Google Overturns the Cryptographic Power Barrier: Will the Security Shackles of IoT Be Lifted?

Google Overturns the Cryptographic Power Barrier: Will the Security Shackles of IoT Be Lifted?Google Overturns the Cryptographic Power Barrier: Will the Security Shackles of IoT Be Lifted?

The biggest bottleneck in the development of the Internet of Things (IoT) is undoubtedly security issues. We often hear alarming news such as “hackers invading pacemakers,” “hackers remotely unlocking hotel door locks,” and “hackers cracking connected cars.” Recently, Japan even approved a related bill allowing government officials to supervise IoT devices, incorporating IoT security into national security planning.

Google Overturns the Cryptographic Power Barrier: Will the Security Shackles of IoT Be Lifted?

Regarding IoT security issues, Google recently launched a very interesting project—a new encryption method called Adiantum (maidenhair fern). On Google’s security blog, this cryptographic innovation was even described as “the next billion-level encryption technology.”

How much can Google’s proposed solution change the current state of IoT security, and how much room does it leave for Google to cultivate in the fertile ground of IoT security?

The reigning king, AES,

Why is it no longer suitable for IoT?

Before discussing Adiantum, we need to understand how our tablets and smartphones ensured their security before the advent of IoT.

Generally speaking, the most widely used storage encryption mode in Android products is “AES”—the Advanced Encryption Standard. This encryption mode, known in cryptography as the Rijndael encryption method, was publicly solicited by the U.S. federal government around 2000 and, after undergoing numerous attacks, ascended to the top position, replacing the previous DES encryption standard proposed by IBM. Compared to the DES standard, an important advancement of AES is that it provides more secure encryption with lightweight computational power, allowing devices at the time to avoid investing more hardware costs in encryption.

Thus, the dynasty changed, and AES replaced DES to become the world’s leading encryption standard. Intel even reserved a partition for AES operations when designing chips.

The process of popularizing an encryption standard typically goes like this: more and more terminal devices adopt the standard, leading to corresponding designs in the underlying chips (this process can also be reversed), ultimately resulting in reduced application costs for the standard, and everyone uses it together.

So why does the AES standard not work in the IoT?

The first problem is that, unlike the AES era, many terminals in the IoT system cannot even be classified as IT devices, so there is no underlying design that adapts to a certain standard.

Moreover, even though AES has greatly improved cost-effectiveness in design, it is still an unbearable burden for some current smartphones. For example, the ARM Cortex-A7 chip, widely used in low-end smartphones and wearables, cannot support AES, leading to unsatisfactory user experiences on devices using this chip, often resulting in slow responses when opening applications.

Therefore, for IoT devices that are smaller and require faster computational responses, the current AES standard is naturally unsuitable.

The blank canvas of IoT encryption,

Google has only made a mark on it.

It is no exaggeration to say that the development of IoT presents an opportunity to restart the encryption standard.

Clearly, Google aims to leverage the open-source advantage of the Android system to further gain control over more standards and even increase its voice in hardware chip design: it is highly probable that IoT devices will use my system, and if I can provide a more adaptable encryption standard, it will not only facilitate the process of making ordinary devices IoT-enabled and intelligent but will also impact the chips Google may launch in the future and the structure of AIoT computing platforms.

In this light, Google’s new encryption standard is almost inevitable.

Adiantum, which has emerged, fundamentally abandons the original AES model and chooses another cipher, “ChaCha,” using a hash algorithm to generate random numbers for encryption and then performing hash decryption. The main difference between this encryption mode and AES lies in its utilization of computational resources; even without special chip support, Adiantum can achieve high-speed computation using only CPU resources. On chips like the ARM Cortex-A7, the encryption and decryption speed of Adiantum is five times faster than that of AES.

Google Overturns the Cryptographic Power Barrier: Will the Security Shackles of IoT Be Lifted?

The emergence of this encryption mode signifies two things: first, encryption will no longer be a hindrance to reducing costs for IoT chips; second, the chip designs for IT devices like PCs and smartphones can continue to be optimized.

Once the encryption issue is resolved, IoT devices, which originally had low chip requirements, can confidently apply some inexpensive older chips, reducing the costs of IoT devices. Meanwhile, PC and smartphone chips, no longer needing to reserve space for AES, can accommodate more “XPUs” to enhance performance.

However, as a newly emerged encryption algorithm, Adiantum still has a long road ahead to challenge the king. Google developers state that while they believe Adiantum’s security is sufficient, they also welcome white hat hackers to challenge it. Unlike the federal government’s “strong push” for AES, whether Google can gain full cooperation from the global software and hardware ecosystem with a newly launched encryption algorithm remains to be seen.

From our perspective, many users may doubt: will Google add “backdoors” to the encryption algorithm to counter China’s IoT systems at critical moments?

Therefore, from any angle, Adiantum is still just a chess piece planted by Google, a dot of ink on the blank canvas of IoT encryption.

The open-source performance in a closed-loop ecosystem

Of course, Google is not the only player proposing solutions for IoT security, and terminal encryption is not the only path to maintaining IoT security. Communication technology, cloud services, API interfaces, and legal regulations all need to be addressed simultaneously. In this regard, Microsoft’s model seems to be the most suitable.

Like Google, Microsoft has a widely used operating system as a foundational advantage, cloud service supply capabilities, and significant expertise in artificial intelligence technology.

Google Overturns the Cryptographic Power Barrier: Will the Security Shackles of IoT Be Lifted?

In terms of IoT security, Microsoft has built a more closed ecosystem: customized microcontroller chips based on Linux, cloud security services Azure Sphere, and the operating system Azure Sphere OS, maintaining security across the entire IoT operation chain from chips to cloud and operating systems. They also utilize deep learning technology to simulate automated attacks, providing automated monitoring and remediation of security issues.

It seems that if Google continues to consolidate its advantages in the IoT security field, the next step may be to optimize the Android system for IoT applications, launch chips supporting Adiantum control, and complete the closed loop in the cloud.

However, the current trend is that both Google and Microsoft are engaging in open-source activities while laying out closed-loop systems. Take Microsoft’s Azure Sphere security service, for example; it not only supports its own cloud services but also supports services from AWS, Google Cloud, Oracle, IBM, and other vendors. Similarly, Google’s Adiantum encryption has been tested not only on the Android system but also on the Linux systems commonly used in IoT devices.

However, with the precedents of mobile phones and PCs, it is hard to imagine that the future IoT ecosystem will be a harmonious and thriving open-source playground. Nowadays, even using office software on a Mac can be cumbersome, let alone applying Google’s encryption model on Microsoft’s IoT chips.

The current tolerance among several manufacturers seems more like a joint venture to contract a fish pond, waiting for the fish to grow fat before dividing the results. Regardless of how one looks at it, the security shackles of IoT are about to be unlocked through collective efforts.

Google Overturns the Cryptographic Power Barrier: Will the Security Shackles of IoT Be Lifted?

Google Overturns the Cryptographic Power Barrier: Will the Security Shackles of IoT Be Lifted?

Google Overturns the Cryptographic Power Barrier: Will the Security Shackles of IoT Be Lifted?

Google Overturns the Cryptographic Power Barrier: Will the Security Shackles of IoT Be Lifted?

Leave a Comment