The Advanced Encryption Standard (AES) system was long believed to be invulnerable to attack, but a group of researchers recently demonstrated that there may be an inherent flaw in AES, at least theoretically. The study was conducted by the University of Luxembourg's Alex Biryukov and Dmitry Khovratovich, France's Orr Dunkelman, Hebrew University's Nathan Keller, and the Weizmann Institute's Adi Shamir. In their report, "Key Recovery Attacks of Practical Complexity on AES Variants With Up to 10 Rounds," the researchers challenged the structural integrity of the AES protocol. The researchers suggest that AES may not be invulnerable and raise the question of how far is AES from becoming insecure.
"The findings discussed in [in the report] are academic in nature and do not threaten the security of systems today," says AppRiver's Fred Touchette. "But because most people depend on the encryption standard to keep sensitive information secure, the findings are nonetheless significant."
AirPatrol CEO Ozzie Diaz believes that wireless systems will be the most vulnerable because many investments in network media are wireless, and there is no physical barrier to entry. Diaz says that exposing the vulnerability of the AES system could lead to innovations for filling those gaps.
Touchette says that AES cryptography is not broken, and notes that the latest attack techniques on AES-192 and AES-256 are impractical outside of a theoretical setting.
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA
No entries found