Researchers Find Weakness in World's Toughest Encryption Standard

A group of Microsoft researchers announced recently that they had cracked a version of the Advanced Encryption Standard (AES), the world’s toughest encryption mechanism. Though you might not be aware of it, AES is all around you. Not only is it used in disk encryption systems, but it also secures online transactions, wireless networks and even top-secret government documents. Hundreds of millions of people worldwide come into contact with the encryption, so finding a vulnerability is a bit troubling for almost every sector.

“[This] is the first theoretical break of the Advanced Encryption Standard – the de facto worldwide encryption standard,” said Andrey Bogdanov, one of the researchers who worked out the method of breaking the code. His research partners were Dmitry Khovratovich and Christian Rechberger.

The mechanism came to the forefront as a response to a late-20th-century call by the National Institute of Standards and Technology for an encryption that could protect top-secret documents. After a lengthy review process, NIST accepted declared this version, nicknamed Rijndael, as that standard, certifying it for use in the federal government in 2002.

The key – that is, the information an authorized person can use to decrypt the protected information – can vary in length, with 128, 192 and 256 being typical key lengths. Longer keys provide greater security because each extra digit adds another variable.

After working for years, the researchers found they were able to break the code four times easier than was previously thought possible. But even still, the statistical probability of being able to ascertain the correct key is extremely thin: According to Bogdanov, a trillion computers each testing a billion keys per second would take more than two billion years to discover an AES-128 key.

For this reason, Bogdanov said, we shouldn’t worry about the standard’s robustness. “I do not expect our particular attack to impose any practical threat in applications using AES,” he said. “It is more of scientific value.”

Security blogger Bruce Schneier agrees. “What we're learning is that the safety margin of AES is much less than previously believed,” he wrote on his blog. “And while there is no reason to scrap AES in favor of another algorithm, [NIST] should increase the number of rounds of all three AES variants.”

So don’t worry, your Wi-Fi is still safe. But attacks are always increasing in precision, so sometime in the future, the AES may have to undergo a makeover.

About the Author

Laura Williams is content development editor for Security Products magazine.

Featured

  • Meeting Modern Demands

    Door hardware and access control continue to be at the forefront of innovation within the security industry, continuously evolving to meet the dynamic needs of commercial spaces. Read Now

  • Leveraging IoT and Open Platform VMS for a Connected Future

    The evolution of urban environments is being reshaped by the convergence of Internet of Things (IoT) technology and open platform VMS. As cities worldwide grapple with growing populations and increasing operational complexities, these integrated technologies are emerging as powerful tools for creating more livable, efficient, and secure urban spaces. Read Now

  • Securing the Future

    Two security experts sit down with Security Today’s editor in chief Ralph C. Jensen to discuss what they see emerging and changing over the next several years along with how security stakeholders can harness these innovations into opportunities. Read Now

  • Collaboration Made Easy Using a Work Management Platform

    Effective collaboration between security operators, teams and other departments is critical to the smooth functioning of organizations. Yet, as organizations grow in complexity, it becomes more difficult for teams to coordinate with each other. This is compounded by staffing shortages, turnover and ineffective collaboration tools. Read Now

  • Creating a Safer World

    Managing and supporting locks and door hardware within a facility is a big responsibility. A building’s security needs to change over time as occupancy and use demands evolve, which can make it even more challenging. Read Now

Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.