Senin, 04 November 2019

General Dynamics Secures Commercial Smartphones For Classified Information

(Updated: Nov 2, 2016)

In Feb this year, the communications segmentation of defence contractor General Dynamics presented a software platform called GD Protected. This is the starting fourth dimension production that secures commercial available Android smartphones inwards a way that they tin endure allowed to grip classified information.

For decades, General Dynamics has been manufacturing devices for securing top degree communications of the U.S.A. regime as well as armed forces, similar the Sectéra vocalization encryption family. One of those products was a highly secure jail cellular telephone phone for GSM, which was produced from 2002 until 2012.



Securing mutual jail cellular telephone phones to a greater extent than oftentimes than non requires hardware solutions, but to drib dead along inwards stride alongside the fast evolving commercial smartphone technologies, safety measures are immediately beingness implemented past times using software applications. For smartphones at that spot are already quite a issue of apps for encrypting vocalization as well as data, but GD Protected also secures the Android operating organisation (OS) inwards lodge to run across the requirements for treatment classified communications.


Dual systems

To accomplish a high safety level, the phones involve a specific hardware characteristic called TrustZone. This is a laid of safety extensions programmed into the ARM processor of the smartphone, which brand that a unmarried processor gist tin run a dual operating system, a secure as well as a normal one. The specific implementation details of TrustZone are proprietary as well as direct maintain non been publicly disclosed.

Initially, GD Protected comes inwards 2 dissimilar versions, 1 for the LG Optimus 3D Max, as well as 1 for the Samsung Milky Way due south IV smartphone. General Dynamics is looking to converge the 2 approaches inwards the future, equally good equally supporting a broader attain of Android devices. The pricing has yet to endure disclosed, but the companionship said it would endure licensed on a "very competitive" basis.

Both versions teach inwards possible to role the same smartphone for both accessing commercial telephone as well as cyberspace services equally good equally making encrypted vocalization calls, using secure electronic mail as well as fifty-fifty accessing classified networks.


Secure vocalization as well as information apps

These secure communications are provided past times a issue of approved apps from a controlled regime or enterprise app store. These include a Secure Voice over IP (SVoIP) app which encrypts vocalization communications as well as runs over the information network. Other app offerings volition include secure chat as well as secure video conferencing. These are expected to endure available inwards 2014.

With these apps the (voice) information volition endure secured using 2 independent layers of encryption, 1 at the VoIP layer, as well as the other at the VPN layer, using IPsec. Finally, these double encrypted information volition become through servers of the NSA to endure verified, logged, as well as re-encrypted, earlier beingness sent dorsum out to the carrier information network as well as on to its destination.

For authentication at that spot are a brace of authentication certificates residing on the handsets, equally good equally users beingness required to log-in alongside a password earlier they tin role the SIP server.


GD Protected for the LG Optimus

General Dynamics starting fourth dimension presented GD Protected at the Mobile World Congress (MWC), which was held inwards Barcelona from Feb 25-28, 2013. For this occasion, the production was installed on an LG Optimus 3D Max smartphone as well as demonstrated to press as well as public:



Demonstration of the LG Optimus 3D Max, secured past times General Dynamics


For this phone, GD Protected provides 2 split upward copies of the Android operating system, 1 for personal role as well as the other for trouble organisation use. Influenza A virus subtype H5N1 dedicated hardware push on the telephone is used to flip betwixt the 2 environments. This so-called dual-persona characteristic allows users to seamlessly switch betwixt personal as well as secure operating modes, indicated past times sparse dark-green as well as cherry borders, respectively.

The personal side is completely opened upward as well as acts exactly similar a conventional smartphone, whereas the secure side is to a greater extent than restricted. Data is firewalled betwixt the 2 sides so, for example, information from the secure side cannot endure accessed or copied over to the personal side, as well as the secure side cannot endure tampered alongside past times malware.

This partition of the handset into 2 split upward virtual smartphones is controlled past times the OKL4 mobile hypervisor or "microvisor" platform, which was gained past times General Dynamics from its acquisition of Open Kernel or OK Labs inwards September 2012.

Additional safety is provided past times the Fixmo Sentinel Integrity Services. This offers an integrity verification through advanced monitoring as well as remediation techniques, proactively detecting as well as preventing mobile device operating organisation tampering, policy violations, system-level state changes, as well as the presence of unverified 3rd political party apps. The Fixmo Sentinel Integrity Service was developed equally business office of an understanding alongside the NSA as well as is also used past times other governments.


Overview of the GD Protected solution for the LG Optimus smartphone
(source: Engadget.com)

Compared to the solution for the Samsung Milky Way smartphone (see below), the role of a dual Android operating organisation for the LG Optimus offers slightly less security, but nearly consummate liberty on the personal side of the phone. The secured LG Optimus 3D Max volition endure available through General Dynamics from the halt of July 2013.


GD Protected for the Samsung Galaxy

For the novel Samsung Milky Way due south IV smartphone, the GD Protected software comes on top of Samsung's KNOX platform, which was also presented at the Mobile World Congress inwards Feb as well as was developed inwards cooperation alongside General Dynamics. KNOX runs a Security Enhanced version of Android, or SE Android, which has been developed past times the U.S.A. National Security Agency (NSA).

The KNOX platform, which is available for regime as well as enterprise users only, protects both information which are stored on the smartphone as well as information which are sent as well as received. KNOX creates an isolated as well as secured container within the retentiveness area, alongside its ain dwelling theatre screen, launcher, applications, as well as widgets. Applications as well as information within the container are separated from applications exterior the container. This secured container is created past times a TrustZone-based Integrity Measurement Architecture (TIMA).

Stored information are encrypted using an Advanced Encryption Standard (AES) algorithm alongside a 256-bit key. For secure communications the Samsung KNOX container comes alongside a FIPS-certified VPN customer called "per-app VPN". This supports rigid IPSec VPN encryption, including Suite B cryptography, which is suited for the bulk of sensitive communications past times regime agencies.


Overview of the KNOX platform for the Samsung Milky Way due south IV
(source: Samsung.com)

With the additional GD Protected the master Android operating organisation of the Samsung Milky Way due south IV volition endure replaced past times a hardened Android version alongside fifty-fifty to a greater extent than safety measures. This replacement is done past times exactly calling General Dynamics alongside the IMEI issue as well as hence the Android operating organisation volition endure replaced via an over-the-air reflash.

The hardened operating organisation includes root certificates from General Dynamics that supervene upon those from Samsung. This agency that whatever subsequent changes involve to endure digitally signed past times General Dynamics, ensuring the integrity of the Android operating system.

Compared to the dual Android operating systems on the LG smartphone, the Samsung solution of installing novel firmware offers a slightly higher degree of safety but at the expense of user freedom. The GD Protected platform for the Milky Way due south IV volition endure available from May 2013.





Access to U.S.A. Department of Defense networks

General Dynamics' GD Protected platform was developed according to the requirements of the program for secure mobile communications, codenamed FISHBOWL, which was presented past times the NSA inwards Feb 2012. The goal of this programme is to supply a secure Voice over IP capability using commercial available devices that tin endure approved for treatment classified information.

In Oct 2012, the U.S.A. Department of Defense (DoD) announced that they were looking for manufacture contractors to prepare a secure communications organisation for at to the lowest degree 162.500 iPhones, iPads as well as Android systems. This should supply alternatives to the BlackBerry, which was until hence the exclusively device approved for secured electronic mail access to the Pentagon’s unclassified networks.

An interesting coincedence was, that when General Dynamics presented their GD Protected production terminal February, DoD published a excogitation to equip upward to 600.000 mobile device users alongside "secure classified as well as protected unclassified mobile solutions" based on commercial-off-the-shelf (cots) products. This programme may eventually endure expanded to grip upward to 8 1000000 devices.

For role past times the U.S.A. military, General Dynamics already offers a two-factor sign-on process. This is done past times inserting a armed services Common Access Card (CAC) into a split upward carte reader, which connects to the smartphone through Bluetooth. When a PIN code is entered on the phone, it volition validate the PIN against the CAC. This was also shown inwards a demonstration at the MWC inwards Barcelona, using a Samsung Milky Way due south III:



Demonstration of the two-factor sign-on process
using a Common Access Card (CAC)


On May iii it was announced that mobile devices equipped alongside the Samsung KNOX platform were approved past times the U.S.A. Department of Defense (DoD) for role inwards DoD networks. The BlackBerry 10 phones, the PlayBook tablet as well as the BlackBerry Enterprise Service 10 were also approved, as well as it's expected that Apple's iPhone as well as iPad should gain DoD blessing after this month.

However, these approvals exclusively grant access to unclassified DoD networks (like the NIPRNet), which is oftentimes non specifically stated inwards press reports. Until now, the exclusively mobile devices approved for access to classified networks are General Dynamics' Sectéra Edge as well as an NSA directed bear witness version of the Motorola Razr Maxx.

When equipped alongside GD Protected the LG Optimus as well as Samsung Milky Way due south IV volition endure the starting fourth dimension commercial available smartphones to teach access to classified networks. At the 2nd this tin exclusively endure used for Sensitive But Unclassified (SBU) communications, but General Dynamics is hoping to attain an NSA certification for classified communications (Confidential, Secret or fifty-fifty Top Secret) inwards 2014. Only past times hence may these phones teach access to secure networks similar the SIPRNet.
Updates:

Samsung announced on Oct 21, 2014 that NSA had approved the Milky Way Note iv as well as Milky Way S5 for role alongside classified U.S.A. regime networks as well as data.

As of August 2015, the GD Protected Solution left DISA's airplane pilot phase as well as became operational for users of the DoD as well as other federal agencies. They tin immediately access networks classified upward to the degree of Secret (like the SIPRNet) via commercial Samsung Milky Way smartphones nether what is officially called the DoD Mobility Classified Capability - Secret (DMCC-S). DISA volition immediately start testing devices that tin run inwards an TS-SCI environment.


A Boeing alternative?

Early 2012 non exclusively General Dynamics announced the evolution of a secure smartphone solution, but also the aerospace as well as defence companionship Boeing. The announcement of the latter companionship got most media attention, but this was likely mainly because (secure) phones seemed quite a foreign novel production for Boeing, which is past times most people exclusively known for its civil aircrafts. Influenza A virus subtype H5N1 preview tin endure constitute inwards this PDF-brochure of the Boeing Secure Mobile Enterprise program.



Unlike General Dynamics, Boeing has no history inwards making encryption products as well as equally General Dynamics already presented it's software terminal February, zilch was heard from Boeing anymore. After a asking inwards March, a Boeing spokesperson told this weblog, the companionship is even hence developing a trusted mobile device that volition serve the U.S.A. government, defence as well as safety market. When this telephone volition endure launched is non known yet.
Updates:

Boeing eventually launched it's secure mobile phone, called Boeing Black, inwards March 2014. This is a custom made device alongside dedicated safety features.

In Nov 2016 it was LG Optimus 3D Max, as well as 1 for the Samsung Milky Way due south IV smartphone. General Dynamics is looking to converge the 2 approaches inwards the future, equally good equally supporting a broader attain of Android devices. The pricing has yet to endure disclosed, but the companionship said it would endure licensed on a "very competitive" basis.

Both versions teach inwards possible to role the same smartphone for both accessing commercial telephone as well as cyberspace services equally good equally making encrypted vocalization calls, using secure electronic mail as well as fifty-fifty accessing classified networks.


Secure vocalization as well as information apps

These secure communications are provided past times a issue of approved apps from a controlled regime or enterprise app store. These include a Secure Voice over IP (SVoIP) app which encrypts vocalization communications as well as runs over the information network. Other app offerings volition include secure chat as well as secure video conferencing. These are expected to endure available inwards 2014.

With these apps the (voice) information volition endure secured using 2 independent layers of encryption, 1 at the VoIP layer, as well as the other at the VPN layer, using IPsec. Finally, these double encrypted information volition become through servers of the NSA to endure verified, logged, as well as re-encrypted, earlier beingness sent dorsum out to the carrier information network as well as on to its destination.

For authentication at that spot are a brace of authentication certificates residing on the handsets, equally good equally users beingness required to log-in alongside a password earlier they tin role the SIP server.


GD Protected for the LG Optimus

General Dynamics starting fourth dimension presented GD Protected at the Mobile World Congress (MWC), which was held inwards Barcelona from Feb 25-28, 2013. For this occasion, the production was installed on an LG Optimus 3D Max smartphone as well as demonstrated to press as well as public:



Demonstration of the LG Optimus 3D Max, secured past times General Dynamics


For this phone, GD Protected provides 2 split upward copies of the Android operating system, 1 for personal role as well as the other for trouble organisation use. Influenza A virus subtype H5N1 dedicated hardware push on the telephone is used to flip betwixt the 2 environments. This so-called dual-persona characteristic allows users to seamlessly switch betwixt personal as well as secure operating modes, indicated past times sparse dark-green as well as cherry borders, respectively.

The personal side is completely opened upward as well as acts exactly similar a conventional smartphone, whereas the secure side is to a greater extent than restricted. Data is firewalled betwixt the 2 sides so, for example, information from the secure side cannot endure accessed or copied over to the personal side, as well as the secure side cannot endure tampered alongside past times malware.

This partition of the handset into 2 split upward virtual smartphones is controlled past times the OKL4 mobile hypervisor or "microvisor" platform, which was gained past times General Dynamics from its acquisition of Open Kernel or OK Labs inwards September 2012.

Additional safety is provided past times the Fixmo Sentinel Integrity Services. This offers an integrity verification through advanced monitoring as well as remediation techniques, proactively detecting as well as preventing mobile device operating organisation tampering, policy violations, system-level state changes, as well as the presence of unverified 3rd political party apps. The Fixmo Sentinel Integrity Service was developed equally business office of an understanding alongside the NSA as well as is also used past times other governments.


Overview of the GD Protected solution for the LG Optimus smartphone
(source: Engadget.com)

Compared to the solution for the Samsung Milky Way smartphone (see below), the role of a dual Android operating organisation for the LG Optimus offers slightly less security, but nearly consummate liberty on the personal side of the phone. The secured LG Optimus 3D Max volition endure available through General Dynamics from the halt of July 2013.


GD Protected for the Samsung Galaxy

For the novel Samsung Milky Way due south IV smartphone, the GD Protected software comes on top of Samsung's KNOX platform, which was also presented at the Mobile World Congress inwards Feb as well as was developed inwards cooperation alongside General Dynamics. KNOX runs a Security Enhanced version of Android, or SE Android, which has been developed past times the U.S.A. National Security Agency (NSA).

The KNOX platform, which is available for regime as well as enterprise users only, protects both information which are stored on the smartphone as well as information which are sent as well as received. KNOX creates an isolated as well as secured container within the retentiveness area, alongside its ain dwelling theatre screen, launcher, applications, as well as widgets. Applications as well as information within the container are separated from applications exterior the container. This secured container is created past times a TrustZone-based Integrity Measurement Architecture (TIMA).

Stored information are encrypted using an Advanced Encryption Standard (AES) algorithm alongside a 256-bit key. For secure communications the Samsung KNOX container comes alongside a FIPS-certified VPN customer called "per-app VPN". This supports rigid IPSec VPN encryption, including Suite B cryptography, which is suited for the bulk of sensitive communications past times regime agencies.


Overview of the KNOX platform for the Samsung Milky Way due south IV
(source: Samsung.com)

With the additional GD Protected the master Android operating organisation of the Samsung Milky Way due south IV volition endure replaced past times a hardened Android version alongside fifty-fifty to a greater extent than safety measures. This replacement is done past times exactly calling General Dynamics alongside the IMEI issue as well as hence the Android operating organisation volition endure replaced via an over-the-air reflash.

The hardened operating organisation includes root certificates from General Dynamics that supervene upon those from Samsung. This agency that whatever subsequent changes involve to endure digitally signed past times General Dynamics, ensuring the integrity of the Android operating system.

Compared to the dual Android operating systems on the LG smartphone, the Samsung solution of installing novel firmware offers a slightly higher degree of safety but at the expense of user freedom. The GD Protected platform for the Milky Way due south IV volition endure available from May 2013.





Access to U.S.A. Department of Defense networks

General Dynamics' GD Protected platform was developed according to the requirements of the program for secure mobile communications, codenamed FISHBOWL, which was presented past times the NSA inwards Feb 2012. The goal of this programme is to supply a secure Voice over IP capability using commercial available devices that tin endure approved for treatment classified information.

In Oct 2012, the U.S.A. Department of Defense (DoD) announced that they were looking for manufacture contractors to prepare a secure communications organisation for at to the lowest degree 162.500 iPhones, iPads as well as Android systems. This should supply Pentagon plans to purchase iPhones, Androids inwards threat to BlackBerry’s marketplace share
- 25-02-2013: General Dynamics secures Samsung as well as LG Android smartphones
- 25-02-2013: LG Optimus 3D Max, as well as 1 for the Samsung Milky Way due south IV smartphone. General Dynamics is looking to converge the 2 approaches inwards the future, equally good equally supporting a broader attain of Android devices. The pricing has yet to endure disclosed, but the companionship said it would endure licensed on a "very competitive" basis.

Both versions teach inwards possible to role the same smartphone for both accessing commercial telephone as well as cyberspace services equally good equally making encrypted vocalization calls, using secure electronic mail as well as fifty-fifty accessing classified networks.


Secure vocalization as well as information apps

These secure communications are provided past times a issue of approved apps from a controlled regime or enterprise app store. These include a Secure Voice over IP (SVoIP) app which encrypts vocalization communications as well as runs over the information network. Other app offerings volition include secure chat as well as secure video conferencing. These are expected to endure available inwards 2014.

With these apps the (voice) information volition endure secured using 2 independent layers of encryption, 1 at the VoIP layer, as well as the other at the VPN layer, using IPsec. Finally, these double encrypted information volition become through servers of the NSA to endure verified, logged, as well as re-encrypted, earlier beingness sent dorsum out to the carrier information network as well as on to its destination.

For authentication at that spot are a brace of authentication certificates residing on the handsets, equally good equally users beingness required to log-in alongside a password earlier they tin role the SIP server.


GD Protected for the LG Optimus

General Dynamics starting fourth dimension presented GD Protected at the Mobile World Congress (MWC), which was held inwards Barcelona from Feb 25-28, 2013. For this occasion, the production was installed on an LG Optimus 3D Max smartphone as well as demonstrated to press as well as public:



Demonstration of the LG Optimus 3D Max, secured past times General Dynamics


For this phone, GD Protected provides 2 split upward copies of the Android operating system, 1 for personal role as well as the other for trouble organisation use. Influenza A virus subtype H5N1 dedicated hardware push on the telephone is used to flip betwixt the 2 environments. This so-called dual-persona characteristic allows users to seamlessly switch betwixt personal as well as secure operating modes, indicated past times sparse dark-green as well as cherry borders, respectively.

The personal side is completely opened upward as well as acts exactly similar a conventional smartphone, whereas the secure side is to a greater extent than restricted. Data is firewalled betwixt the 2 sides so, for example, information from the secure side cannot endure accessed or copied over to the personal side, as well as the secure side cannot endure tampered alongside past times malware.

This partition of the handset into 2 split upward virtual smartphones is controlled past times the OKL4 mobile hypervisor or "microvisor" platform, which was gained past times General Dynamics from its acquisition of Open Kernel or OK Labs inwards September 2012.

Additional safety is provided past times the Fixmo Sentinel Integrity Services. This offers an integrity verification through advanced monitoring as well as remediation techniques, proactively detecting as well as preventing mobile device operating organisation tampering, policy violations, system-level state changes, as well as the presence of unverified 3rd political party apps. The Fixmo Sentinel Integrity Service was developed equally business office of an understanding alongside the NSA as well as is also used past times other governments.


Overview of the GD Protected solution for the LG Optimus smartphone
(source: Engadget.com)

Compared to the solution for the Samsung Milky Way smartphone (see below), the role of a dual Android operating organisation for the LG Optimus offers slightly less security, but nearly consummate liberty on the personal side of the phone. The secured LG Optimus 3D Max volition endure available through General Dynamics from the halt of July 2013.


GD Protected for the Samsung Galaxy

For the novel Samsung Milky Way due south IV smartphone, the GD Protected software comes on top of Samsung's KNOX platform, which was also presented at the Mobile World Congress inwards Feb as well as was developed inwards cooperation alongside General Dynamics. KNOX runs a Security Enhanced version of Android, or SE Android, which has been developed past times the U.S.A. National Security Agency (NSA).

The KNOX platform, which is available for regime as well as enterprise users only, protects both information which are stored on the smartphone as well as information which are sent as well as received. KNOX creates an isolated as well as secured container within the retentiveness area, alongside its ain dwelling theatre screen, launcher, applications, as well as widgets. Applications as well as information within the container are separated from applications exterior the container. This secured container is created past times a TrustZone-based Integrity Measurement Architecture (TIMA).

Stored information are encrypted using an Advanced Encryption Standard (AES) algorithm alongside a 256-bit key. For secure communications the Samsung KNOX container comes alongside a FIPS-certified VPN customer called "per-app VPN". This supports rigid IPSec VPN encryption, including Suite B cryptography, which is suited for the bulk of sensitive communications past times regime agencies.


Overview of the KNOX platform for the Samsung Milky Way due south IV
(source: Samsung.com)

With the additional GD Protected the master Android operating organisation of the Samsung Milky Way due south IV volition endure replaced past times a hardened Android version alongside fifty-fifty to a greater extent than safety measures. This replacement is done past times exactly calling General Dynamics alongside the IMEI issue as well as hence the Android operating organisation volition endure replaced via an over-the-air reflash.

The hardened operating organisation includes root certificates from General Dynamics that supervene upon those from Samsung. This agency that whatever subsequent changes involve to endure digitally signed past times General Dynamics, ensuring the integrity of the Android operating system.

Compared to the dual Android operating systems on the LG smartphone, the Samsung solution of installing novel firmware offers a slightly higher degree of safety but at the expense of user freedom. The GD Protected platform for the Milky Way due south IV volition endure available from May 2013.





Access to U.S.A. Department of Defense networks

General Dynamics' GD Protected platform was developed according to the requirements of the program for secure mobile communications, codenamed FISHBOWL, which was presented past times the NSA inwards Feb 2012. The goal of this programme is to supply a secure Voice over IP capability using commercial available devices that tin endure approved for treatment classified information.

In Oct 2012, the U.S.A. Department of Defense (DoD) announced that they were looking for manufacture contractors to prepare a secure communications organisation for at to the lowest degree 162.500 iPhones, iPads as well as Android systems. This should supply Samsung Takes Low-Key Approach on Cellphones After Reaching the Top
- 28-02-2013: General Dynamics eyes government-level safety on smartphones
- 03-05-2013: DoD grants network access to Android, BlackBerry 10 devices
- 26-11-2013: DISA to Roll Out Unclassified as well as Classified Mobile Capabilities, App Store

Tidak ada komentar:

Posting Komentar