Currently, AES is the most widely used encryption algorithm.This success is directly due to the infeasibility of bruteforce attacks.
To break AES with a brute force attack requiresO(2n), where n is the key length (128, 192, or 256). This timeis practically impossible. There have been many studies tobreak AES, break meaning discovering a method to calculatethe plaintext in fewer steps needed by a brute force attack.The most notable of these studies was in 2011 by Bogdanov etal4.
They created an algorithm called Bipartite Cryptanalysisto recover the full key schedule. There had previously beenstudies attempting this, but that were only able to recover thepartial key schedule. After considering the previous sectionon decryption and functional correctness, we know that withthe full key schedule, the plaintext can be calculated from theciphertext. However, their key recovery algorithm is still tooslow to be a practical break. Table II shows the improvementson a brute force attack made by Bogdanov et al.
Brute Force Bipartite CryptanalysisAES-128 2128 2126:1AES-192 2192 2189:7AES-256 2256 2254:4TABLE IICOMPLEXITYVII. COMPLEX MATHEMATICAL CALCULATIONS IN AESThe AES was developed using the wide trail strategy design.The name was derived from the probability trails used indifferential and linear cryptanalysis; the more extensive theyare, the harder they are to exploit. The strategy states that ablock cipher needs 15; Non-linear substitutions Linear transformations Key additionA. Galois FieldRefers to a field that is finite and has a finite order where thelater has to be a prime power of a prime. Each prime powerhas only one finite field GF(pn).
This concept is used in therepresentation of the AES 128,192 and 256 bits 19.B. Modular ArithmeticArithmetic is not done on a line as normal but rather in acircle. The values wrap around the circle and by so alwaysremaining less than the fixed number called the modulus6.
Also, the first two numbers are added, the result is divided bythe modulus and the remainder in the calculation is the answerto the operation. For instance;(10 + 13) mod 7 = (23) mod 7 = 2In division one simply divides the number provided by themodulus and the remainder is the answer. For instance;40 modulo 6 :406= (646)The remainder is four thus40 modulo 6 = 4C. Improving Diffusion Power of the AESRijnandael (2001) proposed to use the Mix column whichguaranteed high diffusion power over multiple rounds.The Mixed column operated on space of 4-byte to 4-bytelinear transformation as per the following criteria; beinginvertible, linearity, have diffusion power that is relevant, highspeed, introduce the symmetry concept and be straightforward.
Linearity, Symmetry and simplicity make the choice ofusing polynomial multiplication a good pick. Its ability tobe invertible, having relevant high diffusion power and highspeed takes advantage of the coefficients for an even betterperformance. The speed criterion ensures that the coefficientshave small values, in order of priority 00; 01; 02 : : : Wherevalue 00 means there is no processing taking place, 01 meansno multiplication needed, 02 can be executed using xtime,and 03 can be executed by the use of xtime and EXOR.Diffusion power induces more complicated conditions on theset coefficients in the equation.For a linear transformation, the branch number is a measureof the transformations diffusion power. This is defined by thefunction;F = Min(W((a) +W(F(a))Where F is the linear transformation, and W(a) is the bytevector weight.
Where F is the linear transformation, and W(a)is the byte vector weight.Its role in improving the power of the AES is that it allowsfor the upper bound for the branch number is reached 9.Two critical parameters are involved in the improvementof the diffusion strength of the AES.
The first one is findingthe 8×8 matrix with branch number 9 that is greater than fivethat way the diffusion strength of the algorithm is sure toincrease. The second one is the matrix is required to be theinverse of itself for the same matrix to be used for Mix Columnoperation. This reduces how complex the circuit that occupiesthe silicon area is when used in hardware.VIII. THREATS TO ADVANCED ENCRYPTION STANDARDIn 2011 it was announced that vulnerability had beenfound in the AES-256 scheme. This was particularly worryingsince it is this encryption that is used in online transactions,household Wi-Fi connections and mobile phone connections.How the AES works is that it gets the data a person istrying to encrypt say; a persons online banking username andpassword and scrambles it with a secret key.
If a person knowsthe encryption key, then they have access to someone elsesonline banking wallet (The bank has it). This could, therefore,be viewed not as system vulnerability but rather a humanvulnerability; how honest and professional are they do notdisclose customer information to malicious groups?A. Brute-Force AttackThis is a trial and error method of trying differentcombinations to get the encrypted password for access intosystems. It is a time consuming process since take forexample one wants to attack the AES-256 scheme then thatmeans they have to try combinations of 2256 which whenwritten in full is; 116,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.There are many combinations and requires a dedicatedalgorithm to break one encrypted password which could takeyears.
The table above represents the time required to computethe possible combinations required to crack the AES. TheFastest known super computer till date can process around 93PFlops a second. Even though using such kind of large scalecomputers to crack this AES algorithm would take millions ofyears and also huge chunks of cash to operate it. A averagescale super computer will consume around 4 megawatt ofelectricity per year, Which would cost up to 4 million USDper annum. So, performing a brute force attack in real worldscenarios would be practically impossible and not worth thetime and money.
Simply put it lacks economic sense and theprocess is therefore not practical. The general human publiccan rest easy on this.B.
CryptanalysisCryptanalysis is a type of attack where an attacker usessophisticated mathematics and computing power to decipherencrypted messages without the use of a cryptographic key.The goal of a cryptanalytic attack could be wanting to knowthe plaintext when they already have the ciphertext (Knownplaintext attack) or wanting to know the encryption key foruse on other messages (Chosen plaintext attack). Cryptanalysisis of two types: Linear crypt analysis: This attack performsapproximation of linear relationships that exists between aninput and the output.Here the combinations of plain text andcipher text are compared with key bits. A large number oftrials are made with some sample inputs so as to make theguess rate high.
The larger the number of trials the more itis easier to guess the key. Differential crypt analysis: Thisattack takes advantage of relationships between the differencein input and outputs of a function in the algorithm. In thisattack the trials are done with input with fixed differences inthe plain text and observing the differences occurred in ciphertext. The probability of successful attack is a bit more highthan linear technique.C. Timing AttacksFor this type of attack, attackers use the ideology thatdifferent calculations are solved at different times on computerprocessors. By Knowing the time taken, one can estimate thelength of a secret key.
This is then used in determining thealgorithm to use to decrypt the key 16.D. Biclique AttackThe biclique attack is said to be much more efficient than thebrute force attack as the computational complexity of bicliqueis far less than brute force attack. To perform brute force attackon AES 128, AES 192 and AES 256 require 2128; 2192 and2256 where as in biclique it only needs only 2126:1,2189:7 and2254:4 for AES 128, AES 192 and AES 256 respectively. Thisattack focuses on attacking each round in AES algorithm. Aswe attack we get sub cipher for every round, the more the subciphers the more the success rate of the attack will be but toprocess every sub cipher we need large computational power.Researchers demonstrated that by using a biclique attack,it was possible to get the AES keys a bit faster than whenthe brute-force attack method was used by a factor of 3 to5. Biclique is a variant of met in the middle method bycryptanalysis, and it utilizes a biclique structure to extend thenumber of possible attacked rounds 3.
However, due to itshigh computational complexity, the attack does not threatenthe use of AES.E. Power analysis AttackThese attacks are performed by monitoring the power consumptionof a cryptographic device when performing cryptographicoperation. The principle behind this kind of attack isvery simple, The voltages generated by the system changesperiodically with respect to every performing cryptographiccalculation. So, these voltages are monitored continuouslyusing a oscilloscope. For instance, the rounds in AES mayuse the same amount of electricity. The power analysis attackis majorly used to determine the point at which the algorithmshould be attacked. The point of attack can be determinedby power traces.
To perform this kind of attack successfullyone must assume that there is a indirect relation between thepower consumption of the system and type of operation beingperformed. Power analysis attacks can be defined into twotypes:1) Differential power analysis: Spa cannot be used all aloneto extract required data for decryption. As SPA is used todetermine large differences, DPA can be used effectively todetermine small power variations which can later be corelatedto the data values that are being manipulated by variousoperations in the system. Generally, to perform a DPA attackone must first analyze the power consumption of the machineby running the same algorithm with different sets of data.
Afterthe analysis of power traces key can be guessed by making useof the power consumption patterns11. The Figure 11 belowdepicts the rise in power trace is nothing but the change indata made by the algorithm.Fig. 11.
Differential power analysis 2Key size Possible Combination Time Consumption128-bit 3.4 x 1038 1.02 x 1018 Years192-bit 6.2 x 1057 1.87 x 1037 Years256-bit 1.1 x 1077 3.31 x 1056 YearsTABLE IIICOMBINATION2) Simple power analysis: This is the basic form of poweranalysis techniques. In SPA we examine the power traces forlarge amount of difference in power consumption.
Using thistechnique, we can find out which operation is being performedor even sometimes we can determine the bit value beingchanged by the instruction.For instance, AES algorithm hasseveral rounds of computations in it. The spike in powertraces seen in the figure below represent the change in powerconsumption at every operation.Figure 12.Fig. 12.
Simple Power Analysis 14F. Fault injection analysisAES can be cracked if the attacker can have physical accessto the cryptosystem. Fault injection method needs to havephysical access to execute the attack.
the main prerequisiteto this attack is to have a model of the system i.e attackermust have the knowledge of function of the system beforeeven planning the attack. The attacker induces faults into thesystem to retrieve AES keys. It is said that attacker can achievethe key by analyzing less than 50 cipher texts.
G. Algebraic AttacksThe algebraic attack main motto is to solve a series ofequations to obtain the key. AES can be defined as a complexsystem of one or more variable polynomial equations. Theseattacks mainly focus on solving a system of complex equationsarising from the block cipher which will lead to the recoveryof the encryption key. Most of the block ciphers have iteratedstructures (Repeated several rounds) as a result very complexand large equations are formed. This kind of attacks areperfect in theoretical sense but unfortunately, they are neverconsidered as a threat in real life scenarios as it need extremelylarge scale computational power and huge operational costs.
H. Boomerang attackThis attack is a kind of upgraded differential cryptanalysis.This attack was first published by David Wagner in 1999.This attack processes data in quadruples or multiples of 4instead of operating in pairs with fixed differences in data. Thisattack observes quadruples of plain texts with their respectivequadruples of cipher texts at every round or intermediatestages. The boomerang attack is said to be faster than manydifferent kinds of attacks but not have been proved properly.IX. PRACTICALITY OF ATTACKSMost of the attacks on Advanced Encryption Standardcryptographic systems are highly academic as they come fromacademic institutions.
Most of them involve many unrealisticassumptions of the environment and the capabilities of theattacker. They are also theoretical and not sufficiently proven.It is for this reason that they are not as practical as theymay sound. Since its introduction, the AES has proved tobe a significant breakthrough in cryptosystems, and this isshown by the fact that the technology has been embracedin banking systems, Software languages among others. Inbanking systems, its use on credit cards to enable safe onlinetransactions has been particularly impressive.X.
CONCLUSIONThe AES algorithm is widely adopted and supported inboth software and hardware fields. This widespread useis because the Advanced Encryption Standard guaranteessecurity. It also improves performance in different settingssuch as hardware implementations, smart cards, etc.
Aspreviously stated, even Intel is putting native code for AESin their chips for security purposes, but also for performance.Today, no practical cryptanalysis attacks against AEShave been discovered. However, just as with DES, thesecurity of AES is assured only if it is correctly implementedand proper key management is employed. These concernsnotwithstanding, AES is strong enough to be certified for useby the U.S. government for top secret information.As the Advanced Encryption Standard on its introductionto the open market had a lot that was expected of it interms of convincingly replacing the Data Encryption Standard.
With the fast and steady growth in technology, all systemsincluding banks and education systems had to be protectedfrom malicious compromise. It is correct to confidently statethat the decision by the NIST to replace the DES with theAES was the right choice since it has stood the test oftime. However it is important to understand that security andintegrity of systems is only as good as the people who usethem. Passwords chosen should be strong enough so that theyare not easily cracked by malicious persons.
ACKNOWLEDGMENTIt is a great opportunity for us to write about subject like (AnAnalysis of the Advanced Encryption Standard and ThreatsAssociated). At the time of writing this paper we have gonethrough different books, articles, research papers and forums.We acknowledge with gratitude to the Associate professorGeorge Amariucai, M.Sc., Ph.D., Department of computerscience, Kansas State University, our teacher who has alwaysbeen helpful in making us understand the different conceptsand conceptual problems In our research paper.