Security in the cyberspace relies roughly on two concepts; encryption and the use of tunneling protocols. Without strong encryption algorithms and standards, like AES-256, cyberspace would be a much more insecure place for everyone. Cryptography has always fascinated humankind, both during the peace and war, and many of the fundamentals of VPN encryption methods and protocols used today still rely on centuries-old innovations and principles. Still, cryptography and encryption standards are constantly evolving fields of study, where also governments have been actively involving. A US governmental agency, NIST (National Institute of Standards and Technology) declared a global competition on cryptography in 1997 with the motivation to establish a successor for a popular encryption standard in use back then.
In late 2001, NIST promoted the winner of this competition as a new encryption standard for the success of cyberspace. Since that, many VPN software and service providers have implemented this encryption method into their products. This new AES-256 standard was planned to replace an earlier encryption standard, yet it delivers more than that. It also came with an innovative architecture: varying length of keys. Default keylength serves most users, while users with demands for a higher level of security can choose to use longer keys. In short: the longer the key, the more difficult and time-consuming it would be for any attackers to try to break in. Larger keyspace and more encryption iterations mean, in layman terms, also decrease in the level of performance.
However, the overall level of security of VPN encryption does not solely depend on the length of the key.
Layers of encryption in VPN connections
The internal structure of VPN connection consists of more than any single encryption mechanism. VPN connections use multiple algorithms and protocols in order to negotiate any details for the connection, transfer the actual data and maintain a decent level of performance. This AES encryption standard defines a mechanism for only a part of the whole. AES-256 belongs to the category of symmetric encryption algorithms, that is the most mature and oldest form of encryption. The idea here is, that two parties of the communication channel are both in possession of a shared secret with which they can secure the communications. This shared secret is usually a password of some kind, and it is used during the communication to generate a sequence of session keys. This symmetric method has, however, a fundamental issue to it: the very need to share a secret.
It may sound easier than it, in fact, is, to agree on a mutual secret among parties over an insecure channel. Cyberspace, the Internet as a whole, is by definition an insecure, if not just vulnerable, channel. VPN services and product are aiming to establish and maintain secure links over an insecure channel. This is where encryption standards like AES become important components. Typical VPN encryption channel consists of separate key negotiation phases and channels and the actual data transfer channels. Session keys are frequently rotated and stronger encryption channels used for key negotiation while simpler, yet more powerful, encryption channels may be used for data transfer. Need for security for each of these channels are not on an equal level. Commercial VPN service and product take care of all these details for the customer, defining an adequate level of encryption for each transport channel.
Choosing ciphers and algorithms — each for a purpose
In simple terms, while 128-bit keylength in AES might be good for data transfer, one might want to choose 256-bit key for negotiating further session keys. Yet, again, this is a technical nuance that is not generally a concern of VPN customers and end-users. If such a choice is necessary, the thing to consider is the tradeoff between influence for the level of performance and degree of security, recalling, that the frequency of key rotation is an important component. In the world of ciphers, there are many options available and when considering specifically the AES-256 standard, one may end up with issues around politics and more recent terms like “cyber-sovereignty”.
While AES is a modern encryption standard, it has only been designed to be as secure as a specific configuration of one of its main predecessors, DES was considered to be (Dobbertin et. al. 2004). Still, there are various interpretations in public about the level of its security, perhaps due to the fact that the level of a system like a VPN encryption, product or service depends on much more than the level of pure algorithmic security. Particularly difficult are notions on public speculation about which particular government entities might or might not have approved it as suitable for specific encryption needs.
Technical vulnerabilities, national security, and academic interests
Speculations in public regarding successful attacks against AES and its long-key versions have been going around since its very inception. That is also one of the fundamental purposes of the security community to try to find vulnerabilities. Security, however, is not an island and there are many dimensions to it. Many of AES-related vulnerability reports are speculative, theoretical or exploiting side-channel vulnerabilities. While the security community remains to see “true” algorithmic vulnerability to the standard, various
Furthermore, encryption capabilities are increasingly considered to fall under the domain of national security interest thus, are only rarely discussed in public. Even if some specific encryption algorithm, like AES-256, was used in a VPN product and said in public that it was authorized by some governmental or intelligence agency for a specific level of use, that would not constitute much more significance than perhaps a marketing message could.
Public speculation around governmental capabilities against this and other encryption algorithms presumably will just continue to increase in amount and intensity. What is relevant for an average VPN customer to consider in the meanwhile, is adequate password-level security, audit logging and separation of access levels so that any compromised accounts would only affect well defined and confined sections of the data.