Keydar ENCRYPTION™ Features & Benefits

KeyDAR ENCRYPTION™ The industry’s most advanced Data-at-Rest (DAR) encryption solution for Android Device Manufacturers.

Features & Beneﬁts • Supports Android 4.0-6.0 • Meets carrier requirements for enterprise ready devices • FIPS 140-2 Level 1 cryptography module • Penetrates enterprise markets with higher • Encryption for internal memory and external levels of security than native Android provides SD card • Enables using a common cryptographic • User selectable device-level and/or ﬁle-level module for multiple security applications encryption

Android devices are proliferating across the mobile market at an incredible rate. As consumers, business professionals, and government employees use these devices in ever increasing numbers, their risk for being targeted for attack also increases. In the unfortunate case where a device is lost or stolen, the data stored on the device (“data-at-rest”, or DAR) is at risk of falling into the wrong hands. This data can include sensitive ﬁles, calendar, contacts, application data, pictures, and even GPS location history. Carriers, enterprises, and consumers are increasingly aware of these risks to mobile data, and they are turning to Mocana KeyDAR Encryption for the answer.

Mocana’s KeyDAR Encryption is a highly optimized DAR encryption solution that leverages Mocana’s government-certiﬁed FIPS 140-2 Level 1 cryptographic module, NanoCrypto™ (certiﬁed as “Mocana Cryptographic Loadable Kernel Module”). KeyDAR Encryption is designed for Android device manufacturers, to enable encryption capabilities beyond what is natively provided in the Android OS.

KeyDAR Encryption is the industry’s most optimized DAR encryption solution for Android devices. The result is a high performing and efcient encryption solution with virtually zero performance penalties, such as, reduction in battery life, speed of data accessing, and overall user experience. Furthermore, with the assurance that the encrypted data can be implemented with an optional FIPS 140-2 Level 1 cryptography module, device manufacturers can be conﬁdent that their devices will meet the stringent security needs of consumers, enterprises, and even government agencies.

By incorporating KeyDAR Encryption, Android device OEMs can bring security features to their customers, diferentiate their products from those that use the standard Android distributions, and potentially open doors to new market segments, such as Government and Enterprises.

For Android 4.0-6.0 devices, KeyDAR Encryption provides the stability and strength of the native data-at-rest (DAR) encryption, but extends the feature-set to include: • Increased encryption strength with AES-CBC (256-bit) and AES-XTS (256-bit and 512-bit) algorithm support

• Support for encrypting external SD card

• User selectable device-level and/or file-level encryption

• GPL-free cryptography

• FIPS 140-2 Level 1 certiﬁed cryptography KeyDAR Encryption ﬁlls the feature gaps of native Android 4.0-6.0, thereby enabling Android devices to meet strict carrier, enterprise, and government security requirements.

OEM GUI

User Space App KeyDAR Front End

Mocana’s Mocana Crypto Module File System KeyDAR Encryption Solution Kernel Flash Memory

Figure 1: Mocana KeyDAR Encryption Solution

Figure 3: With KeyDAR Encryption, users can choose between medium and strong encryption Device- level encryption options include internal memory card only or internal memory card + external SD card.

Internal Memory External SD Card Example Use Case

All data is stored in the clear & No encryption No encryption can be shared between devices Only data stored on external Block-level No encryption SD card can be shared between devices Available No data can be shared Encryption Block-level Block-level Combinations between devices Only unencrypted data stored Block-level File-level on external SD card can be shared between devices Data stored in internal memory, as well as unencrypted data No encryption File-level stored on external SD card, can be shared between devices

Figure 5: With KeyDAR, users have maximum ﬂexibility to choose the encryption combination that best meets their needs.

© 2015 Mocana Corporation Revised November 5, 2015 4 KeyDAR Encryption Performance Mocana’s KeyDAR Encryption is a packaged solution that provides the full capabilities for data- at-rest encryption, with added beneﬁts, such as an optional FIPS cryptography module, increased performance through an optional hardware ofoad, and the use of stronger encryption algorithms than available on native Android.

Native Android KeyDAR 4.0-6.0 DAR Encryption Feature / Encryption Solution for Parameters Solution 4.0-6.0 Beneﬁts

Available FIPS Government-certiﬁed solution 140-2 Level 1 Certiﬁed Satisfies security needs of all Cryptography market segments, including Module government agencies

Available Faster data encryption and Hardware Limited decryption Ofoad

Reduced CPU overhead AES-CBC during encrypted ﬁle access Encryption (128 bit) No performance penalty

AES-CBC More secure data encryption and Encryption protection (256-bit) (256-bit) and AES-XTS Newer & stronger AES mode Encryption (256- speciﬁcally designed for DAR bit and 512-it) encryption applications

Leverage Same System-level efciency Cryptographic Eliminates redundant code Module for Limited Multiple Reduced memory footprint Applications and complexity

Full encryption support across External SD all data stored on device Card Encryption (DAR)

Enables encrypted and unencrypted ﬁles to coexist on the external SD File-Level card Encryption Users can dynamically enable and disable encryption for data written to the external SD card

System Level Efciency

KeyDAR Encryption is built on top of Mocana’s industry-leading NanoCrypto security module to provide a complete DAR encryption solution that easily integrates into the Android OS. KeyDAR Encryption can sit beside other Mocana security modules, such as NanoSec™ (IPSec) and KeyVPN™ Client and use the same NanoCrypto algorithms—driving greater system-level efciency than any other DAR Encryption solution on the market.

Future Proof Your Design

By choosing KeyDAR Encryption, OEMs can future proof their code base to add Mocana's Security of Things™ for Android modules, as well as KeyVPN Client and NanoCert. This enables OEMs to better utilize their precious development resources and reduce time to market in the competitive mobile devices market.

User KeyVPN DM-crypt File System Client IMS Space GUI Tools Additional Mocana Security of Things Modules NanoSec KeyDAR Encryption Data- IPSec / IKEv1 / at-Rest Encryption v2 / MOBIKE

Mocana NanoCrypto KeyDAR Encryption FIPS 140-2 Level 1 Certiﬁed Suite B Algorithms

Mocana Security for Android Devices

Mocana IoT provides the Mocana Security of Things Platform—a high-performance, ultra-optimized, OS-independent, high-assurance security solution for any device class. The Platform is being rapidly adopted by next-gen IoT device designers who demand architectural freedom, and who understand the complexity and risk exposure inherent in in-house and other provider's solutions. Mocana's award-winning cryptographic solutions are used in the most stringently-constrained and life-critical systems by Fortune 500 companies, world-leading smart device manufacturers, and government agencies.

More information is available at www.mocana.com/iot-security

Mocana Corporation 20 California Street San Francisco, CA 94111 tel (415) 617-0055 toll free (866) 213-1273 www.mocana.com/iot-security [email protected]