Adiantum will enable millions of low-end Android smartphones to receive the same encryption protections as high-end devices.
Setting a passcode or biometric lock to enable disk encryption is one of the simplest ways to protect your smartphone’s privacy and security. If your phone is lost or stolen, no one will be able to access your data in a readable format. However, not all smartphones, tablets, smartwatches, etc. offer this protection. They lack the processing power necessary to handle resource-intensive encryption. Therefore, Google researchers have developed a new encryption method that is both faster and more efficient, to bring data encryption protections to billions of Android users worldwide.
The Adiantum scheme implements tried-and-true cryptographic tools and principles in a novel, more efficient manner. It aims to get full disk encryption running smoothly on embedded devices without the latest and greatest hardware, providing users with additional security without slowing down apps or making the entire experience buggy.
“Privacy ought not to be a luxury. It is something that all users of all products of all sizes and shapes should have access to, according to Android security head Dave Kleidermacher. Many people cannot afford an expensive flagship phone, but to prevent an attacker or thief from gaining access to their private information, they must encrypt their data.
Because Android is open source and can be adapted for a variety of devices, the Google researchers who worked on Adiantum are excited to see where the approach goes. Google has already released Adiantum versions for the Android kernel, Linux kernel (on which Android is based), and ARM processors. All of this makes it simple to integrate Android versions into a variety of IoT devices, in addition to smartphones.
Since Android 6, smartphones have been required to support storage encryption, but low-end devices have been exempt because the requirement would have a significant impact on performance. While robust encryption for low-resource devices was largely ignored for a long time, standards bodies such as the National Institute of Standards and Technology have recently taken an interest in standardizing new strategies.
However, it will be up to device manufacturers to adopt Google’s solution. The exemption for low-resource IoT devices will remain in place for the time being. And manufacturers who implement Adiantum will likely focus primarily on new devices in the future, though it may be possible to retroactively add it to existing devices.
Adiantum is inspired by the ubiquitous Advanced Encryption Standard but reimagines some of AES’s laborious aspects. Currently, all AES-capable mobile processors have a coprocessor or cryptographic accelerator specifically designed for encryption computations. To speed things up, Adiantum relies heavily on ChaCha12, an alternative encryption algorithm that is widely known and thoroughly tested.
Researchers claim that Adiantum has proven to be approximately five times faster than Android’s standard AES-256 implementation, despite the technical complexity.
Paul Crowley, a senior software engineer at Google who led the development of Adiantum, explains that work on the project began in late 2017 and a preliminary paper was published in August. “We know a great deal about the security of algorithms such as ChaCha and AES. They have existed for decades and have been subject to extraordinary scrutiny. Therefore, there is a mathematical guarantee that if ChaCha and AES are both secure, then Adiantum is also secure. We are not as concerned as we would be if we were designing a new process ourselves.”
The composition employs a well-known method and standard building blocks – STEVE WEIS, CRYPTOGRAPHER
Google’s reputation, influence, and reach have propelled Adiantum to this point, but the work will be subjected to greater scrutiny and vetting now that it has been published in a symmetric cryptology journal and will be presented at a major conference in March. However, initial responses to the paper are largely positive.
According to Jean-Philippe Aumasson, CEO of the Swiss IoT encryption company Teserakt AG, “the Google engineers did not reinvent the wheel by developing new low-level algorithms; rather, they discovered an efficient way to combine existing algorithms to solve an engineering problem.” “The design is sound, based on dependable components, and is likely to adequately protect users of products that incorporate this new algorithm.”
The Google researchers are confident in Adiantum’s security and hope that it will raise awareness of the significance of storage encryption for IoT and other low-resource devices. In typical Google fashion, Adiantum is referred to as “encryption for the next billion users.”
Steve Weis, a former Facebook and Google employee, and applied cryptographer explains, “The composition uses a well-understood approach and standard building blocks.” After some battle testing, I believe it will be a good, effective option.