Army program for secure Android kernel technology gets attention of NSA and White House

Development strategy allows military smart phones to securely access classified networks

A major hurdle preventing the wider deployment of smart phones across the U.S. military may have been overcome, and it’s got the White House’s attention.

One of the key problems in providing wireless devices to military personnel is securing communications and providing some type of user verification. A research team from Google, George Mason University and the National Security Agency has potentially solved this by developing a hardened kernel for the Android 3.0 operating system. The kernel, which is in the final stages of certification testing, opens the way for the Army to begin issuing smart phones or tablet type wireless devices to troops in combat operations.

The White House has also been following the Army’s efforts because the hardened kernel capability could help fulfill a government plan to create a secure national wireless network for first responders, said Michael McCarthy, operations director of the Army’s Brigade Modernization Command’s Mission Command Complex, who spoke to Defense Systems at the AUSA Annual Meeting and Exposition in Washington on October 10. McCarthy also heads the service’s Connecting Soldiers to Digital Applications (CSDA) program, the lead organization involved in selecting handheld wireless technologies for military use.

One of the problems vexing Army smart phones has been getting the right security accreditation to operate on military networks and eventually on classified networks. This is particularly important to allow smart phones to connect into battlefield networks, McCarthy said. The initial goal is to get the hardware and software accredited. “We have to have a way to verify the identity of the user of the smart phone. So it’s a triple level security measure that we have to deal with,” he said.

But there were delays in getting the operating system accredited until the NSA came forward several months ago and offered to expedite the approval process, McCarthy said. The new effort kicked off with a series of meetings with CSDA program personnel and representatives from the NSA and the National Institute of Standards and Technology. The Android kernel about a month ago is now being tested for a Federal Information Processing Standard 104-2 certification, which is expected by mid-October. “That’s the first level of security that we’ve got to get before we start moving onto being able to ultimately do secret,” he said.

After the testing is complete, it is just a matter of filling out the certification paperwork, McCarthy said. “That is a game changer for the security business because it then sets the conditions so that in the second quarter [late March 2012] they can do the certification of the secure socket layer, which then gives us the ability to operate at the classified levels,” he said.

In addition to the Army’s plans to provide troops with smart phones, the Obama administration was attracted to the technology to support two of its initiatives. One is an effort by the White House Communications Office to move the executive branch from BlackBerry based devices to Android-based phones. The reason for the desire to move is because Android devices, with the new security kernel can be secured at a higher clearance level than BlackBerry devices, McCarthy said.

In June, 2011 McCarthy was approached by the NSA to help work on the problem. The White House interest came from the Office of Science and Technology Policy, which supports Aneesh Chopra, the government’s CTO. “They had apparently been tracking the CSDA project on the Internet for several months, and they wanted me to come and give them a briefing,” he said.

McCarthy thought he was going to brief White House staffers, but instead he presented to Chopra, his deputy, senior representatives from the Justice Department and the FBI. The other, wider government interest tied into an ongoing White House initiative to create a secure, wireless national public safety infrastructure. The infrastructure would combine all of the nation’s public safety organizations into a secure wireless system, moving first responders away from radio-based systems. “It is potentially a multi-billion dollar effort,” he said.

Justice is the lead civilian agency working on the White House effort. There, the FBI and its scientists are the responsible for developing their version of CSDA. The FBI and Justice are also planning to conduct pilot projects, but on a larger scale than the Army, McCarthy said.

One of the concerns behind the government’s drive is that the radio communications networks used by federal, state and local response agencies are not very secure. This is a special concern for law enforcement and emergency response organizations’ operational channels, which could be subject to interception, spoofing and jamming. “They’re looking at replacing radio with a smart phone,” he said.


Reader Comments

Wed, Nov 2, 2011 Trust

Can you TRUST phone or tablet hardware that is manufactured in China?

Thu, Oct 20, 2011 Fanboy

I am confused. I know of a major teir 1 manufacturer that is shipping Hardened Android (2.2?) that already has FIPS 140-2 and DISA STIG certifications. 3 is nice but when the device gets hardened does the latest version really make a difference.

Mon, Oct 17, 2011 Martin Atayo Washington,DC

Though I was never part of brainstorming team on this critical adroid wireless secure design,the security could intriguely pose complex security risk to our men and women at danger zone by reason of permeability, vulnerability and interference possibility.Device user identity at a given time may has potential of misleading information that favors first time device registrant information. Reliability to some degree hinges more,on auto-finger prints at a single touch and auto-reporting visual characteristics of device user. More critical security contributions are possible in the long and short term contexts in formulating algorithms that guarantee security and secrecy for our men and women in uniforms...(Technologist)

Mon, Oct 17, 2011 Eric

I read this article with interest and heard about this a week ago. Amusing as Mobile Active Defense has been doing this for over 6 months now and HAS a custom kernal for multiple Android devices but in addition has a full management and security interface to manage this end to end IPSec solution. A system which features a stateful inspection firewall, etc and so on. And btw, the same interface also supports iOS and Windows Mobile.

Tue, Oct 11, 2011 ConfusedIAM

The question to ask is what FIPS Security level are they trying to achieve L1, L2, L3 or L4? L1 is just a start, but the others require time, and time efficiencies are not what the accreditation members are known for. And we have no idea what our nut-case politicians will do with our budgets for those efforts.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above