|
Encryption standards -- also known as ciphers -- define how data is scrambled to ensure confidentiality when stored on disk, removable media, or sent over a network. The same ciphers get used in many different protocols. For example, the RC4 cipher used by 802.11 WEP and TKIP is commonly used by SSL in Web browsers.
After four-year competition, the US government (NIST) selected the Advanced Encryption Standard (AES) as the successor to the aging Data Encryption Standard (DES). AES was selected because it is:
- Secure
- Unclassified
- Publicly disclosed
- Available royalty-free, worldwide
- Computationally efficient with modest memory requirements
- Flexible, simple and easy to implement
AES is now the US government's designated encryption cipher. It is also expected to be widely adopted by businesses, financial institutions, and other industries with data privacy regulations.
However, it is not enough to say that you want to use AES. You need rules that specify how to apply AES to a given piece of data or network protocol. Several new standards have been developed to define how AES used by security protocols. For example, the IETF's RFC 3602 defines how AES in used in layer 3 VPNs that are based on IPsec. The IEEE's 802.11i standard defines how AES is used in 802.11 wireless LANs that employ advanced security (certified by the Wi-Fi Alliance as "WPA2").
|
