Mobile

2/11/2019
04:00 PM
50%
50%

New Encryption Mode Brings Sincerity and Discretion to Low-Cost Android Devices

Adantium, developed by Google, brings communication encryption to bear on storage security.

Android devices come in a wide range of CPU power and memory configurations. Until recently, those on the lower end of the range weren't required to offer encrypted storage. The reason? The most common encryption scheme, AES256, requires too much from the CPU: The device's performance would have become unacceptably slow.

Now engineers at Google have developed a technique based on an encryption technique used in browser security and named for the maidenhair fern (denoting sincerity and discretion) to bring secure storage to these less expensive devices without bringing apps to a standstill.

The new encryption mode, called Adantium, uses the ChaCha stream cipher adapted from HTTPS encryption. The stream cipher is faster on lower-powered devices because its operation is based on the additions, rotations, and XORs available on every CPU; it doesn't require the built-in encryption primitives common on higher-powered processors.

ChaCha20 has been the basis for Google's HTTPs encryption since 2014, so its engineers have experience with the protocol and a high degree of certainty that using it for disk or file encryption will be both fast and secure. A paper on the implementation, Adiantum: length-preserving encryption for entry-level processors, will be presented at the Fast Software Encryption conference (FSE 2019) in March.

Read here and here for more.

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11350
PUBLISHED: 2019-04-19
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
CVE-2019-11351
PUBLISHED: 2019-04-19
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.
CVE-2019-2039
PUBLISHED: 2019-04-19
In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1...
CVE-2019-2040
PUBLISHED: 2019-04-19
In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Androi...
CVE-2019-2041
PUBLISHED: 2019-04-19
In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Produc...