The emergence of mobile platforms such as iOS and Android have presented a number of challenges in terms of security. Not much can be done about some of these, like users leaving their phones in bars. But engineers at Google have been working on one of the thornier ones of late–how to provide solid encryption on mobile platforms without crushing performance–and have implemented a pair of new cipher suites in Chrome to help address it.
Performance always has been a concern on mobile devices, but has become less of an issue in recent years as mobile processors have improved and bandwidth has expanded. However, when encryption operations come into the picture, performance is again a concern. Encryption takes processing resources on the device and also can eat up bandwidth with large outputs. To help alleviate both of these issues, and improve the security of the sessions on Chrome on Android, Google has implemented ChaCha20 and Poly1305 in the mobile browser.
“It was a complex effort that required implementing a new abstraction layer in OpenSSL in order to support the Authenticated Encryption with Associated Data (AEAD) encryption mode properly. AEAD enables encryption and authentication to happen concurrently, making it easier to use and optimize than older, commonly-used modes such as CBC. Moreover, recent attacks against RC4 and CBC also prompted us to make this change,” Elie Bursztein, Anti-Abuse Research Lead at Google, wrote in a blog post.
In addition to the performance improvements associated with these cipher suites, there also are security enhancements.
ChaCha20 is not susceptible to padding oracle attacks such as the BEAST attack or Lucky13. The cipher also isn’t vulnerable to timing attacks, a major attack vector against many encryption algorithms. Both ChaCha20 and Poly1305 are fast enough to run well on mobile devices, and Bursztein said that the latter can save considerable bandwidth.
“Poly1305 also saves network bandwidth, since its output is only 16 bytes compared to HMAC-SHA1, which is 20 bytes. This represents a 16% reduction of the TLS network overhead incurred when using older ciphersuites such as RC4-SHA or AES-SHA,” Bursztein said.
Since February, most of the secure connections coming from Android devices to Google services such as Gmail have used these cipher suites, and Bursztein said that the company is planning to add it to the main Android code base in an upcoming release.