Adiantum: Encryption for everyone!
“Everyone should have privacy and security, regardless of their phone’s price tag.” — as said by Eugene Liderman, Director of Mobile Security Strategy at Android Security and Privacy Team. In today’s era, where all that matters is ‘data’, this quote seems pretty logical. This safer internet day, mainly on 5th Feb Google surprised us with a bunch of announcements and it’s valuable #SecurityCheckKiya campaign throughout India. But, the biggest announcement which grabbed everyone’s attention was the introduction of ‘Adiantum’: A new form of encryption exclusively for those low-end devices which do not have specialized hardware to use current prevailing methods for storage encryption. Storage encryption protects your data if your phone falls into someone else’s hands. The main motive for this innovation was to ensure that ‘all devices can be encrypted’. Being the dignified and loyal owner of Android, Google apprehended the primary concern of data-security (storage encryption) on low-end devices. Since, here it consumes a lot of resources to complete thereby making the device slow, and in other cases to the point of unusable(hanged). Thus, to resolve this issue, the idea of Adiantum came into being. It is an innovation in cryptography designed to make storage encryption efficient without cryptographic acceleration Originally, this terminology comes from the genus of ferns, which represents sincerity & discretion. Nowadays, Android offers storage encryption using the Advanced Encryption Standard (AES) i.e., it supports AES-128-CBC-ESSIV for full-disk encryption and AES-256-XTS for file-based encryption. Mostly new devices have support for AES using the ARM v8 cryptographic extensions. Moreover, Google has made it mandatory for the device manufacturers to involve AES encryption for all the Android devices above 6.0 or later, exempting the devices with poor performance (50 Mib/s and below). It is here to be considered that Android not only includes the latest premium, flagship and mid-range devices but a major portion is comprised of the entry-level devices involving smartwatches and Android TVs designed mainly with the low-end processors like ARM Cortex-A7 to attract a large pile of consumers with minimum budget. But, these devices do not provide hardware support for AES with such low processors. Hence, AES implementation on these devices resulted in poor user experience, long app launch time and the device generally feels too slow. To change this scenario and to empower all devices with encryption abilities, the need for new encryption form was soon felt, which further originated in the form of Adiantum. Adiantum has been designed to provide efficient storage encryption without hardware acceleration, empowering the devices with much more security than their predecessors. It will also guarantee data security to next billion people coming online for the 1st time. Now, let’s get to know how this concept solves our issues? In HTTPS (Hypertext transfer protocol secure) encryption, ChaCha20 stream cipher is used since it executes much faster than AES without compromising with security in the unavailability of hardware acceleration. The main reason behind such fast execution is because of its reliance mainly on native CPU support: addition, rotation, and XOR operations. Hence, in 2014 Google selected ChaCha20 along with the poly1305 authenticator, which is also fast in software for a new TLS cipher suite to secure HTTPS connections. ChaCha20-Poly1305 has been standardized as RCF7539, and it greatly improves performance on the devices that lack AES instructions. But, the main challenge is faced with disk and file encryption where the data is organized in sectors on storage devices. With every request by Filesystem to read/write a sector on the device, the encryption layer intercepts the request which involves the conversion of 4096-byte plaintext to 4096-byte ciphertext and vice-versa. However, for implementing RCF7539 i.e., ChaCha20-poly1305 an additional amount of space is required for cryptographic nonce (an arbitrary number that can be used just once in a cryptographic communication) and message integrity information. There are software techniques for finding places to store this extra information, but they reduce efficiency and can impose significant complexity on filesystem design. According to Google, Adiantum allows us to use the ChaCha stream cipher in a length-preserving mode, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR and HCH. On an ARM Cortex-A7 processor, Adiantum decrypts 4096-byte messages at 10.6 cycles per byte, over five times faster than AES-256-XTS, with a constant-time implementation. This is evident from the below-given graph: - In Android Q, Adiantum will be part of the Android platform, the successor to Android Pie that’s due later this year. Moreover, Google says AES is still the faster encryption standard when hardware support exists and will continue to be a requirement for phones that support it, which means AES must still be used where its performance is above 50 MiB/s. “Our hope is that Adiantum will democratize encryption for all devices,” Eugene Liderman, Director of Mobile Security Strategy at Android Security and Privacy Team says”. Just like you would not buy a phone without text messaging, there will be no excuse for compromising security for the sake of device performance.”
A blockchain, originally block chain, is a growing list of records, called blocks, that are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree). By design, a blockchain is resistant to modification of the data. It is "an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way". For use as a distributed ledger, a blockchain is typically managed by a peer-to-peer network collectively adhering to a protocol for inter-node communication and validating new blocks. Once recorded, the data in any given block cannot be altered retroactively without alteration of all subsequent blocks, which requires consensus of the network majority. Although blockchain records are not unalterable, blockchains may be considered secure by design and exemplify a distributed computing system with high Byzantine fault tolerance. Decentralized consensus has therefore been claimed with a blockchain. Blockchain was invented by a person (or group of people) using the name Satoshi Nakamoto in 2008 to serve as the public transaction ledger of the cryptocurrency bitcoin. The identity of Satoshi Nakamoto is unknown. The invention of the blockchain for bitcoin made it the first digital currency to solve the double-spending problem without the need of a trusted authority or central server. The bitcoin design has inspired other applications, and blockchains that are readable by the public are widely used by cryptocurrencies. Blockchain is considered a type of payment rail. Private blockchains have been proposed for business use. Sources such as Computerworld called the marketing of such blockchains without a proper security model "snake oil".
current affairs pdf in hindi - June 4th week (2019)
Cybersecurity refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cybersecurity may also be referred to as information technology security. This is the full syllabus for Engineers or in general students trying to learn Cyber Security
current affairs pdf in hindi - July 4th week (2019)
Analysis and characterization of Peer-to-Peer Filesharing Networks
Since Peer-To-Peer file-sharing networks appearance a few years ago, many Internet users have chosen this technology to search for programs, films, songs, documents, etc. This number of users is growing every day. The main reason has been the content (in occasions illegal) that can be found and downloaded over these networks. This article deals with the analysis and characterization of eight P2P Public networks: Gnutella, FastTrack, Freeenet, BitTorrent, Opennap, Edonkey, Soulseek and MP2P. Finally, the authors will show a relationship between their characteristics and, in six of them, between their number of users, files shared and the amount of data shared in their networks
current affairs pdf in hindi - August 2nd week (2019)
Divide and Conqueror | Algorithm Design and analysis
current affairs pdf in hindi - September 4th week (2019)