starting From Android 3.0, Google provides support for full-disk encryption, where the entire storage is encrypted. When Android 7.0 was a new way of securing introduced, and Google explains how this works.
Full-disk encryption vs file based encryption
In full disk encryption (FDE) is the complete storage encrypted, which means that it is not possible to do anything with data, photos and other data of users until a password or code is specified. This method of security provides the advantage that it is relatively quick. A disadvantage is that it is for example not possible to have an alarm clock to be up to the user the device is unlocked: the data about what time the alarm clock is, in fact, are encrypted and are not yet in.
At file based encryption (FBE) are different files with different keys. That also means that some of the files also available without the user first password. This makes it possible for alarms to let go or to make phone calls to receive at the time that the user password is not yet specified.
The keys used to encrypt files, are stored in a protected part of the memory. This section, the ‘TrustZone’, it should even remain safe on the moment that the system itself is hacked. When checking an incorrect code, password, or pattern, TrustZone is a (growing) delay to use to guess a code or a pattern difficult to create. In a simple pattern (4 points) will the TrustZone last 4 years for all the combinations to try.
New technology
Because the system in different folders or even individual files need to make use of different keys, does this have an effect on the performance. That ensures that FBE is slower than FDE. In addition, did the current “standard” for this kind of encryption on the Android-based systems, eCryptFS, according to Google, not to the snelheidseisen.
One of the creators of eCryptF, Michael Halcrow, however, has worked together with the developer responsible for the on Android the commonly used file system ext4 Ted Ts’o. Together, they have support for encryption is added to ext4, and according to Google, the result is that the performance is comparable with that of full disk encryption. Android is the first application of the new ext4 feature.
Google has also some adjustments done, so that use can be made of special hardware capabilities that the Pixel-smartphones offer. Because of this, it is possible to encrypted data much faster to save.
Availability
Currently, the new way of security only to be found in the Google Pixel and the Pixel XL, but it is expected that other manufacturers also use. The code for the implementation of Google is already found in the Android Open Source Project.
Source: Android Developers Blog
spelling errors, grammatical mistakes or content errors? Please send an email to the author of this article!
No comments:
Post a Comment