Security IP icon

Security

DAR, FIPS-certified encryption for Android

Rambus DAR (previously MatrixDAR from Inside Secure) is a high performance, FIPS 140-2-certified encryption solution that protects data-at-rest (DAR) in today’s Android smartphones and tablets. DAR provides full disk encryption to both the device and its removable storage media. It allows Android device manufacturers to quickly and cost effectively integrate FIPS140-2 certified encryption capabilities to meet the demanding requirements of carriers and governments.

Enhanced Security

256-bit encryption strength and hardened key management

FIPS and NIST Compliance

FIPS 140-2-certified cryptographic module and NIST compliant key management

High Performance

Taking full advantage of multi-processors to ensure top performance

How the Rambus DAR works

DAR replaces native Android cryptographic libraries with a FIPS cryptographic module (FIPS140-2 certificate #2389).

DAR takes special care of properly protecting the encryption key. The key is protected by a FIPS-certified crypto module in compliance with NIST Special Publication 800-132. As the crypto module is running in the user space, the keys are not distributed in both user space and kernel, as in the native Android solution. Instead, only a key identifier is passed to the kernel.

DAR integrates seamlessly in Android devices to provide higher security without modifying the existing user interface.

Despite using higher-strength encryption, DAR has consistently delivered a read-and-write performance better than the native Android solution. The data encryption (XTS-AES with 256-bit strength) is accelerated using native instruction set on ARMv8 or on x86 (AES-NI).

CryptoManager Root of Trust Cover

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.

DAR Technical Specifications

  • dm-crypt
  • eCryptfs
  • FIPS 140-2 certified cryptographic module
  • AES-XTS with 512-bits key length
  • Key management compliant with NIST800-132.
  • Leverage device multi-processing capability
  • No extra daemons on device
  • Improved device encryption time
  • Write speed similar to unencrypted data
  • Read speed well over native Android
  • No changes required to the Android UI

Don’t miss out on the Rambus Design Summit on October 8th!