Skip to main content
banner image
venafi logo

What is Advanced Encryption Standard (AES)?

What is Advanced Encryption Standard (AES)?

what-is-advanced-encryption-standard
September 1, 2021 | Guest Blogger: Ambler Jackson

Imagine a perfect world. In this perfect world, governments and corporations would implement all the security controls necessary for their operation, use all of the security best practices, adhere to all compliance regulations, purchase the most sophisticated data protection tools, and as a result, maintain information systems with sensitive data that is 100% secure. Unfortunately, 100% security is a utopia, but using properly implemented encryption will certainly assist your organization in mitigating risks associated with unencrypted data.

Learn more about machine identities and encryption. Read our Dummies Guide.
What does encryption do for us?

Encryption is not only a security best practice, but it is the industry standard for protecting data at rest and data transmitted over the Internet. It protects data from unauthorized access, modification, disclosure and theft. You’ve likely used a service that offers data encryption. For example, when you send messages over WhatsApp or Signal, these are encrypted from end-to-end to prevent malevolent actors from eavesdropping your private conversations.

What exactly does encryption do? Encryption converts plaintext data to an unintelligible form called ciphertext. When data is decrypted, the ciphertext is converted back to plaintext. Encrypting data prevents unauthorized individuals from viewing sensitive information that is transmitted over the Internet. There are three interesting things you should know about encryption:

  • There is more than one type of encryption (symmetric v asymmetric)
  • Asymmetric encryption algorithms will become obsolete in a quantum computing future
  • Advanced Encryption Standard (AES) is currently the most secure encryption algorithm
What is AES encryption and how does it work?

AES, introduced in 2001, is an encryption standard used by the United States government to protect data in federal information systems. It is also used by nongovernmental organizations to protect sensitive data. The AES algorithm uses “symmetric” key encryption and three block ciphers. Symmetric key encryption uses the same key to encrypt and decrypt data. Sometimes the same key is described as a secret key. It is critical that the secret key is only available to authorized users to prevent anyone else from accessing the key and accessing the data for nefarious reasons.

Encryption and decryption occur in data blocks of 128 bits. The block length is 128 bits. Each of the following cipher keys, which vary in length, are associated with the number of rounds required to transform plain text into ciphertext. For simplicity, consider this transformation a type of processing or operation that takes place for encryption to occur.

  • AES-128-bit key, 10 rounds
  • AES-192-bit key, 12 rounds
  • AES-256-bit key, 14 rounds

The longer the key length, the more rounds of processing that occurs to encrypt the data. While AES encryption is secure, AES-256-bit key encryption is stronger (and more secure) than AES 128-bit key because there are many more possible character combinations in the 256-bit key than the 128-bit key. Essentially, it would take a cybercriminal longer to try all of the possible combinations to crack AES 256-key bit encryption than it would take them to attempt to crack AES-128-bit encryption.

AES strength and other considerations

The strength is in the key length. The longer the key length, the more difficult it is for a cybercriminal to break the encryption or crack the secret code (i.e., decryption key). For this reason, a bad actor (or actors) will have to work that much harder to break 256-bit key encryption than 128-bit key encryption.

Organizations using AES encryption give stakeholders (e.g., corporate executives, consumers and end-users) a high level of confidence in secure electronic data transmissions; however, this confidence may be weakened by the following:

  • Poorly implemented encryption (e.g., systems that are incorrectly configured)
  • Poor key management (e.g., not using industry best practices for encryption key management)

Encryption keys must be securely managed and protected from unauthorized disclosure or modification. AES encryption is most effective when no one other than the intended recipient has the secret key. What about when AES encryption is properly implemented and encryption keys are managed in accordance with best practices—does this resolve all potential threats? Not quite. AES may also be threatened by side-channel attacks. Side-channel attacks rely on information that is acquired based on the implementation of security controls rather than the failure to implement a security control, such as encryption. Such an attack has the potential to reveal encryption keys. Organizations may mitigate risks associated with side-channel attacks by reducing the ways in which data leaks from a system.

AES and quantum computing

There is a global effort to prepare secure information systems to resist quantum computing. It is expected that cryptographic algorithms that use public keys (i.e., asymmetric encryption) will not be a secure encryption method once we enter the era of large-scale quantum computing, which is likely still many years away. In contrast, AES encryption, which uses a symmetric key, is believed to be reasonably secure in a quantum computing world due to its key length. And while the impact of quantum computing on AES will require a longer key length, the encryption method is so sophisticated that it is considered quantum resistant.

Conclusion

AES encryption offers the strongest and most secure cryptographic algorithm. As such, it is the industry standard for encrypting sensitive data. The full power of AES encryption, however, is realized when it is implemented by experts and encryption keys are managed in accordance with secure key management best practices. Lastly, organizations can safely implement AES encryption in a quantum computing world. While AES-128-bit key will remain secure for decades to come, AES-256-bit key will protect against threats from quantum computers for a very long time.

 

Related Posts

Like this blog? We think you will love this.
NIST-certificate-management-best-practices
Featured Blog

NIST Best Practices to Improve Your Certificate Management

Part 1—Establishing TLS Server Certificate Policie

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS MIM For Dummies
eBook

TLS Machine Identity Management for Dummies

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Ambler Jackson
Guest Blogger: Ambler Jackson
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more