Phoning It In: Making Smartphones Secure Enough for Tactical Communications

You suddenly find yourself pinned down by enemy gunfire. What do you do? Whip out your smartphone and call for an airstrike? Yes, if the U.S. Marine Corps has its way.

Late last year the U.S. Marine Corps Systems Command awarded a contract worth approximately $2.4 million to a company called ViaSat to design and implement an advanced data security system for commercially available handheld devices such as smartphones and tablet computers. ViaSat, which is based in Carlsbad, CA, specializes in providing secure satellite networking and communications systems to a variety of government, military and commercial customers. The goal of the project is to give military personnel, including those in combat situations, the ability to communicate and share intelligence over 3G/4G/LTE cellular and Wi-Fi networks instead of using conventional radios.

Smartphones are cheaper, smaller and easier to carry than conventional military radios. They can also store and provide ready access to critical data. By equipping every warfighter with a smartphone, they essentially become, according to ViaSat, “...a sensor on the network, contributing information to multiply force effectiveness at a fraction of the cost, with faster network access, and more capability compared to traditional handheld radios.”

It’s a game-changing concept, and the key to making it work is security. Smartphones, as we’ve learned, are notoriously vulnerable to loss and theft; what happens if they contain sensitive data? What about hacking or the introduction of malware? Or the problem of poor cellular service in life-threatening situations? Defense Tech Briefs’ editor, Bruce A. Bennett, recently addressed these issues with Jerry Goodwin, VP and general manager of ViaSat Secure Network Systems.

Defense Tech Briefs: Is this new system being developed only for Android devices, or will iPhones & iPads be included too? If only for Android, why was that OS chosen? Isn’t Android more vulnerable to hacking than iOS?

Jerry Goodwin: ViaSat’s secure mobility infrastructure supports both An droid and iOS. We expect to roll out services in the near term that support devices with both operating systems. The USMC Trusted Hand held program specified Android as the platform for the program. However, the architecture and techniques used in our system enable it to be agnostic to Android, iOS, and other mobile operating systems (e.g., Windows Mobile). It is true that without hardening, Android is currently more vulnerable to hacking than iOS. However, there are several reasons for working initially with an Android-based platform, the primary ones being that:

• Android has a larger market share compared to iOS, as of mid-2012: 65% vs 22%.

• Android device OEMs are more amenable to sharing the technical information necessary to execute this type of project.

• The Android OS and environment is more flexible to customize, and there fore harden, for specific security practices.

DTB: What type of encryption will ViaSat design into this system to keep data and communications secure?

Goodwin: We believe that an end-to-end security model is required to secure the mobile enterprise, requiring support from the entire market ecosystem. As such, the carrier and OEM partners are important. Also, selection of the mobile device manager and mobile application store, as well as network administration and visualization, all play a role. For the USMC, all encryption is based on FIPS 140-2 certified cryptographic modules with Suite B algorithms. Protocols for key management, exchange, data in transit, data at rest, and software attestation are kept as close to well-proven industry standards as possible, and only deviated from where necessary to support the architecture or to enhance security. Our intention is to provide the USMC certified and accredited devices as part of our initial commercial service offering.

DTB: When these devices fall into the wrong hands — and they will — how do you keep them from being used against us? Can they be remotely disabled or purged of their contents?

Goodwin: Full disk encryption and enhanced user authentication limit access control if the device falls into the wrong hands. Secure boot with a hardware trust anchor and runtime integrity checking prevent malicious tampering with the devices. Both user and devicelevel authentication is required to access the protected network, as well as remote attestation to prove to the network the device has not been tampered with. Unlike traditional mobile device management (MDM), our service with the USMC devices supports mobile device management at a level below the Android operating system so remote management, including remote platform wipe and remote domain wipe, can be invoked if the device falls into the wrong hands. Operators can also install and support COTS MDM for Android-specific mobile-device and application management as well.

DTB: Will there be different levels of security or access engineered into the devices, or will they all be pretty much the same?

Goodwin: There are two aspects to different levels of security. First, the initial devices will have two personas: one for personal use and the other for enterprise use. The enterprise persona will have additional required security features that are available to the personal persona, but optional. This includes data-at-rest encryption and IPSec VPN-based data-intransit encryption. There are also additional policy-based features that may or may not be used depending on the target customer, such as customizable password policies, screen lockout times, and mutual authentication between the device and the user. The personal and enterprise personas are completely isolated from one another so they can address different levels of security.

From an access control perspective, there is a single set of user credentials that provide access to the device. Once provisioned, IT has access to manage the device and its policies, upgrade software, wipe the device, and extract audit logs. For enterprise persona administration, COTS MDM and MAM can be installed.

DTB: It’s hard enough sometimes getting a cell signal or preventing dropped calls in a big city like New York or LA. How do you prevent those problems in the heat of battle in remote places like Iraq or Afghanistan where the infrastructure may be primitive at best?

Goodwin: The USMC program objectives did not address this concern, however, the ViaSat tactical system is being designed specifically to address this issue. We have established relationships with mobile/tactical infrastructure providers and plan to use mobile satcom to support service in areas without infrastructure. We have multiple pointand system-level products for this application, including solar-powered cellular capability with satellite backhaul and tactical, ruggedized satcom terminals and networks for mobile, stationary, and nomadic connectivity over Ka- and Ku-band satellites. Our worldwide service networks provide the satellite infrastructure. Our management infrastructure is designed to be cloud-based to address high availability and reliability of device management anywhere in the world. The devices support Wi-Fi as well as cellular networks. The Wi-Fi link provides secure VoIP for areas that have good IP infrastructure, but weak cellular reception.

DTB: What are the biggest technical challenges facing the implementation of this program?

Goodwin: The key issue is developing a system that is based on commercial technologies, and is able to keep up with the rapidly changing mobility market. Orchestrating and assembling the various capabilities in the commercial mobility ecosystem in such a way that security can be provided in a cost effective way while addressing the requirements of the DoD is a challenge. In addition, there are challenges in time-to-market, to develop and deploy a system before the target device is no longer available.

Finally, there is a lack of standard approaches to hardware-based security across devices. Chipsets do not yet incorporate standard hardware security modules for tamper-protected keys and credentials that can be leveraged to provide additional security. We are working with carriers, OEMs, and chipset vendors who share these concerns and who can enable us to develop systems that have superior security postures compared to other commercial options on the market.

For more information, Click Here .