Secure Android kernel could make for 'classified' smart phones

 

A research team from Google, George Mason University and the National Security Agency have developed a hardened kernel for the Android 3.0 operating system that could solve the problem of using smart phones in military operations and emergency response.

The kernel, which is in the final stages of certification testing, opens the way for the Army to begin issuing smart phones or tablet-type wireless devices to troops in combat operations.

The White House also is interested because the hardened kernel could help fulfill a government plan to create a secure national wireless network for first responders, Michael McCarthy, operations director of the Army’s Brigade Modernization Command’s Mission Command Complex, said in an interview with GCN's sister publication Defense Systems at the AUSA Annual Meeting and Exposition in Washington on Oct. 10. McCarthy also heads the service’s Connecting Soldiers to Digital Applications (CSDA) program, the lead organization involved in selecting handheld wireless technologies for military use.


Related stories:

Rising battlefield smart-phone use raises safety concerns

Android a likely target once mobile crime pays


One of the problems vexing Army smart phones has been getting the right security accreditation to operate on military networks and eventually on classified networks. This is particularly important to allow smart phones to connect into battlefield networks, McCarthy said. The initial goal is to get the hardware and software accredited.

“We have to have a way to verify the identity of the user of the smart phone. So it’s a triple-level security measure that we have to deal with,” he said.

There were delays in getting the operating system accredited until NSA came forward several months ago and offered to expedite the approval process, McCarthy said. The new effort kicked off with a series of meetings with CSDA program personnel and representatives from NSA and the National Institute of Standards and Technology.

The Android kernel is now being tested for a Federal Information Processing Standard 140-2 certification, which is expected by mid-October. “That’s the first level of security that we’ve got to get before we start moving onto being able to ultimately do secret [communications],” he said.

After the testing is complete, it is just a matter of filling out the certification paperwork, McCarthy said. “That is a game-changer for the security business because it then sets the conditions so that in the second quarter [late March 2012] they can do the certification of the Secure Sockets Layer, which then gives us the ability to operate at the classified levels,” he said.

In addition to the Army’s plans to provide troops with smart phones, the Obama administration was attracted to the technology to support two of its initiatives. One is an effort by the White House Communications Office to move the executive branch from BlackBerry devices to Android-based phones. The reason is because Android devices with the new kernel can be secured at a higher clearance level than BlackBerry devices, McCarthy said.

In June 2011, NSA approached McCarthy about working on the problem. The White House interest came from the Office of Science and Technology Policy, run by federal CTO Aneesh Chopra. “They had apparently been tracking the CSDA project on the Internet for several months, and they wanted me to come and give them a briefing,” he said.

McCarthy thought he was going to brief White House staffers, but instead he presented to Chopra, his deputy, senior representatives from the Justice Department and the FBI. The other, wider government interest tied into an ongoing White House initiative to create a secure, wireless national public safety infrastructure. The infrastructure would combine all of the nation’s public safety organizations into a secure wireless system, moving first responders away from radio-based systems. “It is potentially a multi-billion dollar effort,” he said.

Justice is the lead civilian agency working on the White House effort. There, the FBI and its scientists are the responsible for developing their version of CSDA. The FBI and Justice are also planning to conduct pilot projects, but on a larger scale than the Army, McCarthy said.

One of the concerns behind the government’s drive is that the radio communications networks used by federal, state and local response agencies are not very secure. This is a special concern for law enforcement and emergency response organizations’ operational channels, which could be subject to interception, spoofing and jamming. “They’re looking at replacing radio with a smart phone,” he said.


Reader Comments

Sat, Oct 22, 2011

@Joe The "tracking logs" for "these operating systems" are "disabled" because that's what any hacker would do to cover their tracks. Conspiracy theories are for nuts. Stop being a nut.

Tue, Oct 18, 2011 Joe

PENDING CENSORSHIP... So how will the government perform cyber-attacks on itself and blame the Chinese, Iranians or Russians with such secure operating systems? They need to have some issues built-in. Otherwise, they can't justify their massive security budgets. FYI, Google IS a branch of the CIA/NSA. You don't say the Special Forces AND the U.S. Army are working together. This is sugar coating to keep the public thinking they are a separate entity. Don't be fooled. And I'm sure the next time AL-CIA-DA has an event, the tracking logs for these operating systems will be mysteriously disabled.

Mon, Oct 17, 2011 Tim USA

I think that Mr McCarthy is a little over selling when he says that when he gets SSL then they will be able to handle multiple levels of security. It usually takes a little more than SSL to provide the appropriate separation for classification levels within and between devices

Fri, Oct 14, 2011

Putting national security and public safety comms only on the public cell network is a mistake. They are a very useful adjunct, but they should NEVER be the only available pipe. Cell towers, and the power and back-haul networks that support them, go down. Even if a radio system uses IP connections between towers, in most cases, if that IP connection goes down, people within that tower's footprint can still talk to each other. And in a mass-disaster situation, setting up a portable base station in a trailer is a lot easier than setting up a portable cell tower.

Fri, Oct 14, 2011

I think the article meant FIPS-140-2 validated crypto modules - not a hardened OS - the FIPS program validates crypto modules.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above