Google Boosts Encryption In Chrome For Android

Users of Chrome on Android devices should see improved speed and security.
Google's 10 Big Bets On The Future
Google's 10 Big Bets On The Future
(Click image for larger view and slideshow.)

Google said Thursday that it deployed improved encryption in Chrome on Android this year to enhance performance on devices without AES hardware acceleration, such as most Android phones, Google Glass, and older computers.

"This improves user experience, reducing latency and saving battery life by cutting down the amount of time spent encrypting and decrypting data," Elie Bursztein, anti-abuse research lead at Google, said in a blog post.

Google introduced a new TLS cipher suite in February that works three times faster than AES-GCM on devices lacking AES hardware support. It did so following the implementation of new algorithms -- ChaCha 20 for symmetric encryption and Poly1305 for authentication -- a process that began in March 2013.

[Struggling to balance employee productivity with security? Read Workplace Data Privacy Vs. Security: The New Balance.]

This was before NSA documents had been leaked to the news media by former NSA contractor Edward Snowden, underscoring the sorry state of Internet security. But Google's implementation of better encryption technology dovetails with a broad industry effort to place impediments in the way of untargeted intelligence gathering and to restore confidence in the security of cloud computing.

Yahoo, long a laggard in computer security, committed last year to adding HTTPS support to Yahoo Mail and to encrypting the information moving in, out, and between its datacenters by the end of the first quarter of 2014. And in December, Microsoft, acknowledging customers' concerns about government surveillance, committed to expanding encryption across its various services.

More recently, the disclosure of the Heartbleed vulnerability in the OpenSSL cryptographic library has made it clear to the open-source community, and to the companies that depend on open-source software, that more attention needs to be paid to popular open-source libraries to catch critical flaws. According to the Linux Foundation, the OpenSSL project has received about $2,000 a year in donations, which isn't much, considering the cost of patching all the systems affected by the Heartbleed bug.

On Thursday, to incentivize the involvement of more programmers, the Linux Foundation announced the creation of a Core Infrastructure Initiative to allow technology companies to identify and fund important open-source projects. Companies participating in the initiative include Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, and VMware.

None of these steps offer any guarantees against intelligence agencies armed with millions or billions of dollars in funding, corporate espionage, or rogue hackers. But perhaps sustained industrywide alarm at security shortcomings will lead to more effective remediation efforts and will add enough barriers to make mass data collection less profitable.

IT is turbocharging BYOD, but mobile security practices lag behind the growing risk. Also in the Mobile Security issue of InformationWeek: These seven factors are shaping the future of identity as we move to a digital world (free registration required).

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing