Feeds

AES encryption not as tough as you think

Cipher attack shaves safety margin

Combat fraud and increase customer satisfaction

Cryptographers have found a new chink in the widely used AES encryption standard that suggests the safety margin of its most powerful cipher is not as high as previously thought.

In a soon-to-be-published paper, researchers Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir show that the 256-bit version of AES is susceptible to several so-called related-key attacks that significantly diminish the amount of time it takes to guess a key. One technique against the 11-round version of the cipher can be completed in 270 operations, an improvement that cryptographer Bruce Schneier says was strong enough to be "almost practical."

Another attack uses only two related keys to crack the complete key of a nine-round version in 239 time, a vast improvement over the 2120 time of the best previous attack. A third attack breaks a 10-round version in 245 time.

Like previous attacks on AES, the latest techniques are still wildly impractical, cryptographers say. But because most of the world depends on the encryption standard to keep sensitive records and communications secure from outsiders, the findings are nonetheless significant. AES is also the foundation of several candidates for a new cryptographic hashing algorithm called SHA-3 that will be adopted by the US National Institute of Standards and Technology.

"When you're trying to build a system with a long life span, you want to have ciphers that are very conservative, so if there is a new attack that comes along, you have a long safety margin," says Paul Kocher, president and chief scientist at Cryptography Research, a San Francisco-based consultancy. "If you're trying to design a system that will be in the field for 30 years, you start worrying about stuff like this."

Kocher says that banks and other organizations have already spent billions of dollars moving away from DES, or the Data Encryption Standard, which enjoyed widespread use until cryptographers uncovered significant weaknesses that allowed it to be cracked using practical attacks.

Related-key attacks require a message to be encrypted with one key that is later changed to one or more different keys. It's usually hard for an outsider to control what keys get used, so the technique is considered hard to carry out under real-world settings.

Still, the findings have the surprising effect of making 256-bit AES less hardened than the 192-bit version. The related-key attack doesn't work on either AES-192 or AES-128.

The attack builds off of previous research that described a way to infer clues about keys used in AES by employing what's known as boomerang switching techniques to infer clues about the keys used in the algorithm.

That attack is also extremely hard to carry out in practical environments, but the latest findings suggest that new data continues to chip away at the viability of the AES ciphers. ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.