Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adiantum will bring encryption on Android devices without cryptographic acceleration

Google announced Adiantum, a new encryption method devised to protect Android devices without cryptographic acceleration. Google announced Adiantum, a new encryption method devised to protect Android devices without cryptographic acceleration. “Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices without cryptographic acceleration, to ensure that all devices can be encrypted.” reads the […]

Adiantum performance

Google announced Adiantum, a new encryption method devised to protect Android devices without cryptographic acceleration.

Google announced Adiantuma new encryption method devised to protect Android devices without cryptographic acceleration.

“Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices without cryptographic acceleration, to ensure that all devices can be encrypted.” reads the announcement published by Google.

Since Android version 6.0, user data are protected with Advanced Encryption Standard (AES) encryption, however, the feature is slow on mobile devices using low-end processors that haven’t hardware to support it.

The new encryption form has been created for devices running Android 9 and higher that doesn’t support AES CPU instructions.

For this reason, Google developed Adiantum that supports the ChaCha stream cipher in a length-preserving mode.
ChaCha allows improving security and performance in the absence of dedicated hardware acceleration.

Google experts pointed out that Adiantum encryption/decryption processes on ARM Cortex-A7 processors are around five times faster compared to AES-256-XTS.

Adiantum performance

“Unlike modes such as XTS or CBC-ESSIV, Adiantum is a true wide-block mode: changing any bit anywhere in the plaintext will unrecognizably change all of the ciphertext, and vice versa.  It works by first hashing almost the entire plaintext,” continues Google.

“We also hash a value called the “tweak” which is used to ensure that different sectors are encrypted differently. This hash is then used to generate a nonce for the ChaCha encryption. After encryption, we hash again, so that we have the same strength in the decryption direction as the encryption direction”  

Adiantum could represent the optimal solution for a wide range of devices that haven’t dedicated hardware for encryption, such as smartwatches, smart TVs, and other IoT devices running on Android OS.

“Our hope is that Adiantum will democratize encryption for all devices. Just like you wouldn’t buy a phone without text messaging, there will be no excuse for compromising security for the sake of device performance.”
wrote Eugene Liderman, Director of Mobile Security Strategy, Android Security & Privacy Team, says. 

“Everyone should have privacy and security, regardless of their phone’s price tag,”

Google published technical details about the new encryption form in the paper titled “Adiantum: length-preserving encryption for entry-level processors.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Android, encryption)

[adrotate banner=”5″] [adrotate banner=”13″]