Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES)

In today’s digital world, it is very important to protect our data. The Advanced Encryption Standard (AES) is one of the most used and trusted encryption methods for securing data or information. Whether you have to browse the internet, make online payments, or secure your personal files, AES helps you keep your information safe. It is designed to replace the outdated DES algorithm, which cannot be resistant to modern attacks due to modern systems.

In this article, we will discuss what you need to know about AES encryption, how it works, its types, applications, features, and how it compares to other encryption methods such as DES and RSA.

Table of Contents:

What is Advanced Encryption Standard?

AES stands for Advanced Encryption Standard. AES is a method that is used to secure digital information by converting the information into a format that no one can understand without the correct key. It is a type of symmetric encryption in which the same secret key is used to both encrypt (lock) and decrypt (unlock) the data. Due to this, AES is fast and efficient for securing information.

What is Advanced Encryption Standard

AES was developed to replace the older DES (Data Encryption Standard) and was officially adopted by the U.S. government in 2001. It is now used in various fields of the technical world, such as for secure online banking and shopping, securing Wi-Fi networks, files, and personal information, etc.

History and Development

Before AES, for information security, DES was used in that generation of computers. But with the development of modern computers, the need for a new encryption standard arose in the 1990s when DES was deemed insecure. In 1997, NIST initiated a public competition to develop a better and new encryption standard. After evaluating several candidates, the Rijndael algorithm, which was developed by Belgian cryptographers Vincent Rijmen and Joan Daemen, was selected as the foundation of AES. And then AES was officially published as FIPS PUB 197 in November 2001.

Key Features of AES

1. Symmetric Block Cipher: AES uses the same key for both encryption and decryption, which makes it faster and efficient.
2. Block Size: AES is fixed at 128 bits.
3. Key Sizes: It supports 128, 192, or 256 bits for different levels of security.
4. Number of Rounds: 

  • 10 for 128-bit keys
  • 12 for 192-bit keys
  • 14 for 256-bit keys

5. High Performance: It is efficient on a wide range of hardware and software.
6. Strong Security: AES is resistant to all known practical attacks when implemented correctly.

Cyber Security Course
This Cyber Security course, created by iHub IIT Roorkee and EC-Council, trains you to be a certified cybersecurity expert.
quiz-icon

Types of AES

There are three main types of AES that are used in modern technology.

1. AES-128

The key and block sizes are 128 bits (16 bytes) each. It has 10 rounds of encryption. AES-128 is strong and trusted for most applications. It is fast and efficient on most hardware. It is commonly used in Wi-Fi encryption (WPA2), TLS/SSL, disk encryption, and secure communication protocols. AES-128 provides a good balance between security and speed, and is good for most everyday encryption needs in devices.

2. AES-192

The key size is 192 bits (24 bytes), and the block size is 128 bits (16 bytes). It has 12 rounds of encryption. AES-192 is stronger than AES-128 and provides higher resistance against brute-force attacks. It is slightly slower than AES-128 due to more rounds and a longer key size. It is used in devices that need higher security than AES-128 but only moderate performance. AES-192 provides good security and speed between AES-128 and AES-256.

3. AES-256

The key size is 256 bits (32 bytes), and the block size is 128 bits(16 bytes). It has 14 rounds of encryption. It has the highest security among AES variants and is extremely resistant to brute-force attacks. It is slower than both AES-128 and AES-192 due to more rounds and a larger key size. AES-256 is used in sectors that need high-security applications, such as government, military, and financial sectors. It provides the strongest encryption and is the most trusted version when maximum security is needed.

How does AES work?

How does AES work

AES works by converting readable and understandable data into unreadable code using a secret key. It encrypts data into fixed-size blocks of 128 bits. It uses a key depending on the security level. The process starts with expanding the secret key into multiple round keys. The data goes through an initial round where it is mixed with the first round key. AES works on a 4*4 matrix of bytes. There are several more rounds in which each byte goes through several rounds, such as substitution, shifting rows, mixing columns, and adding round keys. The final round completes the encryption without mixing columns. 

To decrypt the data, the same steps are repeated in reverse order using the same secret key, and the result is that now the original data can be read with the key.

The steps that are followed in AES are:

  1. Sub-Bytes
  2. Shift Rows
  3. Mix Columns
  4. Add Round Key
Steps of AES working

Let’s understand its working with an example.

At first, let’s take an input and a secret key for understanding the working process step-by-step.

Input: “HELLO123WORLD456”

Secret key: “MYSECRETKEY12345”

Step 1: Convert Plaintext or Input into a 4×4 Byte Matrix (State)

Each character is converted into its ASCII byte value and arranged in a 4*4 matrix.

The input in hex is:

48 45 4C 4C 4F 31 32 33 57 4F 52 4C 44 34 35 36

And,

Key in hex is:

4D 59 53 45 43 52 45 54 4B 45 59 31 32 33 34 35

Now, the 4*4 input matrix is 

4x4 matrix

And, the 4*4 key matrix is 

4x4 Key matrix

Step 2: AddRoundKey (Initial Round 0)

Each byte of the state (input) matrix is XORed with the corresponding byte of the key matrix.

Let’s do this column by column.

For column 1:

Input Key XOR Result
48 4D 05
45 59 1C
4C 53 1F
4C 45 09

For column 2:

Input Key XOR Result
4F 43 0C
31 52 63
32 45 77
33 54 67

For column 3:

Input Key XOR Result
57 4B 1C
4F 45 0A
52 59 0B
4C 31 7D

For column 4:

Input Key XOR Result
44 32 76
34 33 07
35 34 01
36 35 03

Final Resulting Matrix (After AddRoundKey) is:

Resulting state matrix after AddRoundKey

Now, this matrix becomes the new AES state that will be passed through the next stages (SubBytes, ShiftRows, etc.) for Rounds 1-10.

Step 3: 9 Main Rounds, where each round has 4 steps

Now the below 4 steps will be done for the 9 rounds.

Sub-Step 1: SubBytes

In this step, each byte is replaced by its corresponding value in the AES S-box.

AES S-box is a 16*16 matrix with the hex values.

0 1 2 3 4 5 6 7 8 9 A B C D E F
0 63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76
1 CA 82 C9 7D FA 59 47 F0 AD D4 A2 AF 9C A4 72 C0
2 B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 15
3 04 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75
4 09 83 2C 1A 1B 6E 5A A0 52 3B D6 B3 29 E3 2F 84
5 53 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 CF
6 D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8
7 51 A3 40 8F 92 9D 38 F5 BC B6 DA 21 10 FF F3 D2
8 CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 73
9 60 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB
A E0 32 3A 0A 49 06 24 5C C2 D3 AC 62 91 95 E4 79
B E7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE 08
C BA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A
D 70 3E B5 66 48 03 F6 0E 61 35 57 B9 86 C1 1D 9E
E E1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 DF
F 8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16

To substitute a byte (e.g., 0x4C):

  • Take the first hex digit (4) as the row.
  • Take the second hex digit (C) as the column.
  • Look up the value at row 4, column C -> value is 0xB3.

So, SubBytes(0x4C) = 0xB3.

SubBytes

Sub-Step 2: ShiftRows

The rows are shifted by different positions in the matrix.

  • 1st Row: No shift -> 6B 7E 72 38
  • 2nd Row: Shift by 1 position to the left -> 85 67 C5 72
  • 3rd Row: Shift by 2 positions to the left -> 2B 7C C0 F5
  • 4th Row: Shift by 3 positions to the left -> 7B 01 85 21

After the row shifting, the state matrix is

ShiftRows

Sub-Step 3: Mix Columns

Now, each column is transformed using Galois field multiplication. This is the most complex step mathematically, and it uses the fixed matrix:

Fixed matrix

This fixed matrix is then applied to each column of the matrix using XOR and multiplication operations in GF(2^3).

So, after the mix columns, the state matrix is

Mix-Columns

Sub-Step 4: AddRoundKey (Round 1 Key)

Now, take each byte and XOR it with the Round 1 Key (from the AES Key Expansion). For this explanation, we will use an example key column to illustrate how XOR works.

Example Round 1 Key:

Example Round 1 Key

Now, each byte is XORed with the current round key.

First Column:
12 ⊕ A1 = B3
7C ⊕ E5 = 99
35 ⊕ C3 = F6
E5 ⊕ D4 = 31

Second Column:
28 ⊕ B2 = 9A
35 ⊕ F6 = C3
E2 ⊕ 29 = CB
9B ⊕ 7E = E5

Third Column:
F5 ⊕ C3 = 36
3D ⊕ 07 = 3A
B8 ⊕ 4B = F3
82 ⊕ 5C = DE

Fourth Column:
32 ⊕ D4 = E6
F9 ⊕ 18 = E1
D8 ⊕ 8F = 57
8D ⊕ 90 = 1D

This is the state matrix at the end of Round 1.

state matrix at the end of Round 1

The same process is repeated for rounds 2 to 9.

Step 4: Final Round (AES Round 10)

The 10th round of AES (for AES-128) is different from the previous 9 rounds because there is no Mix Columns in the final round. Thus, it involves only three steps: SubBytes, Shift Rows, and Add Round key.

So, the final matrix will be

Final Round Matrix

Step 5: Output

After the complete 10 rounds, the state matrix is transformed into an encrypted output. The output is called as Ciphertext, which cannot be read without the same secret key.

The encrypted hexadecimal output is:
BA F9 FB 7C 8B 96 50 FA 86 3F 4A 72 4C 34 C5 7D

Get 100% Hike!

Master Most in Demand Skills Now!

Why is AES Important?

Here are a few reasons why AES is important:

  • AES protects sensitive information from unauthorized access.
  • It provides strong encryption, which is very difficult to break.
  • It is fast and efficient, and works faster even on low-power devices.
  • AES is used in banking, communication, and data storage.
  • It is approved by the government and security organizations, thus, it is safe to use.
  • It is the global standard for modern data encryption.
  • AES is a type of symmetric encryption that makes it simple and fast.

Applications of AES

1. Encrypted Browsing: HTTPS encrypts websites using AES. It protects login credentials, banking, and personal information. It is used in all modern browsers for safe and secure communication.

2. Processor Security: The modern Intel and AMD CPUs support built-in AES for encryption or decryption at the hardware level.

3. Wireless Security: Wi-Fi encryption is done using WPA2 and WPA3 standards, which protect data transmitted over wireless networks. It is used in home routers, enterprise networks, and public hotspots.

4. General File Encryption: AES is also used to transfer encrypted files between associates. It secures data on laptops, USB drives, and external disks.

5. Mobile Device Encryption: Android and iOS use AES for full-device encryption because it protects contacts, messages, photos, and apps. It is enforced by default on most smartphones nowadays.

6. Password Managers: Apps such as 1Password, LastPass, etc., use AES to store login credentials in an AES-encrypted vault. It protects sensitive data with one strong password.

7. Financial Transactions: AES encrypts payment data in credit card terminals. It is used in EMV chips and mobile wallets such as Google Pay. It provides secure communication between terminals and banks.

8. Document Protection: The password-protected PDFs, Word, and Excel documents use AES to encrypt and decrypt contents and metadata. AES prevents unauthorized access, viewing, or editing.

Differences Between AES and DES

Feature AES (Advanced Encryption Standard) DES (Data Encryption Standard)
Developed By NIST (2001) IBM, adopted by NIST (1977)
Key Size 128, 192, or 256 bits 56 bits
Block Size 128 bits 64 bits
Security Level Very High Low (easily breakable today)
Speed & Performance Fast and efficient Slower and outdated
Rounds 10, 12, or 14 (depends on key size) 16 rounds
Encryption Structure Substitution, thus, Permutation Network Feistel Network
Resistance to Attacks Strong against brute-force & cryptanalysis Vulnerable to brute-force, differential cryptanalysis
Hardware/Software Support Widely supported, including AES-NI Mostly historical or legacy systems
Use Cases Modern encryption: Wi-Fi, VPNs, HTTPS, file encryption Legacy systems, historical reference

Attacks on AES Encryption

1. Brute-Force Attack

A brute-force attack is an attempt to try every possible key. AES has such a large key space that a brute-force attack is practically impossible with the current technology.

2. Side-Channel Attacks

Side-channel attacks mainly target the implementation and not the AES algorithm. It measures power, timing, and electromagnetic leaks, and can reveal keys if AES is poorly implemented.

3. Related-Key Attacks

The related-key attack uses relationships between similar keys to find the encryption key. It only works on reduced-round versions of AES in theory and cannot be practically done.

4. Weak Key / Password Usage

This type of attack happens when predictable or reused passwords are used as encryption keys. This makes AES weak, and an attack occurs. 

5. Fault Injection Attacks

Physically tampering with the devices to cause errors and leak key information is a fault injection attack. It also makes the AES weak due to some faults in hardware.

How to Prevent Attacks on AES Encryption

  • Always use strong and random keys generated by secure cryptographic systems.
  • Use password managers for secure storage of passwords.
  • Never hard-code keys into applications.
  • Enable AES-NI in your system to reduce side-channel risks.
  • Use secure modes such as GCM or CBC.
  • Restrict physical access to devices with the help of AES operations.
  • Enable multifactor authentication in your system or device.
  • Also, use a firewall or anti-malware software on your system.

AES vs RSA

Feature AES (Advanced Encryption Standard) RSA (Rivest-Shamir-Adleman)
Type of Algorithm Symmetric key encryption Asymmetric key encryption
Key Usage Same key for encryption and decryption Public key for encryption, private key for decryption
Speed Very fast and efficient Slower, especially for large data
Key Length 128, 192, or 256 bits Typically 2048 or 3072 bits
Security Basis Substitution, thus, is a permutation network Based on the difficulty of factoring large primes
Use Case Encrypting bulk data, files, and communication Secure key exchange, digital signatures
Computational Cost Low High
Example Use Wi-Fi, VPNs, disk encryption SSL/TLS handshakes, email encryption
Ethical Hacking Course - CEH v13 Certification
This Ethical Hacking Certification Course is an EC-Council accredited course led by industry experts
quiz-icon

Conclusion

The Advanced Encryption Standard (AES) is one of the key aspects of modern digital security. AES offers good speed, efficiency, and robust encryption to keep your information protected. AES has been created as the replacement for the now-outdated DES algorithm. AES has three key sizes: 128, 192, and 256. Each level of encryption offers different security levels in the industry, from wireless to financial transactions. Although AES is strong and usable, there are some threats that are possible due to the wrong implementation of AES and weak user passwords in the system. Thus, understanding the AES, types of AES, how it works, its features, and prevention of attacks will help you use AES and secure your data better.

Advanced Encryption Standard (AES) – FAQs

Q1. What does AES do?

AES is used to encrypt data in a wide variety of applications, like secure web browsing, Wi-Fi networks, file encryption, mobile devices, and financial transactions, etc.

Q2. What are the different types of AES?

There are three types of AES: AES-128, AES-192, and AES-256. They differ in key size (bits), as well as security levels.

Q3. Is AES secure from hackers?

In practice, AES is extremely secure from practical attacks if correctly implemented using strong keys.

Q4. What is the difference between AES and DES?

AES uses larger key sizes than DES, has more rounds, and provides better security. DES is an older version that is also easily compromised by modern attacks.

Q5. Can AES be broken by brute force?

No. AES has longer key sizes than DES, and is practically immune to brute-force attacks using current technology.

About the Author

Lead Penetration Tester, Searce Inc

Shivanshu is a distinguished cybersecurity expert and Penetration tester. He specialises in identifying vulnerabilities and securing critical systems against cyber threats. Shivanshu has a deep knowledge of tools like Metasploit, Burp Suite, and Wireshark. 

Become a Cyber Security Expert