The CSD 3324 telephone and fax system has provided the Department of Defense (DoD) with secure voice and fax communications for years. Using the AES 256-bit encryption algorithm and the Diffie-Hellman key exchange, this old work horse ensures that all messages get through safely. So if outdated voice and fax technology can be secure, then why can’t mobile devices?
For years in the DoD, desktops have been protected by technology known as trusted computing. At first highly mobile laptops like the Samsung Chrome Book or the Sony Ultra Book had the Trusted Platform Module (TPM) chip embedded on the motherboard. But now virtually every laptop has a TPM chip that is enabled in the operating system.
The Trusted Computing Group (TCG) is an international industry standards group that developed the specifications for the Trusted Platform Module (TPM), which is used to secure desktop and laptop computers. The TCG has developed a mobile solution based on TPM that mobile phone vendors can use to secure mobile devices by including the hardware root of trust in the device itself.
In its simplest form, a TPM mobile chip provides a secure storage location for certificates and encryption keys that is separate from other memory. Experts warn that TPM is not a panacea and must be used in conjunction with other security measures such as malware and anti-virus protection, whole disk encryption, and strong passwords or two-factor authentication.
Our data is precious and today software-based security is routinely thwarted by cyber criminals, which is why people are proposing we use hardware based security. The National Institute of Standards (NIST) recognizes these risks and has published a series of three special documents: Special Publication 800-147, Special Publication 800-155, and Special Publication 800-164 to explain the whys and hows of trusted computing.
TPM is ready for Primetime
According to a SANS Institute report, there are five reasons why TPM is ready for primetime:
1) Previously, TPM lacked enterprise support. Though well-used in defense agencies, TPM was a niche solution produced by niche players. TPM is now embedded in Microsoft Windows 8. Microsoft even includes TPM in every handheld device.
2) There is a growing and immediate need to protect the billions of smart phones on the planet.
3) There are new and advanced threats that can’t be protected by software based solutions like anti-virus. In 2011, the Mebromi attack occurred, where for the first time we saw a public BIOS attack. For more information about protecting the BIOS, please see NIST Special Publication 800-155 that “outlines the security components and security guidelines to establish a secure BIOS integrity and reporting channel”
4) We are starting to see wider industry support for the trusted computing standards.
5) Costs for TPM have dropped significantly. We now see TPM chips in virtually every laptop. Now with Mobile TPM, MicroSD chips are available to easily insert into mobile phones. These chips work in concert with the mobile phone processors. For more information on TPM Mobile you can read the Trusted Computing White Paper.
The Secure Communications Leader
Blackberry is the standard for secure mobile communications. Blackberry devices require the Blackberry Enterprise Server (BES), and all communications run across a private secure network. This is why Blackberry is the standard in banking, finance, and healthcare.
The new Blackberry 10 became the first solution to receive Full Operational Capability (FOC) to run on Department of Defense (DoD) networks. The achievement follows Blackberry’s Authority to Operate (ATO) certification.
Blackberry operates on the majority of the 470,000 DoD mobile phones, and with their new announcement, Blackberry hopes DoD will keep it that way. But times are changing and government employees are clamoring for other options. Can other commercial smart phones manufacturers provide the security that defense agencies need?
Three Roads to Safe
Three vendors think they can provide the level of security required by defense agencies —Microsoft, Samsung, and Boeing. Each vendor has a distinctly different approach to achieve their goal of providing ‘trusted mobiles’ to government.
Windows Trusted Mobile Platform
To make their mobile devices secure, Windows has embedded trusted computing into their Windows 8 operating system. Today nearly all Windows-based notebooks and tablets include the TPM chip. Now Microsoft is including this chip in all of their handhelds, which is clearly part of their strategy to become a provider of trusted mobile devices.
The TPM chips are made by manufacturers like Broadcom, Infineon Technologies and STM Microelectronics. A MicroSD card holds passwords, digital certificates and encryption keys to make the phone more secure. But Microsoft didn’t stop at TPM.
Using the Unified Extensible Firmware Interface, pronounced U-E-F-I, Microsoft eliminates bootkits and rootkits, malware that attempts to take control of the operating system. Microsoft’s Malware Resistance also drastically reduces the impact of all malware such as viruses, worms, Trojan horses, and spyware.
Microsoft Windows provides an entire suite of protection, starting with TPM at boot-up and including BitLocker for drive encryption, Microsoft Defender and Smart Screen Filters for malware protection, and AppLocker for securing applications. For more information about all of the Windows v8.1 security features go to this MS Technet Article.
Microsoft has taken a bold step into the world of trusted computing by embedding TPM into their operating system and including TPM chips on their handheld devices. Social media features in Windows 8 is sure to make it a hit among young soldiers, And its large screen will make it popular among all the aging boomers who need ‘arm extenders’ to read most phones.
Microsoft has the goods, but they’ve got some ground to make up on Samsung KNOX in terms of common criteria, NIST certifications and an ATO. Expect to see Microsoft become a dominant player in the world Trusted Mobiles.
Green Light for Samsung
Samsung’s long awaited approval and recent certification marks a shift in the DoD, as many employees, contractors and war-fighters hope to get their hands on a new Galaxy. The devices added to the approved list include the Galaxy S4 and the Galaxy Note 3. Samsung is working hard to get all its newer devices upgraded to the newest KNOX standards. Samsung took a different route than Microsoft. Rather than adopting the standards from the Trusted Computing Group and using a TPM, chip they developed their own architecture. Samsung is serious about security and does so in a holistic fashion as part of their Enterprise Mobility Management platform. Samsung calls their security platform KNOX after the fabled Fort in Kentucky
Samsung KNOX was developed specifically to overcome some of the shortcomings of the Android open source platform.
Samsung KNOX, like TPM, is primarily concerned with protecting the operating system. Samsung has developed three areas to specifically address the security at the OS level. 1) Secure Boot, a procedure that prevents the operating system from being hijacked during the startup or boot process. 2) SELinux for Android. Security Enhancements for Linux (SELinux) is a security feature developed by the NSA. To further protect their operating system Samsung has brought this feature to the Android platform. 3) TrustZone-based Kernel Integrity Measurement Architecture (TIMA) performs non-bypassable, continuous monitoring of the Android kernel.
Once the Galaxy device is safely booted up, it’s time to protect the apps. To ensure the security of individual applications, Samsung KNOX creates virtual Android containers so that enterprise applications and their data run in their own secure zone. To provide further protection, each application can have its own secure VPN. Application data can be encrypted as part of the whole device or individually per application.
In addition to their core capabilities in KNOX, Samsung provides other important security measures: Single Sign-On (SSO) with plug-ins to Active Directory, support for government Common Access Cards (CAC), and Theft Recovery.
Samsung has been very busy and now holds three of the most important certifications needed to do business with government.
On Feb 27, 2014, Samsung devices with KNOX received the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation certification, or what is simply referred to as Common Criteria.
Issued by the National Institutes of Standards (NIST), the Federal Information Processing Standard (FIPS) is one of the most important certification when it comes to security, because it certifies the type and level of encryption you use—If your encryption is the wrong type or too weak, your secret cipher is easily hacked. Samsung KNOX 2.0 now meets the requirements for FIPS 140-2 Level 1 certification for both data at rest, and data in transit.
The Defense Information Systems Agency (DISA) publishes Security Requirements Guides (SRGs) as processes to improve the security of information systems. SRGs guide the development of Security Technical Implementation Guides (STIGS). On May 2, 2013 DISA approved the STIG for Samsung KNOX drafted for the Mobile Operating System SRG
Now that the Government has given Samsung the green light, it should be an exciting time for government employees, who now have a new set of options for trusted mobile devices.
Boeing, the aerospace and defense contractor who is best known for building airplanes, just announced that it has begun offering a new mobile device specifically for government agencies. Boeing has packed the Android operating system into an all black handset that is sealed with epoxy and tamper proof screws. Any attempt to break in would delete the data and render the phone useless. The phone comes with two SIM cards to enable access to multiple networks.
Boeing built their new phone with security as the primary feature. To start, they incorporated the trusted computing architecture and included a TPM chip for securely storing encryption keys. Their security architecture includes Secure Boot to maintain the device image integrity. Hardware Root of Trust ensures software authenticity. The device cannot be hijacked. They include a Hardware Crypto Engine to protect both stored and transmitted data.
The Boeing Black is not yet commercially available so there are still a lot of unanswered questions, but from what we’ve seen the Boeing Black looks like an exciting entry into the field of trusted mobiles.
The world of mobility is changing rapidly. There are now more cell phones on the planet than there are people, and the number of smart phones just keeps growing. Government agencies have relied on trusted computing for years to ensure that applications and data are secured for classified communications. Blackberry has long been the de-factor standard and leader in secure communications, but now mobile manufactures are offering new alternatives. As mobility is growing up and becoming a part of the enterprise, mobile phones are becoming Trusted Mobiles.
This article was authored by Nate Rushfinn, Principal Enterprise Architect at CA Technologies. You can follow Nate on Twitter @Nate_Rushfinn.