A number of high-profile cyberattacks have been carried out recently. The National Institute of Standards and Technology (NIST) takes the threat posed by poor cybersecurity seriously. As part of their efforts to reduce the number of attacks made on critical systems, the organization has begun reviewing cryptographic standards in order to determine if they are still viable solutions to the problem and identify any weak points. The first standard reviewed by NIST is the AES encryption standard. AES is a very popular encryption standard, so putting it through the paces in a modern environment is a worthwhile effort. In this post, we’ll summarize the findings of NIST published in their review of the AES, NISTIR 8319.
The advanced encryption standard was created in 2000 by Daemen and Rijmen as part of a competition organized by NIST. As the winner of the competition, their algorithm went on to become standardized as AES in 2001. Both the algorithm and the standard that resulted from it are typically referred to as AES. AES is one of only two block ciphers approved by the NIST. Block ciphers use a key to convert plaintext into ciphertext. The other approved block cipher is Triple-DES, which is being disallowed after 2023.
AES has become ubiquitous in the world of cybersecurity. So much so that all modern 64-bit processors provide instructions in their chipset to support AES. The algorithm powers nearly everything we do with technology, including encryption for websites, mobile networks dating back to the advent of 4G, Wi-Fi passwords, and more. As such, the reliability of the standard is of the utmost importance.
In reviewing the AES standard, NIST had to define a reasonable scope. Simply reviewing the text of the standard wasn’t enough. The algorithm had to be put through the paces to identify weaknesses and make concrete recommendations. They limited their testing to the types of attacks that would affect AES encrypted data and set it to work. Their findings are presented below.
The original AES competition called for algorithms that were indistinguishable from a random permutation of the input block. If the algorithm doesn’t appear random enough, then an attacker can easily predict the response if they have a large enough set of inputs and outputs. AES has key lengths of 128, 192, and 256 bits. As a significant amount of time has passed since the standard was put into place, tests needed to be performed to see how well those key lengths hold up against modern attacks.
Beyond the specification, the implementation of the algorithm itself was tested. The ways in which the input is generated by the application can open the algorithm up to both invasive and non-invasive attacks. Invasive attacks require physical access and are easier to detect. Non-invasive attacks are much more elusive, but nevertheless must be tested for.
NIST was able to take advantage of the popularity of AES because there are a large number of papers that have been written about its security features in the cryptographic literature. By compiling the research performed, NIST was able to identify the most significant attacks against AES and use that to further their research into the topic. They narrowed the search down to several types of attack:
Evaluating the Parameters
Understanding how far into the future AES will be secure requires uncertainty, as we cannot tell for certain how powerful computers will be at an indeterminate time in the future. Moore’s law states that the power of a microprocessor doubles every 18 months. Every three years, then, the computing power quadruples. Quantum computing only adds to the uncertainty and has the potential to reduce the security of any given encryption by half.
In determining how much computing power will be needed to break a block cipher encryption algorithm, both block size and key size must be taken into account. The low 64-bit block size of Triple-DES is why that algorithm was deprecated. All versions of AES rely on 128-bit block size. However, the options for 192 and 256-bit keys lead NIST to believe that those versions of AES will remain secure once the 128-bit key has been compromised, regardless of block size.
Under ideal circumstances for an attacker, they have access to both the hardware and the software used to implement AES encryption. This makes it extremely difficult to achieve security. Instead of the ideal situation for attackers, NIST focuses on attacks where the device may be in the hands of the attacker, but it has tamper-detection and prevention mechanisms to prevent them from having full control over the platform.
Side channel attacks can occur when a specific implementation leaks details about the encryption. If the value of the secret key can affect the timing of the operation, its power consumption, or even electromagnetic radiation coming from the device, attackers may be able to gain information about the encryption and crack it.
As an example of this type of attack, NIST mentions cache-timing attacks. These exploit a side-channel when implementations rely on a cache to accelerate data access from the main memory. Using such an attack, a vulnerable implementation can be cracked in minutes. Several hardware instructions were created specifically to counter such attacks.
The NIST has a team of researchers pulling from the work of an entire field of study to determine what is and isn’t secure. Chances are, you don’t have those kinds of resources. EB Solution is your cybersecurity insider. If you have concerns about the encryption you’re using, or any other security-related matter, please feel free to contact us today.