Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Improves Android Encryption with Adiantum

Google this week announced Adiantum, a new form of encryption aimed at Android devices without cryptographic acceleration.

Google this week announced Adiantum, a new form of encryption aimed at Android devices without cryptographic acceleration.

Meant to protect user data if a device falls into the wrong hands, storage encryption has been required for most devices since Android 6.0 in 2015. Relying on Advanced Encryption Standard (AES), however, the feature is slow on devices using low-end processors without hardware support for AES. 

To improve efficiency on such devices, Google designed Adiantum, which allows for the use of the ChaCha stream cipher in a length-preserving mode. ChaCha already was a viable solution in HTTPS encryption, but proved challenging to bring to disk and file encryption. 

With ChaCha both highly secure and much faster than AES when hardware acceleration is unavailable, Adiantum encryption and decryption on ARM Cortex-A7 processors is around five times faster compared to AES-256-XTS, Google claims.

“Adiantum is a true wide-block mode: changing any bit anywhere in the plaintext will unrecognizably change all of the ciphertext, and vice versa. It works by first hashing almost the entire plaintext,” the Internet search company says. 

“We also hash a value called the “tweak” which is used to ensure that different sectors are encrypted differently. This hash is then used to generate a nonce for the ChaCha encryption. After encryption, we hash again, so that we have the same strength in the decryption direction as the encryption direction,” Google continues. 

Named after the genus of the maidenhair fern, which in the Victorian language of flowers (floriography) represents sincerity and discretion, Adiantum is very new, but the search provider says they have high confidence in its security. 

The new encryption is expected to make future devices more secure, while bringing improved security to more users than before. With Adiantum everything from smart watches to Internet-connected medical devices will be able to encrypt sensitive data, the Internet giant claims. 

Advertisement. Scroll to continue reading.

“Our hope is that Adiantum will democratize encryption for all devices. Just like you wouldn’t buy a phone without text messaging, there will be no excuse for compromising security for the sake of device performance. Everyone should have privacy and security, regardless of their phone’s price tag,” Eugene Liderman, Director of Mobile Security Strategy, Android Security & Privacy Team, says. 

Full details on Adiantum are available in Google’s paper Adiantum: length-preserving encryption for entry-level processors in IACR Transactions on Symmetric Cryptology.

Adiantum has been designed for devices running Android 9 and higher that lack AES CPU instructions. Details on how the encryption can be enabled are available on Google’s dedicated Android site

Related: Password Practices Still Poor, Google Says

Related: Google Unveils New Encryption Features for Android Developers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.