Boom times for mobile security
It seems that everyone wants secure communications these days, and concerns about government spying and data leakage are creating demand for products and services to encrypt and protect mobile communications.
Silent Circle, which provides end-to-end mobile encryption for consumers and enterprises, has enjoyed a well-publicized growth spurt since its launch earlier this year, and other entries in the market are expanding the portfolio of available secure products and services.
“There’s a hell of a lot of concern about privacy and interception of information,” said Stephen Bryen, CEO of Ziklag Systems, which provides hardened Android phones for the enterprise. “People used to say, ‘what do I need that for?’ I don’t hear that any more. Right now it’s not hard to tell people they need something like this.”
Ziklag’s recently-launched FortressFone creates a secure platform with hardware-based encryption on the phone and a customer-owned server to manage key exchange between secured phones. Another product, KoolSpan’s TrustChip, is a self-contained encryption and key management engine on a Secure Digital card that can be installed in just about any kind of mobile device for encrypted end-to-end communications, which makes it practical for both enterprises and individuals.
KoolSpan has targeted private- and government-sector organizations for its chip and accompanying app, called TrustCall, but has recently seen a spike of consumer interest, said CEO Gregg Smith.
“We’re now creating a strategy around this,” Smith said. “We’ve had a dramatic increase in leads.”
These companies have the National Security Agency to thank for much of this interest, of course.
Security has always been a challenge — not just developing the technology for it but also creating a demand for it at the user level. Government has been an easy target for companies because agencies can mandate security. Companies such as Motorola, with its Assured Mobile Environment (AME) 2000, already are in the secure communications market, focusing on agencies, including the military, that want to implement and manage secure mobile systems. Motorola’s AME 2000 integrates an Android smart phone with hardware and software features for encrypting voice and data for government customers. Keys are stored in hardware, and it uses the NSA’s Suite B encryption. The platform recently added remote device and application management from Fixmo.
Consumers have always been all for security and privacy as long as someone else provides it and it does not inconvenience them. But recent revelations of wholesale sweeps of domestic communications data by the NSA, coming on top of concerns about widespread espionage by foreign governments, have put secure communications front-of-mind for many people, and the market now is expanding beyond government and the handful of paranoid consumers who have been willing to wrestle with cryptography.
The processing power available in small devices now makes security of these devices necessary, but also more convenient. The microSD card used by KoolSpan has the processing power of an early IBM laptop, Smith said. This allows the chip to handle key generation and exchanges with other phones and perform 256-bit encryption. A key is generated for each packet with little if any degradation in voice quality, Smith said.
All well and good, says Ziklag’s Bryen. But if the phone itself is vulnerable to attacks, the encryption is not safe. So FortressFone is a proprietary phone using a hardened Android kernel to protect all phone functions.
“We take the phone and reengineer it,” he said. “We change it significantly to harden it.” Secure calls are set up, and keys managed over a secure VPN data link to the SIP server that links the hardened phones.
It is conceivable that in the not-too-distant future encryption chips will come standard in smart phones and tablets, making secure communications an off-the-shelf feature for consumers.
Posted by William Jackson on Jul 11, 2013 at 11:12 AM