February 12, 2019
Android devices come in a wide range of CPU power and memory configurations. Until recently, those on the lower end of the range weren't required to offer encrypted storage. The reason? The most common encryption scheme, AES256, requires too much from the CPU: The device's performance would have become unacceptably slow.
Now engineers at Google have developed a technique based on an encryption technique used in browser security and named for the maidenhair fern (denoting sincerity and discretion) to bring secure storage to these less expensive devices without bringing apps to a standstill.
The new encryption mode, called Adantium, uses the ChaCha stream cipher adapted from HTTPS encryption. The stream cipher is faster on lower-powered devices because its operation is based on the additions, rotations, and XORs available on every CPU; it doesn't require the built-in encryption primitives common on higher-powered processors.
ChaCha20 has been the basis for Google's HTTPs encryption since 2014, so its engineers have experience with the protocol and a high degree of certainty that using it for disk or file encryption will be both fast and secure. A paper on the implementation, Adiantum: length-preserving encryption for entry-level processors, will be presented at the Fast Software Encryption conference (FSE 2019) in March.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage