Friday, December 7, 2018

Android Full-disk Encryption - Performance Penalty Measured

Below you can see 3 charts showing percentage difference in average throughput before and after enabling encryption. Values are given for 4 tests of internal memory (SW - Sequential Write, SR - Sequential Read, RW - Random Write 4KB block, RR - Random Read 4KB block). In other words the charts show how much faster an unencrypted device is.
  • For older and cheaper Mi Max there's a significant drop in storage performance (2x-6x - very similar results to Nexus 6, see bellow).
  • Flagship Mi5 has barely visible slowdown with speed differences fluctuating around 5%.
  • Fresh 2018 Mi8 SE has significant drop of random reads (to 75% of non-encrypted speed) and yet show decent speeds at above 9MB/s.
  • In all 3 cases the most noticeable drop is at random reads.
  • Judging by Mi5 and Mi8 SE one can say that modern Qualcomm hardware provides decent encryption acceleration with no significant slowdown of permanent storage.
  • Though judging by mid-range Mi Max one might expect poor encryption performance in budget phones.
  • It'd be great to have a look at Mediatek and Samsung numbers. There's a suspiciously low performance of Random writes in Exynos versions of Galaxy S8 and Galaxy S9.

Devices & Testing

Here're the devices I could get hold off and which allowed to play with encryption settings*:

  • 2016 Xiaomi Mi Max, 3/32GB, MIUI10 (Android 7.0) - Snapdragon 650, SoC released in Q1/2015
  • 2016 Xiaomi Mi5, 3/32GB,  Linage OS 15.1 (Android 8.1) - Snapdragon 820, SoC released in Q1/2016
  • 2018 Xiaomi Mi8 SE, 4/64GB, MIUI10 (miui.eu, Android 8.1) - Snapdragon 710, SoC released in Q2/2018
*Nowadays many Android devices either have the encryption option in settings and do not let users change it (turned on by default) OR do not have this option at all**

** If you are not sure if your device is encrypted and can't find any mention of that in your settings, you can use ADB and check if the following command returns encrypted status: adb shell getprop ro.crypto.state

The selected devices present different price categories (Mi 5 - flagship, Mi 8 SE - sub-flagship, Mi Max - mid-range) and Qualcomm hardware generations (2015, 2016 and 2018). Hardware (SoC, system-on-chip) is the key factor to storage performance as the efficiency of encryption relies on capabilities provided by chip logic and encryption/decryption happens at all time on Full-disk encryption enabled devices.

To test storage (disk) performance CPDT: Storage and Memory Performance Benchmark app has been used.
Complete results for these devices, along with other devices' figures, can be found at CPDT: Storage Performance Database page.

To get the numbers I've executed test suite several times before and after encrypting phones. Then the results were averaged and put to the charts above.

Intro

With the release of Android 5.0 back in autumn 2014 Google began to promote full-disk encryption with all new Android devices. Though it's Lollipop flagship (Nexus 6) had the hardware acceleration capability for encryption, it's wasn't properly enabled and performance toll on internal memory speed was huge (2x-6x times slowdown).

At Google I/0 2017 it was announced that 80% of Android 7.0 devices had the encryption feature enabled. Since 2014/2015 and Nexus 6 controversy I found few performance benchmarks of encryption.
Full-disk encryption ensures that all input and output operations come through OS kernel module which conducts on-the-fly encryption/decryption. Whichever data is saved to internal memory of your device, it ends up in a separate data partition and is completely obfuscated. All of that happens transparently to apps, they deal with common I/O API without knowing about any of security transformations happening on-the-go -  passwords stored in browser, call history or photos will be saved by apps plainly without encryption to files/local database, but Android will take care of putting encrypted bytes to flash memory. When an app reads a file, in the same fashion Android decrypts bytes on-the-go and loads into RAM already decrypted data.

If someone gets hold the device and connects it to a computer to dump flash memory, the dump file of the data partition would be a gibberish of bytes. Until that someone has the pin code you set up for the phone, there's little that can be done to extract information.The only data that can be extracted unencrypted from smart phone is the system/boot partition contents which contains no sensitive user information but has firmware files (in most publicly available and downloadable).

In it's implementation of on-the-fly cryptography Android relies on AES instruction set of CPUs. Internally CPUs can have a dedicated logic handling encryption/decryption and ensuring best performance. Besides CPUs can provide emulation of these instructions by implementing AES instructions with the help of general command set and executing encryption on general purpose logic - this is a cheaper and slower approach. Qualcomm's 2014 Snapdragon 805 seems to be the first chip widely adopted in Android smartphones which has a dedicated cryptographic module aimed at accelerating AES instructions. Though it does seem (by the test figures of Mi Max) the latter 2015 Snapdragon 650 SoC relies on the slower AES instructions emulation option.

No comments:

Post a Comment