Townsend Security Data Privacy Blog

What the CUSP? Beware of This AES Encryption Mode

Posted by Luke Probasco on Jun 9, 2011 7:40:00 AM

AES Encryption LogoWhen encrypting data, the most widely accepted cryptographic standard is the Advanced Encryption Standard (AES).

AES is defined by the National Institute of Standards and Technology (NIST) in the FIPS-197 standards document. AES supports nine modes of encryption, each of them having been extensively tested and vetted for security, recovery, and durability. When compliance regulations make reference to “industry standard encryption”, they are referring to the encryption modes identified in the NIST documents on AES.

Other modes used in AES are not NIST certified and are not even certifiable. Some products offer only the CUSP mode of encryption, which is not NIST certified and not certifiable. CUSP mode encryption is only implemented on IBM i and IBM z platforms and is not interoperable with other encryption modes. The CUSP mode of encryption has not been proposed or adopted as a NIST standard, and has not been generally reviewed or accepted by the professional security community.

Modes of encryption are recommended by NIST after they have been extensively reviewed by the professional cryptographic community. This is an international group of cryptographers whose long experience and analytic work are important to the vetting of proposed modes of encryption. In some cases it takes years of work before a mode is approved by NIST; many mode submissions are never approved for use.

CUSP AESThere are several potential problems related to the use of the CUSP mode of AES encryption.

The CUSP mode of encryption is not included in the NIST list of recommended modes, and has not been submitted to NIST for consideration. It is therefore not a part of the NIST standards, or of any other generally accepted body of standards, and has not been formally reviewed by the cryptographic community. Therefore, the use of CUSP mode would be outside the scope of most data security regulations.

Further, there is no NIST certification protocol for the CUSP mode of encryption. It is not possible to claim that an encryption product using CUSP has been certified by NIST, or that it is in anyway compliant with the NIST standard.

Organizations contemplating the CUSP mode of encryption should be aware that their data protection mechanism could fail to provide “safe harbor” from breach notification requirements, and may not limit their legal liability in the event of a data loss.

The solution?  Most software vendors choose to certify just one or two modes of encryption, and on one key size. The Townsend Security Alliance AES Encryption products are NIST-certified on the five commonly used modes for data encryption, and all three key sizes for all major Enterprise platforms (Windows, Linux, UNIX, IBM i, and IBM z).  Townend Security Alliance AES Encryption is certified, compatibile, and complete.

Download a free 30-day evaluation of our Alliance AES Encryption now.

Click me

Topics: NIST, CUSP, AES