Better Living Through Encryption
Last week I decided to touch upon an old problem that’s begging for new solutions under the topic of e-waste. One of the dangers of keeping the responsibility at the local-level for our tech trash was the idea that a great many smart devices don’t use industry standard encryption to protect end-user information. Encryption is a mathematically proven method of turning information into seemingly random code, then back into information again, to ensure it’s only revealed to authorized parties. In terms of higher-end smart devices, encryption can be based on a password that only the user knows, or a set of encryption keys stored on a special chip. Unfortunately, this isn’t the case for cheaper, low-end devices. We may love the idea of turning lights on and off with our phones and voices, but when the smart plug stops working, we’re far more likely to buy a new one than send it for repairs. The extension of the already-pervasive throw-away culture into lower-cost electronic devices, such as cheap smart-phones and Internet-of-Things (IoT) devices, will catch up to us if something isn’t done to mitigate their lack of security.
Larger computing devices, and higher-end phones have for a while now come standard with encrypted file systems.i The contents of our phones, both famouslyii and infamously,iii are often locked to our face, fingerprint, or eight-plus digit passcodes. This security scheme works fine for devices with a decent amount of processing power, and a little extra memory, to support strong encryption schemes such as the Advanced Encryption Standard (AES).iv For mid-to-low end phones, tablets, and IoT devices, manufacturers would often solicit exemptions from Google in the development of their device’s system programming. Google’s normal process requires encryption for user files, unless the processor can’t handle the burden to the point it would affect user experience.v
This has led to devices around the globe that lack basic encryption for user data, putting at risk any information a user decides to share with such devices. If you read last week’s article, you’ll notice this has been going on for at least a decade behind the scenes. Thanks to researchers and increased media scrutiny, our attention to this problem has just led the Android Security and Privacy Team to release an encryption standard that can be implemented on these older and low-powered devices.vi Google’s Adiantum encryption algorithm utilizes what’s known as the ChaCha method of encoding information, which has proven to be widely compatible with more entry-level devices, unlike the processor intensive AES-256 standard.vii
Providing both existing and future devices with Adiantum-based file system encryption brings a layer of security to a previously untouched population of low-end devices around the world. Adiantum encryption is up to five-times faster than its AES counterpart on low-end processors, and Google expects this new technology to be integrated into as many current operating system versions as possible, both in updates to Android Pieviii, and in the forthcoming Android Q releases.ix I know I’m excited to see this security enhancement rolling out in new code on Google-powered wearable devices, Google Wi-fi and other Google Home products. For programmers, developers, and security experts interested in exploring and exploiting this latest open-source encryption algorithm, details can be found in Google’s Adiantum GitHub repository.x