The AES algorithm is a complex mathematical concept, which the majority of people would struggle to understand. Fortunately, in the security industry it’s more important for us to understand what makes AES so robust and how it can be applied.
This is a basic overview of how AES works, from the Cloud Boffins website:
Simply put, AES takes a block of plain text and applies alternating rounds of substitution and permutation boxes to the passage. This form of encryption is known as a substitution permutation network (SPN) block cipher algorithm, and the size of the boxes alternate between 128, 192 or 256 bits, depending on the strength of encryption. The standard strength for encryption is 128, with 256 reserved for as and when the strongest levels of protection are required.
During this substitution-permutation process, an encryption key is generated, which can then be used to decipher and read the protected information as was originally intended. Without this decryption key, the data is completely illegible and totally scrambled, meaning it’s useless to third parties who intercept traffic in the hope of stumbling on data they can steal.