USMobile

NSA-grade encryption for mobile over untrusted networks

The only term being thrown around government more than “2016 elections” these days is “cybersecurity,” particularly following a rash of damaging and high-profile data breaches. With that focus on protecting information top of mind in agencies, USMobile officials hope to find a ready market for their commercial app, which lets government workers use their personal smartphones for top-secret communications.

Called Scrambl3, the app creates a secure virtual-private network that connects bring-your-own devices to an agency server to send messages using end-to-end encryption. Irvine, Calif.- based USMobile developed the Scrambl3 technology  when team members worked with the National Security Agency to create “Fishbowl,” a secure phone network available only to Defense Department users via the DOD Information Network.

“We’ve implemented Fishbowl in the form of a software-defined network, so all of those typical hardware components that you’d find in a mobile network -- routers, VPNs, gateways, firewalls, proxy servers -- all of those components are expressed or implemented in our system in the form of software,” said Jon Hanour, USMobile’s president and CEO. “We’ve made an affordable version of Fishbowl.”

When the turnkey solution comes to market in October, it will work with Android and Apple iOS devices. It uses the Security-Enhanced Linux operating system and a defense-in-depth approachThe layered approach uses a VPN connection with an encrypted VoIP call travelling within.When an agency deploys Scrambl3 Enterprise, administrators will set up what USMobile calls Black Books, or lists of contacts that each user can communicate with via the VPN.

“A lower-level person wouldn’t necessarily have the director of that particular agency listed,” Hanour said. “Conversely, the director of that particular agency would have [a] contact list populated with people that are at the higher levels of management.”

When a user logs into the app on a smartphone, it creates a VPN that connects to the agency’s server, whether it’s in the cloud or on premises. Currently, Scrambl3 Enterprise software is deployed only on IBM Power Systems Linux servers.

A two-rack server can handle up to 3,000 concurrent calls, Hanour said, a capacity “that would handle comfortably an agency of 50,000 people.”

Once connected, users can see who in their Black Book is also logged in, as indicated by a green dot next to the name, and then select the mode of communication: email, voice call or text. Both senders and recipients would need to have Scrambl3 installed.

“Once you establish this powerful VPN, you can run anything through it,” Hanour said. “Anything that you can put on a server, you can use Scrambl3 to communicate with.”

Calls are highly encrypted until they reach the recipient, where the app decrypts them. That communication happens at a top-secret-grade level as specified by NSA. Despite that encryption/decryption process, Hanour said, latency is unnoticeable.

For additional protection, nothing is recorded – users can’t even leave voicemail – unless an agency specifies otherwise. For instance, Hanour said, some law enforcement regulations require that all communication among officers be recorded.

The law enforcement community is a prime target customer for Scrambl3 because public cell phone networks don’t meet heightened police security standards, and photographic evidence requires a secure uploading process.

To use Scrambl3, agencies don’t need mobile device management systems, but it integrates with any that might exist.

“The advantage of this architecture is that the communication that the mobile device management software would typically have with the device, that communication can now run inside the VPN, so it makes that even more secure,” Hanour said. “It creates value for the mobile device management system as well because you can protect it inside the VPN.”

Licensing fees for Scrambl3 depend on the number of users, but typically start at $5 per user per month. The most it would cost, Hanour said, is about $10 per user per month.

Right now, Scrambl3 for Android is available in beta form in the Google Play Store for testing. Scramble3 for iOS will be available next month.

The beta version does not include all Scrambl3’s features, such as conference calling. When the release version is up and running in October, Scrambl3 will offer the only top-secret-grade conference call capability outside DOD’s network, Hanour said. Users will be able to initiate a conference call by touching a few people’s names and pressing the call button.

Besides law enforcement, Hanour sees potential customers in several types of government operations, including health care, the State Department when conducting diplomatic relations and even individual politicians, who might want to communicate in absolute privacy.

“The whole idea is to create trusted communications over untrusted networks (i.e., the Internet),” Hanour said.

About the Author

Stephanie Kanowitz is a freelance writer based in northern Virginia.

inside gcn

  • big data images (By adike/Shutterstock.com)

    Machine learning enlisted for Defense applications

Reader Comments

Fri, Jul 29, 2016 BYson

Guys WEAK UP. DO YOU REALLY THINK NSA WOULD CREAT AN APP THAT THEY CAN'T CONTROL ??? PLEASEEE STOP TO DREAM.

Fri, Aug 21, 2015

Will this work from the local Starbucks at lunchtime?

Wed, Aug 19, 2015 Barry

So I use ironsocket vpn and hooray!It has been a success to be able to have ironsocket that gives 100% protection from hackers or whoever.! We can't avoid unwanted networks that's why we have to be more careful. I connect to any wifi zones anywhere I go and I feel safe on anything I scan ,download, etc. in my mobile.

Tue, Aug 18, 2015 Steven

Ban on encryption is impossible. This is understatement made by people that doesn't even have a clue that whole internet is practically encrypted. Though I doubt that you can expect a complete privacy and security from free applications. Only companies like http://cilentcircle.com and https://phantomencrypt.com/ provide complete privacy and security on mobile communications.

Fri, Aug 14, 2015 Jon

The NSA Fishbowl (secure phone) project became the architectural foundation of the current NSA “Mobility Capability Package,” which has been deployed within the Department of Defense for Top Secret Classified mobile communication. The most salient feature of the “Fishbowl” project was to protect encrypted VoIP (application layer) within a VPN (transport layer) where both of these layers/tunnels are independently secured by employing NSA Suite B encryption algorithms and Internet protocols that the NSA approved for Top Secret applications. USMobile is the first commercial application to implement this architecture for mobile voice and text, which offers the highest available security for individuals who are high-value targets for hackers.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group