DOD's push for secure mobile comms leverages commercial tools
- By Terry Costlow
- Aug 26, 2013
Security, always a primary concern for military communications, is becoming more challenging as the growing power of digital technologies helps adversaries intercept and decrypt messages. In response, military planners are moving forward on many fronts, assessing commercial security technologies, biometrics and other technologies as they attempt to equip more warfighters with communications gear.
As the Defense Department strives to stay ahead of adversaries who want to listen in on secure communications, several concerns come into play. Strategists want to integrate tablets and smart phones so they can leverage rapid advances in technology and upgrade quickly. But they must also modernize security within the constraints of today’s tight budgets.
“Currently, the DOD has very, very secure communications, but [it’s] not affordable,” said Dan Losada, senior director for the Hughes Defense and Intelligence Systems Division. “There’s a big push to incorporate commercial encryption techniques, things like the NSA’s Suite B.”
Military planners also are looking at standards and commercial technology to enhance security while living within their budgets. Many are already making these moves. For example, the Mobile User Objective System (MUOS) uses security that’s based on commercial technologies.
“For MUOS, we wrapped security around Ericsson’s 3G technology, bringing it up to NSA certification Type 1,” said Iris Bombelyn, president of Narrowband Communications at Lockheed Martin. “One additional feature that’s good for the military is the ability to set up a group that listens but doesn’t broadcast,” she added. A team can get information they need for their mission without giving away their location by broadcasting.”
Military strategists contend that when DOD and commercial providers work together, the resulting improvements will elevate security for all mobile devices. Earlier this year, Greg Youst, DISA’s chief mobility engineer, met with Google, Apple and Samsung to discuss ways that the government’s strict security requirements will end up benefiting the commercial market. He suggested that they could benefit by helping DOD improve its security.
“What’s driving them to work with DOD and the federal government is that if they can get to our level of security, then they can go market out to the corporate world,” Youst said. “They’re leveraging the capability that they’re building for us by saying, ‘If we can make it secure enough for the DOD, we can give you a system for phone or mobile device management that will secure your banking information [or] your health information.’”
If the military adopts technologies used in the commercial world, commercial suppliers note, their long-term costs can be significantly pared.
“DOD doesn’t have to pay for development of the underlying technology,” Losada of Hughes said. “They also don’t have to pay for sustaining the technology and certifying products, which can account for as much as 60 percent of the overall costs.”
Phones and tablets
The military’s growing ambitions to implement tablets and smart phones is another factor behind the increased focus on security. Low costs and small sizes mean there will be lots of compact devices that are easy to lose.
Those factors carry a number of challenges that must be solved before these handheldsenter the force. Until then, military planners will rely on their own technologies to bring the same capabilities without the security challenges that come with commercial communications systems.
“MUOS terminals are designed to give people tablet capabilities without cybersecurity issues,” Bombelyn said. “Tablets will be a challenge to implement.”
Proponents of consumer devices note that there are significant benefits beyond cost and small form factors. Handhelds employ the latest microcontrollers and memory, so they can often handle complex tasks that take several pieces of older proprietary hardware.
“Tablets and smart phones make security easier by replacing a lot of proprietary pieces of equipment,” Losada of Hughes said. “When you look at standard DOD networks, there’s not one device, you end up with five or six pieces of equipment to set up a network.”
Others note that new handheld devices don’t necessarily have to hold a lot of data that can be retrieved if an adversary manages to gain access. That’s because these devices can rely on data stored in the cloud rather than the device.“Tablets and smart phones are mostly networked, there’s not much data stored locally,” Losada said. “If the device is lost, the only technology it has is the communication technology.”
While the servers that make up the cloud can be used to improve security, mobile communications gear must also incorporate security features. Biometrics, which is slowly gaining acceptance in industrial and consumer applications, is being eyed as a technology that can ensure that portable gear is being used only by authorized personnel.
Earlier this year, DOD awarded MorphoTrust a four-year, $17.8 million contract to maintain a central biometrics platform. AOptix and CACI International won a $3 million contract to provide the department with a smartphone solution for scanning users’ eyes, face, thumbs and voice.
Other suppliers are targeting DOD with ruggedized versions of products used in commercial applications. For example, Precise Biometrics is talking with DOD about adopting intelligent enclosures and attachable fingerprint scanners that can be added to portable equipment.
Precise Biometrics' Tactivo is a smart casing the company claims can “use a fingerprint to match against the fingerprint templates embedded on the government credential,” said Jeff Scott, vice president of North America sales. “One of the key factors in this acceptance will be the capabilities of Match-On-Card and the use of it with mobile solutions where the biometrics are stored on a personal device or a personal card and not in the cloud.”
Satellites and terminals also will require development of focused technologies to make biometrics effective in the field. Data packets from biometric sensors won’t be large, but they must be given high priority to ensure that authorization occurs without delaying communications data.
“We have a protocol that allows for low data rate information to provide biometric data,” Losada said. “When you’re sending an eye scan, you want to make sure it gets there quickly so you can get access to the network. That can be done with an access channel dedicated for small data transactions.”
As more mobile devices move into the field, other security steps must be taken to prevent adversaries from watching troop movements by monitoring traffic patterns. When warfighters move into remote areas, the spike in communications can alert foes monitoring signal activity.
“You need to protect data and obfuscate troop movement,” said Karl Fuchs,vice president of technology for iDirect Government Technologies. “To obfuscate activity, you need to make it look like there’s activity on the network all the time. Otherwise, a sudden increase in activity in an area where there have been only a few remotes can tell an adversary that’s something’s going on in that area.”