In the field of computer technology, some topics are so frequently and fiercely disputed that they almost resemble religious feuds — Mac vs. PC, for instance, or open source vs. proprietary software.
Other topics, though, don’t see nearly the same level of high-profile debate. Take the invulnerability of AES (the Advanced Encryption Standard) encryption, for example. Governments and businesses place a great deal of faith in the belief that AES is so secure that its security key can never be broken. However, a team of researchers from Germany, Franceand Israel has recently demonstrated what may be an inherent flaw in AES — theoretically, at least.
So how secure is AES really? Is AESnow vulnerable to a new attack, as the researchers claim?
Maybe yes, and maybe no. The research is mainly theoretical. Still, as technology evolves, successful attacks against AES may turn up, and they may be difficult to ignore.
“Can somebody repurpose and weaken the strength of the AES algorithm?Yes. That’s what cryptographers do. But we don’t have to worry aboutAES being weakened anytime soon. Still, AES in theory has flaws. Thebottom line is that AES isn’t broken,” Ozzie Diaz, president and CEO of wireless security firm AirPatrol,told TeckNewsWorld.
What Is It?
The AES protocol is a set of three block ciphers selected by NIST in2000 after a three-year competition. NIST, or The National Instituteof Standards and Technology, is a federal technology agency thatdevelops and promotes measurement standards. Its selection ousted DES(Data Encryption Standard) as the national and international securityencryption standard. DES was the most widely deployed block cipher inboth software and hardware applications.
Why should you care? AES encryption is the vault that secures onlineinformation and financial transactions by financial institutions,banks and e-commerce sites. So a tear in the AES fabric means anopening for hackers to get at valuable personal and businessinformation.
AES is used in three versions: AES-128, AES-192 and AES-256. Thesenumbers represent the encryption key sizes (128 bits, 192 bits and 256bits) and in their number of rounds (10, 12, and 14, respectively)required to open the vault that is wrapped around the data.
In their published report, entitled “Key Recovery Attacks of PracticalComplexity on AES Variants With Up to 10 Rounds,” three researcherschallenged the structural integrity of the AES protocol. The fullreport is available here.
Although the research suggests AES might no longer be considered theoretically secure, the crucial question facing all of us now is how far it is from becomingpractically insecure, concluded Alex Biryukov and Dmitry Khovratovich(University of Luxembourg, Luxembourg), Orr Dunkelman (of Paris,France), Nathan Keller (Einstein Institute of Mathematics, HebrewUniversity) and Adi Shamir (Computer Science department of the theWeizmann Institute at Rehovot, Israel).
“The findings discussed in ‘Key Recovery Attacks of PracticalComplexity on AES Variants With Up to 10 Rounds’ are academic in natureand do not threaten the security of systems today. But because mostpeople depend on the encryption standard to keep sensitive informationsecure, the findings are nonetheless significant,” Fred Touchette,AppRiver senior security analyst, told TechNewsWorld.
A New Worry?
If AES is now theoretically compromised, the real-world impact could be considerable,according to Diaz.
“My speculation is that the greatest vulnerabilities will be forwireless systems for two reasons. Most investments in network mediaare in wireless systems, and there is no physical barrier to entry foraccessing the network,” he said.
However, some good may come from even an academic demonstration of a flawin AES, he conceded. Inflection points always occur in an industry inthe form of disruptions. A disruption to the viability of a systemtoday will lead to innovation in filling those gaps orcompletely changing the rules of the game, he said.
“AES is the standard in wireless and IT encryption. It keeps the mousetrap evolving faster than the mouse can move,” said Diaz.
Cracked or Broken?
The AES crypto is not broken, asserted Touchette. As in previoustechniques, the latest attack techniques onAES-192 and AES-256 algorithms are impractical outside of a theoretical setting.
“But they do nonetheless provide theoretical proof that versions ofAES could be susceptible to attack,” he warned.
When these cryptos became a new standard, they were declaredcompletely unbreakable. Many other algorithms out there still remainunbreakable, but as long as our systems get stronger and faster, theneed for longer and tougher encryption will also grow. Justbecause the puzzles get harder doesn’t mean that people will stoptrying to solve them, he added.
An Early Warning
“AES is not compromised. It is safe to use. There are no problems withit,” Paul Kocher, president and chief scientist at CryptographyResearch, told TechNewsWorld.
Still, researchers are finding that it would not take as much to crackAES as previously thought, suggested Kocher, and that makes the reporta significant finding.
Users are already paranoid over attacks that they don’t understand, henoted, nd while attackers do improve over time, nobody actuallybreaks anything, he said.
“There is plenty of software bugs for attackers to use to bypassbreaking the keys. That’s what keeps me awake at night, not thealgorithms,” said Kocher.