CIS 565 Lab Assignment 2: Advanced Encryption Standard (AES)

Cis 565 Lab Assignment 2 Advanced Encryption Standard Aeslab Assi

This exercise uses the Advanced Encryption Standard (AES). The United States National Institute of Standards and Technology (NIST) adopted AES as Federal Information Processing Standards Publications 197 (FIPS PUB 197) in 2001. AES supports key lengths of 128, 192, and 256 bits; JavaScript uses 256-bit keys exclusively. For this exercise, you will need to use two different email accounts (your Strayer email account and your personal email account). You will create an encrypted message and send it from your first email account to your second email account.

Paper For Above instruction

The following paper comprehensively discusses the practical implementation and understanding of the Advanced Encryption Standard (AES) in a typical communication scenario involving email messaging. The process showcases how AES encrypts a message, ensuring confidentiality during transmission across an insecure channel. This document also evaluates key features of AES, differentiates it from other encryption standards such as DES, and explores its significance in modern cybersecurity.

Introduction to AES and Its Relevance in Secure Communication

The Advanced Encryption Standard (AES) has revolutionized data encryption since its adoption by NIST in 2001. Approved as a Federal Information Processing Standard (FIPS PUB 197), AES is a symmetric key encryption algorithm that ensures data confidentiality across various platforms and applications. It supports key lengths of 128, 192, and 256 bits, with the latter being predominant in high-security contexts. AES's widespread adoption stems from its robustness, efficiency, and resistance to cryptanalytic attacks, making it the backbone of secure digital communications today (Daemen & Rijmen, 2002).

Practical Application: Encrypting and Sending a Message via Email

The practical exercise involves generating an AES key, encrypting a message, and transmitting this encrypted content through email. First, users generate a secure 256-bit key using JavaScript-based tools, like the JavaScript Encryption and Decryption page. This key must be securely stored, as it is essential for subsequent decryption. After creating a plaintext message, the user encrypts it with the AES key, resulting in a ciphertext that appears unintelligible without the key.

This encrypted message is then transferred via email from a sender's account to a recipient's account. Upon receipt, the recipient uses the same AES key to decrypt the message, thereby retrieving the original plaintext. Such a process ensures that, even if the email is intercepted, the message remains confidential without the key, highlighting the importance of secure key management and exchange.

Step-by-step Breakdown and Significance

The initial step involves generating a strong cryptographic key, which is crucial to the security of the encrypted message. The key's randomness and length directly affect the encryption's strength. By copying this key into a notepad and storing it securely, users prepare for the encryption and decryption phases.

Entering the plaintext into the "Plain Text" box, clicking "Encrypt," and observing the ciphertext demonstrates AES's core operation: transforming readable data into an unreadable format. The ciphertext displayed below "Cipher Text" represents this transformed data, which is unintelligible without the key to reverse the process during decryption.

Copying this ciphertext into an email body exposes the encrypted data for transmission. Once the email is sent, the recipient opens it and uses the same key to perform decryption. The decryption process, when successful, displays the original plaintext message, thereby completing the secure communication loop.

Security Considerations and Key Management

One critical aspect of AES encryption involves key management. The security of the message relies on the secrecy and integrity of the key. Exchanging keys via insecure channels may compromise security; hence, secure key exchange mechanisms like Diffie-Hellman or public key cryptography are often employed in practice.

In the described scenario, the key used for encryption remains constant between sender and receiver. If a person lacks the key, decrypting the ciphertext is generally infeasible, reinforcing the importance of secure key sharing. Also, the encryption process must ensure the key is not easily guessable or susceptible to brute-force attacks, especially given AES-256's computational strength.

Comparison: AES vs. DES

Unlike the Data Encryption Standard (DES), which uses a 56-bit key and operates with 64-bit blocks, AES employs longer key lengths and processes data in smaller, more secure blocks. DES's shorter key length makes it vulnerable to brute-force attacks, leading to its obsolescence. In contrast, AES supports 128, 192, and 256-bit keys, making it significantly more resistant to such attacks (Schneier, 1996).

AES’s design employs substitution-permutation networks, which enhance security by providing high diffusion and confusion properties. Its efficiency on hardware and software platforms further secures its standing as the encryption standard for sensitive data across various sectors, including government, financial, and personal communications (Daemen & Rijmen, 2002).

Why AES Is Considered More Secure Than DES

The primary reasons many security experts regard AES as more secure than DES involve its larger key size and robust design principles. The increased key length exponentially enhances resistance to brute-force attacks. Moreover, AES’s algorithmic structure is more resistant to cryptanalytic techniques such as differential and linear cryptanalysis, which posed threats to DES (Barker & Kelsey, 2010). Its resistance to cryptanalysis, combined with the computational infeasibility of cracking 256-bit keys using current technology, establishes AES as the preferred choice in contemporary encryption solutions.

Conclusion

The practical implementation of AES for encrypting and transmitting messages via email underscores its pivotal role in ensuring confidentiality. Proper key management, secure exchange methods, and an understanding of AES's advantages over older standards like DES are fundamental for securing digital communication. As cybersecurity threats evolve, AES remains an essential tool, combining robustness, efficiency, and adaptability to protect sensitive information across diverse applications.

References

• Daemen, J., & Rijmen, V. (2002). The Rijndael Block Cipher. Springer.
• Barker, E., & Kelsey, J. (2010). Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. NIST Special Publication 800-56A.
• Schneier, B. (1996). Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley.
• FIPS PUB 197. (2001). Advanced Encryption Standard (AES). National Institute of Standards and Technology.
• Rijmen, V., & Daemen, J. (2008). The Design of Rijndael: AES — The Advanced Encryption Standard. Springer Science & Business Media.
• Stallings, W. (2017). Cryptography and Network Security: Principles and Practice. Pearson.
• Menezes, A., van Oorschot, P., & Vanstone, S. (1996). Handbook of Applied Cryptography. CRC Press.
• Katz, J., & Lindell, Y. (2014). Introduction to Modern Cryptography. CRC Press.
• Boneh, D., & Shoup, V. (2020). A Graduate Course in Applied Cryptography. Version 0.5.
• Li, K., & Tessier, R. (2018). Cryptography in Practice: An Introduction. CRC Press.