Advanced encryption standard 256: How is your data protected when using KNL’s radios?

Robust encryption of communication methods, data and devices lies at the core of military and defence operations. At KNL, we use the advanced encryption standard AES256 to make sure all data and voice communications are end-to-end secured in our system.

AES256 is a military-grade encryption standard that is practically unbreakable. In this article, we’ll explore the basics of AES256 encryption, how it works and how we at KNL have implemented 256-bit AES into our solutions.

Explore our products

While many radio systems on the market may not have advanced encryption standard built-in, AES256 is an integral part of KNL’s radio protocol. Our implementation of the 256-bit AES ensures top-tier security without compromising high-speed communication.

AES256 encryption in short

• AES, or Advanced Encryption Standard, is a symmetric encryption algorithm widely recognised as one of the most secure encryption methods available.
• The advanced encryption standard was developed in the late 1990s through a competition organised by the National Institute of Standards and Technology (NIST). Since then, AES has become the go-to encryption standard for governments and organisations worldwide.
• AES comes in three variants: 128-bit, 192-bit, and 256-bit. The number refers to the key size used for encryption. 256-bit AES offers the highest level of security among these variants.

How does AES256 work?

AES256 is a symmetric encryption algorithm that encrypts and decrypts data in 128-bit blocks using a 256-bit key. The algorithm involves several rounds of complex operations, including substitution, permutation, mixing, and key addition, which transform plaintext into ciphertext. This process ensures that the data is highly secure and difficult to decipher without the correct encryption key.

The strength of AES256 lies in its key length. With 2^256 possible key combinations, it is virtually immune to brute-force attacks, making it one of the most secure encryption methods available.

Even if all the world’s computing power were focused on cracking a single AES256 key, it would take longer than the age of the universe to succeed.

Ask for more information

KNL’s solutions are thoroughly secured with AES256 encryption

At KNL, the security of your data is our top priority. To ensure that your data is always protected no matter where and how you use our radios, we’ve integrated AES256 encryption deeply into our radio system’s protocol.

Multi-layer security with 256-AES: 

• All transmitted data, including message data and internal headers, is encrypted
• Data at rest on the device’s storage is encrypted
• The device itself is protected against unauthorised access and malware installation

Our solutions encrypt the communication with 256-bit AES on three levels. All transmitted data, including operational data and internal headers of the transmissions, is encrypted, and the device itself is encrypted with the same algorithm.

In an era where information security can define the success of military and defence operations, KNL’s commitment to implementing AES256 encryption across all levels of our radio systems ensures that your communications remain secure, efficient, and reliable.

How is our implementation of AES256 carried out?

Utilising AES256 encryption from end-to-end

All voice and data communications in our HF radios are encrypted using AES256. Even though AES256 is a practically unbreakable cipher, it’s not sufficient on its own for complete security. We also need authentication and diffusion.

Authentication ensures that the data comes from a trusted source and hasn’t been tampered with. Without it, an attacker could intercept and alter the encrypted data without you knowing.

Diffusion ensures that even small changes in the input result in significant, unpredictable changes in the encrypted output. Without proper diffusion, encrypting the same plaintext twice with the same key could produce the same ciphertext, making it easier for attackers to spot patterns and exploit weaknesses.

In practice, we use NIST standardised algorithms to achieve diffusion and authentication.

Read also: C5ISR systems from KNL: Next-generation communications

The secure transmission process of your data

The messages you send and receive with our HF radios are, in fact, data packets. These packets are processed as plaintext before they are passed through the AES encryption algorithm with the encryption key.

The output of this process is ciphertext, which is the encrypted form of the original data. Simply put, plaintext becomes ciphertext after being authenticated and encrypted using AES. This ciphertext can only be decrypted with the correct key. When the ciphertext is received, it is decrypted using the encryption key, authenticated, and converted back into the original plaintext, which is the message you were sent.

Securely changing 256-bit AES encryption keys

One significant aspect of using the advanced encryption standard is that encryption keys must be regularly rotated. Key rotation is particularly important when new devices are added to the radio network, such as when replacing a broken device.

KNL’s radios use a special mechanism that allows key rotation to be scheduled and automated. Radio users can customise the frequency of key rotations according to their needs.

For example, if the encryption keys are generated at the command headquarters, the keys themselves can be encrypted using public key cryptography before transferring them to a USB stick. Even if the USB stick was compromised, the keys themselves are not since they can only be decrypted on a KNL radio, thanks to public key cryptography.

When the user uploads new keys to the radio using our web interface, the radio automatically decrypts and loads the keys from a fully encrypted file. The user does not see the encryption keys during this process. When they are stored on the device, they are again encrypted in the radio’s internal storage.

Using KNL’s AES256 encrypted HF radio without encryption keys is impossible. The radio user generates the rotating keys and inputs them into the radio, with the entire key rotation process being thoroughly encrypted.

Explore our products

AES256 protected headers

Unlike some competing radio systems, our solution encrypts even the internal headers with AES256, ensuring there are no vulnerabilities in the communication chain.

Applying AES256 encryption to the headers of encrypted data packets guarantees confidentiality and integrity during data transmission. This protection prevents unauthorised access to the metadata within radio messages, such as sender and receiver information or other sensitive header data.

The secure boot feature prevents malware from being installed on the radio

All KNL’s software-defined radios have a built-in secure boot feature. It means you can only run software developed and digitally signed by KNL with our radios.

For example if the radio is compromised, a hostile party cannot gain access to the radio and thus encryption keys by installing custom software to it.

Want to hear more about the state-of-art features of KNL’s products?

Contact our sales and ask for a demonstration of our system or read more what our customers say about our products!

Customer experiences Our products

”We haven’t seen this superior HF system performance ever before.” – Customer feedback