Security IP icon

Security

Inside Secure DAR, FIPS-certified encryption for Android

The Inside Secure DAR (previously MatrixDAR) is a high performance, FIPS 140-2-certified encryption solution that protects data-at-rest (DAR) in today’s Android smartphones and tablets. The Inside Secure DAR provides full disk encryption to both the device and its removable storage media. It allows Android device manufacturers to quickly and cost effectively integrate FIPS140-2 certified encryption capabilities to meet the demanding requirements of carriers and governments.

Enhanced Security

256-bit encryption strength and hardened key management

FIPS and NIST Compliance

FIPS 140-2-certified cryptographic module and NIST compliant key management

High Performance

Taking full advantage of multi-processors to ensure top performance

How the Inside Secure DAR works

The Inside Secure DAR replaces native Android cryptographic libraries with SafeZone FIPS cryptographic module (FIPS140-2 certificate #2389).

The Inside Secure DAR takes special care of properly protecting the encryption key. The key is protected by SafeZone FIPS certified crypto module in compliance with NIST Special Publication 800-132. As the crypto module is running in the user space, the keys are not distributed in both user space and kernel, as in the native Android solution. Instead, only a key identifier is passed to the kernel.

The Inside Secure DAR integrates seamlessly in Android devices to provide higher security without modifying the existing user interface.

Despite using higher-strength encryption, GUARD DAR has consistently delivered a read-and-write performance better than the native Android solution. The data encryption (XTS-AES with 256 bit strength) is accelerated using native instruction set on ARMv8 or on x86 (AES-NI).

CryptoManager Root of Trust Cover

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.

Inside Secure DAR Information

Technical Specifications

  • dm-crypt
  • eCryptfs
  • FIPS 140-2 certified cryptographic module
  • AES-XTS with 512 bits key length
  • Key management compliant with NIST800-132.
  • Leverage device multi-processing capability
  • No extra daemons on device
  • Improved device encryption time
  • Write speed similar to unencrypted data
  • Read speed well over native Android
  • No changes required to the Android UI

Upcoming Webinar: AI Requires Tailored DRAM Solutions