Endpoint Encryption

 View Only
Back to Library

What if AES fails? 

Oct 03, 2014 02:57 PM

eggsbasket_0.jpeg

In the data security world, having a backup plan is important, especially for vendors protecting enterprise big data. Having a living list of data encryption ciphers could save a lot of time for cryptanalysts in the event that AES ever fails.Consider for a moment how much sensitive information is in your Enterprise. How much of it is encrypted: is it Gigabytes, Terabytes or more?

Now, what would happen if someone told you that all of it was vulnerable - that the encryption didn’t mean anything? Think - for a moment - what would happen if the sky fell and Advanced Encryption Standard (AES) was suddenly found to be critically broken. What then?

If you could then snap your fingers and push a button and simply move the data - the sheer amount of data to move would be enormous, but so is all the stuff that happens during the time it takes for a figurative snap of the fingers.

To further illustrate how much critical information can change in a flash, take this hypothetical scenario as an example: A cryptanalyst finds a critical break against AES and publishes the findings. The cryptographic community vets this in short order and confirms it. Someone tips off the media and it goes viral. Enterprises begin to respond, and what do you think they will do? They will call the vendor, who originally supplied the protection (us, for instance). What follows is not an actual conversation (AES is still secure!) but is possible:

Angry customer: What are we going to do with all of this “encrypted” data? How can we be secure?
Vendor: We will start to look into it.
Angry customer: When will you have an answer?
Vendor: As soon as possible.
Angry customer: That’s not good enough.
Vendor: What’s your alternative?

Instantly, there is pressure on vendors to scramble and find a suitable alternative. Some vendors may be able to dust off existing IP and provide proprietary answers to their customers – interoperation is low in this scenario.  The urgency of the need coupled with the existing diversity of requirements by varying institutions quickly drives down interoperability as everyone works to get something that works for them or for their community.  Worse still, the desperate urgency acts as a siren call to all: including the ethically dubious or technically inept.  Interoperation is driven out and snake oil rears its ugly head.  The standards bodies and security agencies work towards a solution, but that takes time (AES took 3-4 years).

In this scenario, the bottom fell out of our AES basket and all of our data eggs dropped on the floor.

This is a long-winded argument for algorithm diversity, for a suite of algorithms* of similar/identical security levels so that Enterprises can have multiple baskets within which to place the data they are entrusted with guarding. However, back to the question - what if AES fails? What *is* the next algorithm? What encryption tool works seamlessly, operates with today’s performance parameters, potentially on low-power or low-complexity devices, etc..? What are the alternatives? What ciphers are even out there?

This author had trouble finding such a list for data-encrypting ciphers. Cryptography is an active field: Any such list would quickly be out of date. A useful list would be dynamic and would be updated periodically - a human would curate it and make it a “living” document. Such an activity might just reduce the research time by weeding out “known bad” algorithms and providing at least some basis for support or further investigation.

It is proposed that we do it. A draft is below. Expect an “expires by” date to accompany the linked document.

Such a list begins to take on additional utility. Cipher designers may be able to use a gathered list of cryptanalytic techniques to not represent a cipher “secure against known cryptanalytic attacks”, but “secure against known cryptanalytic attacks  (see footnote for list)”. Cryptanalysts could use this to either wield a new cryptanalytic tool against previous ciphers or to expand the applicability of a specific cryptanalytic technique to more ciphers. Those studying the field could hone their cryptanalytic skills on new and interesting ciphers. Some analytics could estimate historical longevity of ciphers (is it 10 years or 20 years?), the graduated death of a cipher as it is abandoned, estimates of risk around a mono-cultured symmetric encryption algorithm, probably lots more by starving grad students.

For now, here is a living list of data encryption ciphers. If AES ever fails, maybe we can look here and answer some of those questions (or at least save time). Download below.

* - eSTREAM, for instance.

Statistics
0 Favorited
0 Views
1 Files
0 Shares
0 Downloads
Attachment(s)
zip file
Symantec-Cipher-Register.zip   62 KB   1 version
Uploaded - Apr 10, 2020
 
Download

Tags and Keywords

Comments

Migration User
May 20, 2017 11:39 AM

Very interesting... I have recently learned from this: http://www.winzip.com/win/en/learn/aes-encryption.html about aes encryption, but I couldn't stop wondering if it is 100% safe or not, and your article gave me a wonderful answer. Thank you!

MIXIT
Oct 15, 2014 10:28 PM

The one thing that is assured is that if it's on the horizon, it's going to happen.  And I surely know that somebody somewhere will call their company Qomputing, because you know how it is, even the smartest people have to use lame word tricks to make their name catchy in a market place. 

 

Given the impact easily cracking RSA and the like would have, I feel as though it's likely we would not see the results of the development of quantum computing as openly as we think. 

 

By the way I will skip through the links you referenced, though I hope others will have opportunity to take advantage.  Crypto is far from anything I spent my days as an IT person with, so for me it's just interesting discussion but I'm not overly qualified to debate the details that's for certain.  I did read the WikiPedia article and am now about to click on the master's thesis. 

Maren Peasley
Oct 10, 2014 05:23 PM

Hey MIXIT,

I believe the Quantum Crypto stuff focused on breaking things like RSA is mainly focused around Shor's algorithm.  I first found this on the Wikipedia article (here).  Just now I found the pqcrypto.org site and from there I found Hong Zhu's Master's thesis.  In there I found the polynomial (time) estimation on page 48 at the very end of section 6.3.1.  The 'n' taken there is the public part of an "RSA/2048" key.  The limiting factor doesn't appear to be the time compexity, but the logic gate complexity whose requirements are also polynomial: see Bruce Schneier’s post on this "Quantum Computing: Hype vs. Reality".

We don't have a quantum computer yet (or we do, or something between.)

 

Long story short: We won’t be waiting around for a quantum computer to break RSA, we’ll be waiting around for someone to build that quantum computer.

Thanks for reading my article!

- Maren

MIXIT
Oct 10, 2014 02:08 PM

Have you guys watched some of the more interesting documentaries over the past year about such things as quantum computing and it's impact on brute forcing encryption?  Very interesting stuff.  Wish I had links to examples offhand but in any case, the very quick summary is that standard computing, even when you're parallel processing, is ultimately binary 1 or 0 but in quantum computing you essentiall yave both 0 and 1 occuring at the same time, or in multiple places, and well, I don't even know how to put it into words but you can have a form of unlimited simultaneous transactions, so that 2048 bit hash would be cracked in 0.0000000000000000000000000000000000000000000000000000001 seconds, or thereabouts. 

 

Admittedly I know little about this stuff, but that's how I interpreted the info I saw on quantum computing and it's impact on encryption. 

Migration User
Oct 10, 2014 01:20 PM

Nice article that brings up a very valid concern. Most encryption products would fail miserably in a situation where the algorithm needs to be replaced. Granted, it's not a walk in the park to decrypt and encypt again, but would be nice to have the option. Being able to respond rapidly to such a disaster (waiting to happen, that's for sure) should be part of a good encryption solution. A customer might not have a right to be upset with the vendor, as the algorithm was not designed by the vendor, but having the flexibility to replace the algorithm with minimum business impact should be high in the vendor selection decision making.

 

 

MIXIT
Oct 06, 2014 08:25 AM

Just like DES and triple DES have been superceded by AES, AES is or will be (depending on who you talk to) as well.  From a state-level perspective, AES I think is not considered unbreakable.  Of course we must assume that all cipher suites are breakable and work to make better ones.  Hence why there are certain institutions that are working on better stuff all the time.  Perhaps read this for useful insight.  :

 

http://en.wikipedia.org/wiki/SHA-3

 

I don't know much about eSTREAM, only that from the website it looks a bit obscure in terms of where it is now and where it's going.  I don't know though, I could only spend a couple of minutes skimming through.  I don't see content current as of later than 2012 though.  If the suite is competing with other suites, it needs to give a sense of being cutting edge or the bean counters will think it's older tech and ignore it. 

Related Entries and Links

No Related Resource entered.