. Most investments in network media are in wireless systems, and there is no physical barrier to entry for accessing the network," he said.
However, some good may come from even an academic demonstration of a flaw in AES, he conceded. Inflection points always occur in an industry in the form of disruptions. A disruption to the viability of a system today will lead to innovation in filling those gaps or completely changing the rules of the game, he said.
"AES is the standard in wireless and IT encryption. It keeps the mouse trap evolving faster than the mouse can move," said Diaz.
Cracked or Broken?
The AES crypto is not broken, asserted Touchette. As in previous techniques, the latest attack techniques on AES-192 and AES-256 algorithms are impractical outside of a theoretical setting.
"But they do nonetheless provide theoretical proof that versions of AES could be susceptible to attack," he warned.
When these cryptos became a new standard, they were declared completely unbreakable. Many other algorithms out there still remain unbreakable, but as long as our systems get stronger and faster, the need for longer and tougher encryption will also grow. Just because the puzzles get harder doesn't mean that people will stop trying to solve them, he added.
An Early Warning
"AES is not compromised. It is safe to use. There are no problems with it," Paul Kocher, president and chief scientist at Cryptography Research, told TechNewsWorld.
Still, researchers are finding that it would not take as much to crack AES as previously thought, suggested Kocher, and that makes the report a significant finding.
Users are already paranoid over attacks that they don't understand, he noted, nd while attackers do improve over time, nobody actually breaks anything, he said.
"There is plenty of software bugs for attackers to use to bypass breaking the keys. That's what keeps me awake at night, not the algorithms," said Kocher.