Algorithms - Part 1 - AES (Advanced Algorithm Standard)

Let’s talk about cryptographic algorithms. Algs (yes, we’re on a nickname basis, no big deal) provide the backbone for the crypto methods that we use in modern computing, and yet we’re generally willing to just refer to them tangentially, in passing, and without too much scrutiny. This is the first of three blog posts, delivering digestible information on algorithm topics that should be understood individually and in the context of FIPS 140 to help you make better strategic decisions. Let’s start with AES.

It’s gotta be the most popular of the algs, judging by the number of marketing references. Walk around the RSA Conference or the Black Hat expo and count the number of times that you hear “AES” dropped casually into conversation or plastered across booth signage - it’s pretty significant. Why? Well, two reasons. First, because it was established purposefully as the primary go-to algorithm in a competition hosted by NIST. And second, because many marketing folks don’t really understand it.

The selection process of what is actually the Rijndael cipher to become the Advanced Encryption Standard (AES) was actually pretty cool. NIST knew that the Data Encryption Standard (DES) would need to be phased out and replaced with something more resilient for future-proofing, so in 1997, NIST announced a call for submissions. The parameters were defined to be a block cipher, supporting a block size of 128 bits and key sizes of 128, 192, and 256 bits. After several rounds of analysis and debate, Rijndael was announced as the new AES in October of 2000. Developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen, the cipher is based on a design principle known as a substitution–permutation network. It’s a fascinating process that we aren’t going to dive into deeper here, but you should check it out if that intrigues you.

To formalize Rijndael as the Advanced Encryption Standard, NIST issued FIPS Publication 197 in November 2001. AES implementations are tested and certified for FIPS 197 as part of the Cryptographic Algorithm Validation Program (CAVP), generally as part of the overall cryptographic module evaluation against the FIPS 140-2 standard. The FIPS 197 CAVP certificate alone does not satisfy procurement requirements for the U.S. federal government, for example, because purchasing officers rely on the FIPS 140-2 validation to confirm that the implementation was completed correctly within the context of cryptographic module. Common Criteria certification is one exception, but that’s a rabbit hole for another day.

This has confused many and has led to many marketers blowing smoke about AES. The existence of FIPS 197 and the public availability of algorithm test vectors spawned an urban legend of sorts, that the use of AES alone met requirements for federal and regulated industries by being “FIPS 197 compliant”. Nothing could be further from the truth. While AES is the workhorse of most cryptographic modules, that’s exactly what it’s designed to do. It’s an oversimplification and fallacy to believe that the AES algorithm by itself is a competitive differentiator or represents compliance of any sort. Lazy marketers who point to AES aren’t doing themselves any favors. It’s like proudly announcing a new sports car that runs on premium unleaded gasoline. That’s not going to garner any accolades, it’s just going to make potential customers think that you don’t actually know what you’re talking about.

So to recap - AES is the Advanced Encryption Standard, the algorithm selected by NIST to be worthy of everyday use, but it is the FIPS 140-2 validated module that opens doors in regulated industries. As an end-user, you must remember that the CMVP certification matters more than the implemented algs. To that point, a cryptographic module can achieve FIPS 140-2 validation without using AES at all! As a marketer, don’t risk damaging your credibility by over-emphasizing AES or any single algorithm. Wait until you have a validated module to promote, and then go to town. (Use SafeLogic and you won’t be waiting long at all. Shameless plug, I know, but hey, it’s our blog.)

I will vacate my soapbox now, but please join me next week for a look at Suite B algorithms.