The AME 1000 Secure Mobile Telephony System combines a hardware-based encryption and certification module with a software-based secure voice system.
With an eye towards the military and intelligence communities, Motorola has unveiled a mobile device that combines hardware- and software-based security. The new phone meets federal information security standards and, more important, provides National Security Agency (NSA)-approved Suite B encrypted voice communications.
Motorola’s AME 1000 Secure Mobile Telephony Solution consists of the ES400 enterprise smart phone with a CRYPTR micro encryption module, Apriva Voice software and an Apriva gateway infrastructure. Ruggedized to military specifications, the ES400 runs on the Microsoft Windows Mobile 6.5.3 operating system.
At the heart of the device is the Motorola CRYPTR module combining hardware-based encryption and key management in a microSD form factor. The hardware supports both Federal Information Processing Standard 140-2 Level 3 and full NSA Suite B cipher suites.
Secure voice communications are provided via Apriva Voice, an NSA Suite B voice over IP software application for AME 1000 users. The ES400 smart phone operates on both Code Division Multiple Access (CDMA) and Global System for Mobile Communications (GSM) networks. Because the device combines the advantages of a flexible global phone system and varying security capabilities, it provides government organizations with operational flexibility while avoiding product lock-in, said Gary Schluckbier, director of Motorola’s secure products group.
The smart phone and its support services provide forward and backward compatibility to legacy secure infrastructure and mobile devices, Motorola officials said. It also offers future Secure Real-Time Transport Protocol-Datagram Transport Layer Security (SRTP-DTLS) commercial standards through Apriva’s VOIP technology. Future AME 1000 releases will be on a variety of commercial mobile devices, Schluckbier said.
The AME 1000 system avoids the problems associated with systems relying solely on software and operating system-based security, Schluckbier said. This is because even when careful steps are taken to eliminate vulnerabilities in the hosting operating system, cryptographic keys and sensitive data may still be vulnerable to interception by other applications on the same platform.
“Commercial applications have no other choice but to depend on the OS to provide protection from other applications," he told GCN. "This makes even certified software-based cryptographic applications subject to the limitations and risks that stem from their dependence on the trustworthiness of the underlying OS.”
But by physically separating the key store and putting it in a separate hardware token, an “air gap” is created between the keys and the device’s general-purpose computing platform. In a hardware module, the keys are safe from any malware that may overcome the platform’s operating system, Schluckbier said. He added that additional physical anti-tamper mechanisms could protect the keys from physical probing and attacks on the system clock and power supply.