“Everyone should have privacy and security, regardless of their phone’s price tag.” — as said by Eugene Liderman, Director of Mobile Security Strategy at Android Security and Privacy Team. In today’s era, where all that matters is ‘data’, this quote seems pretty logical.
This safer internet day, mainly on 5th Feb Google surprised us with a bunch of announcements and it’s valuable #SecurityCheckKiya campaign throughout India. But, the biggest announcement which grabbed everyone’s attention was the introduction of ‘Adiantum’: A new form of encryption exclusively for those low-end devices which do not have specialized hardware to use current prevailing methods for storage encryption. Storage encryption protects your data if your phone falls into someone else’s hands. The main motive for this innovation was to ensure that ‘all devices can be encrypted’. Being the dignified and loyal owner of Android, Google apprehended the primary concern of data-security (storage encryption) on low-end devices. Since, here it consumes a lot of resources to complete thereby making the device slow, and in other cases to the point of unusable(hanged). Thus, to resolve this issue, the idea of Adiantum came into being. It is an innovation in cryptography designed to make storage encryption efficient without cryptographic acceleration Originally, this terminology comes from the genus of ferns, which represents sincerity & discretion.
Nowadays, Android offers storage encryption using the Advanced Encryption Standard (AES) i.e., it supports AES-128-CBC-ESSIV for full-disk encryption and AES-256-XTS for file-based encryption. Mostly new devices have support for AES using the ARM v8 cryptographic extensions. Moreover, Google has made it mandatory for the device manufacturers to involve AES encryption for all the Android devices above 6.0 or later, exempting the devices with poor performance (50 Mib/s and below).
It is here to be considered that Android not only includes the latest premium, flagship and mid-range devices but a major portion is comprised of the entry-level devices involving smartwatches and Android TVs designed mainly with the low-end processors like ARM Cortex-A7 to attract a large pile of consumers with minimum budget. But, these devices do not provide hardware support for AES with such low processors. Hence, AES implementation on these devices resulted in poor user experience, long app launch time and the device generally feels too slow. To change this scenario and to empower all devices with encryption abilities, the need for new encryption form was soon felt, which further originated in the form of Adiantum. Adiantum has been designed to provide efficient storage encryption without hardware acceleration, empowering the devices with much more security than their predecessors. It will also guarantee data security to next billion people coming online for the 1st time.
Now, let’s get to know how this concept solves our issues?
In HTTPS (Hypertext transfer protocol secure) encryption, ChaCha20 stream cipher is used since it executes much faster than AES without compromising with security in the unavailability of hardware acceleration. The main reason behind such fast execution is because of its reliance mainly on native CPU support: addition, rotation, and XOR operations. Hence, in 2014 Google selected ChaCha20 along with the poly1305 authenticator, which is also fast in software for a new TLS cipher suite to secure HTTPS connections. ChaCha20-Poly1305 has been standardized as RCF7539, and it greatly improves performance on the devices that lack AES instructions.
But, the main challenge is faced with disk and file encryption where the data is organized in sectors on storage devices. With every request by Filesystem to read/write a sector on the device, the encryption layer intercepts the request which involves the conversion of 4096-byte plaintext to 4096-byte ciphertext and vice-versa. However, for implementing RCF7539 i.e., ChaCha20-poly1305 an additional amount of space is required for cryptographic nonce (an arbitrary number that can be used just once in a cryptographic communication) and message integrity information. There are software techniques for finding places to store this extra information, but they reduce efficiency and can impose significant complexity on filesystem design.
According to Google, Adiantum allows us to use the ChaCha stream cipher in a length-preserving mode, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR and HCH.
On an ARM Cortex-A7 processor, Adiantum decrypts 4096-byte messages at 10.6 cycles per byte, over five times faster than AES-256-XTS, with a constant-time implementation.
This is evident from the below-given graph: -
In Android Q, Adiantum will be part of the Android platform, the successor to Android Pie that’s due later this year. Moreover, Google says AES is still the faster encryption standard when hardware support exists and will continue to be a requirement for phones that support it, which means AES must still be used where its performance is above 50 MiB/s.
“Our hope is that Adiantum will democratize encryption for all devices,” Eugene Liderman, Director of Mobile Security Strategy at Android Security and Privacy Team says”. Just like you would not buy a phone without text messaging, there will be no excuse for compromising security for the sake of device performance.”