Google’s Adiantum gives your mobile device an encryption boost
In the spirit of Safer Internet Day, Google has announced the launch of Adiantum, a new encryption standard for mobile devices.
On Thursday, Eugene Liderman, Director of Mobile Security Strategy at Google’s Android Security & Privacy Team revealed the new encryption technology which has been specifically designed to give smartphones and tablets better access to modern encryption standards.
Encryption may be a thorn in the side of law enforcement agencies worldwide as it can make accessing mobile devices and the information contained within difficult, but for the average consumer, encryption can represent an important way to protect their privacy and digital identities.
The problem with smartphones and tablets, though, is beyond encryption offers by mobile applications and services, directly using modern encryption can be a challenge as these small devices do not have the specialized hardware required — especially when it comes to encrypting locally stored information.
Google’s Adiantum aims to bridge the gap and ensure that our mobile devices can enjoy the same encryption options as desktop setups.
Adiantum has been designed to encrypt local data without slowing down systems or causing a surge in pricing due to the implementation of additional hardware.
Adiantum is suitable for low-end mobile hardware which lacks dedicated ARM extensions. The majority of new Android devices have hardware support for AES via the ARMv8 Cryptography Extensions, however, entry-level devices and low-powered smart devices which use low-end processors such as the ARM Cortex-A7 do not support AES encryption as it would result in very poor, slow user experience.
“Currently Android supports AES-128-CBC-ESSIV for full-disk encryption and AES-256-XTS for file-based encryption,” Google says. “However, when AES performance is insufficient there is no widely accepted alternative that has sufficient performance on lower-end ARM processors.”
This is the niche in which Adiantum, which makes use of the ChaCha20 stream cipher, will hopefully flourish.
According to the tech giant, the new standard is fast enough to cater to low-end hardware, too, without hampering speeds which users expect and currently enjoy.
Google says that the encryption standard will be compatible with smartphones, tablets, smart watches, and a range of Internet of Things (IoT) devices including connected medical equipment.
CNET: How to use Google’s new Password Checkup tool
“Our hope is that Adiantum will democratize encryption for all devices. Just like you wouldn’t buy a phone without text messaging, there will be no excuse for compromising security for the sake of device performance,” Liderman says. “Everyone should have privacy and security, regardless of their phone’s price tag.”
A whitepaper presenting the encryption standard penned by Google software engineers Paul Crowley and Eric Biggers goes into further technical details relating to Adiantum, which can be read here (.PDF).
TechRepublic: Attention developers: Google wants to pay you $15,000 to improve cloud security
Earlier this week, Google released a new Chrome extension called “Password Checkup” which, if installed, checks if usernames and passwords which users submit to online forms have been connected to past data leaks.
A database of over four billion leaked credentials will be checked by the extension and if a match is found, users will be warned that they should change their choice in credentials to prevent the creation of additional security risks.