What Is AES Encryption: Advanced Encryption Standard Explained

What is AES Encryption blog banner image

AES (Advanced Encryption Standard) encryption is the current cryptographic standard used and promoted by the US government for securing sensitive data. It is used widely in cybersecurity, protecting IT infrastructures, and securing communications.

This guide explains what AES encryption is, how it works, and where it is used. It also explains its importance in cybersecurity and in securing valuable data.

Introduction to encryption

Encryption scrambles data in a way that only the intended recipient (who has the information required to unscramble it) can read it. Encryption has existed for thousands of years: from ciphers used in antiquity to mechanical encryption devices like Enigma and TypeX used in the early 20th century, there has always been the necessity and mechanism of encoding your communications so that others cannot read them.

Encryption is vital to cybersecurity and the every-day operation of virtually everything in the modern world. Because the internet is a public network made up of infrastructure owned by different entities in different countries, unencrypted traffic sent across it is not private.

Encryption makes performing tasks that require privacy — like online banking — safe. It is also used to secure your communications and protects the files on your devices if they are stolen.

What is AES (Advanced Encryption Standard) encryption?

The AES specification for data encryption was created in 2001 by the National Institute of Standards and Technology (NIST), the US body responsible for technology standards and encouraging innovation.

AES was designed to be a faster, more secure replacement for Digital Encryption Standard (DES), at the time a widely used cryptographic algorithm that had become insecure. While Triple DES solved some of the security issues (by repeating the DES encryption process three times), this slow, resource intensive process was a reason for the development of AES.

AES is a variant of the Rijndael cipher (and is sometimes referred to as Rijndael), named for Vincent Rijmen and Joan Daemen, the Belgian cryptographers who proposed the encryption algorithm to NIST.

As AES is a standard or specification, it’s up to other software to implement it. It’s not a software product itself.

How AES encryption works

AES is a block cipher. It uses a substitution-permutation network that takes data in fixed-size blocks and repeatedly substitutes and rearranges it to generate the ciphertext (i.e. encrypted data).

Keys are used to encrypt (and decrypt) data. The key size (number of bits in the key) determines how secure the encryption provided is. AES supports 128-bit, 192-bit, and 256-bit encryption keys. 256-bit keys offer the most security and are used by intelligence agencies to encrypt their secrets, while 192-bit and 128-bit AES encryption are used for things like banking and secure web browsing.

AES is a form of symmetric key encryption (as opposed to asymmetric key encryption), meaning that the same key is used to both encrypt and decrypt data.

Encryption and decryption steps

The steps to encrypt data according to the AES standard are as follows:

  1. A series of “round keys” are generated from the initial cipher key (usually a password provided by the user). These will be used in each round of encryption.
  2. The encryption process starts by combining the cipher key with the data to be encrypted using an XOR operation.
  3. The data is scrambled in additional “rounds” by the encryption algorithm using the substitution-permutation network. This step repeats on the result of the previous round depending on the key size. It repeats 10 times for 128-bit encryption, 12 times for 192-bit encryption, and 14 times for 256-bit AES encryption.
  4. A final round of encryption is performed using the “final round key” resulting in the final encrypted message.

The steps to decrypt data according to the AES standard are as follows:

  1. To start reversing the scrambling process, an XOR operation is performed using the encrypted data and the final round key from the encryption process.
  2. The encryption “rounds” are undone one-by-one in reverse order.
  3. The last decryption round decrypts the data using the initial cipher key, returning the original data.

Applications of AES encryption

The AES encryption standard is widely adopted in cybersecurity, including data encryption and secure communication technologies.

  • File encryption: Encryption software such as BitLocker and FileVault use AES to encrypt your files and disks. Cloud storage services such as Dropbox also use AES to secure your uploaded data.
  • Device encryption: Both Android and iOS (iPhones and iPads) use AES for mobile device security, helping prevent your lost or stolen devices from being accessed.
  • Wireless encryption: The WPA2 and WPA3 Wi-Fi security protocols are encrypted using AES.
  • Secure communication: Secure messaging apps (like Signal and WhatsApp) encrypt messages using AES for end-to-end encryption.
  • Virtual Private Networks (VPNs)VPN solutions that securely connect remote networks over the internet encrypt their traffic using the AES standard. This includes popular products that implement OpenVPN.

AES also plays an important role in regulatory compliance with data privacy laws: Europe’s GDPR, California’s CCPA, and the HIPAA laws that cover US healthcare providers all require that you meet certain standards of protection of sensitive customer data, including personally identifiable information (PII).

Implementation

Unless you’re developing your own encryption library, you don’t need to write code to implement the AES encryption standard yourself. If you’re looking to use secure products for communication and file storage, you just need to choose ones that implement AES. AES can be implemented in software or in hardware (for example, modern CPUs include specific instruction sets accelerating AES encryption).

If you’re developing software, there are established libraries that offer AES encryption that you can use in your applications:

It’s always best to rely on reputable libraries for security, including encryption and authentication whenever possible, rather than trying to write secure code yourself. A large community of developers improving and testing the project will have a much higher chance of discovering any bugs or security vulnerabilities, and release patches addressing any issues they find.

When developing software that uses AES algorithms, you should ensure that you follow best practices: generate strong keys using random data, and regularly rotate them. Never hard code your AES keys into your software source code and always store them separately to your encrypted data. You should also ensure keys are securely transmitted if being transferred over a network, and destroyed when no longer required.

Challenges and limitations

While AES is secure at the moment, it may not be in the future. It is possible (though highly unlikely unless a flaw in the algorithm is found, especially in the case of 256 bit AES encryption) that current AES encryption algorithms will at some point be broken using quantum computers. This would result in a great deal of encrypted data that was considered secure, and may have already leaked online, suddenly becoming readable (but again, the chances of this are very, very small given the strength of the AES algorithm).

While encrypting and decrypting data using AES does add some performance overhead to applications, and while key management can be complex, security is always worth the minor performance loss and implementation complexity.

The future of AES encryption

AES isn’t going anywhere and should remain secure for years to come. However, it’s important for security standards to develop to meet new requirements.

AES encryption will need to meet emerging security challenges including quantum computing, and compatibility with new technologies. Hardware improvements will continue to improve AES performance and adoption in low power use-cases like IoT devices.

Securing your IT communication against cybersecurity threats

It is vital that you ensure all of your network communication is secured against eavesdropping and that your business infrastructure is adequately protected against intrusion. If you are developing software, you must implement robust encryption and software security measures to ensure that it cannot be used as an attack vector against you users.

AES encryption is the standard for data and communication protection, and adopting products that implement it is an important part of staying compliant with data regulations, as well as protecting your users, infrastructure, and business reputation.

NinjaOne utilizes AES as part of a range of cybersecurity technologies used to secure our suite of endpoint management tools that help you keep your networks, devices, and software secure.

Next Steps

The fundamentals of device security are critical to your overall security posture. NinjaOne makes it easy to patch, harden, secure, and backup all their devices centrally, remotely, and at scale.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).