Think Android (maybe)

The NSA has come up with a security design that currently depends on Google Android smartphones, although the NSA contends it doesn't want to be wedded to any particular smartphone operating system. Nevertheless its current "Fishbowl" phones, as they are called, are beefed-up highly secured Motorola Android smartphones that use double-encryption for voice traffic and a unparalleled routing scheme for 3G network traffic back to the NSA first for security purposes. This design makes them suitable for classified information sharing with other like smartphones, according to Margaret Salter, technical director at NSA's information assurance directorate, who spoke about the so-called "Fishbowl" project, which today focuses on voice use of smartphones, at a session here today at the RSA Conference.

The NSA looked at SSL VPN as a standard

The NSA looked at SSL VPN as a standard and left no stone unturned in exploring commercial SSL VPN for mobile, however found utter lack of interoperability across vendor products. Salter said NSA as well was frustrated with the lack of interoperability in Unified Communications Systems products, noting that buying one piece often meant buying several others, there being little evidence of multi-vendor interoperability. So with some frustration, NSA changed to go with an open-source Session Initiation Protocol server for the present.

NSA as well switched its mobile security strategy toward IPSec VPN, where things looked better in terms of interoperability than SSL VPN, and selected the Secure Real-Time Transport Protocol for Voice App and Transport Layer Security with keys. This all means "the voice call is doubly encrypted," Salter said. "There's VoIP (Voice over Internet Protocol) encryption and IPsec encryption."

The NSA is relying on a alphabet soup of standards for its Fishbowl smartphones: Suite B IPSec, IKE v.2, Elliptic Curve Diffie-Hellman, Elliptic Curve DSA, the SHA2 hash, all so then-known in security circles. The NSA contracted to build some components of its Fishbowl smartphone prototypes on Motorola Android since what it wants isn't commercially available. Nevertheless NSA wants it to be, and for the purpose is releasing the basic architecture with the hope the high-tech industry will get on board in software design. The NSA as well has included a so-called "police app" to make sure everything is in place on the smartphone as it should be, said Salter. She noted a number of the NSA employees in the room were now carrying their Fishbowl phones with them, which she said showed surprisingly little voice delay, even with double encryption processes.

Although NSA doesn't want to be wedded to one mobile operating system platform, its investigations into suitable choices have so far led it to Google Android mainly because with it you can change the underlying OS, and with Apple iOS for instance, you can't, Salter noted. One change was made so digital certificates would be stored after a fashion NSA thinks is better.

Ellen Messmer writes about security and financial information innovation topics for Network World. Follow her on Twitter @MessmerE.

This free fully-functioning 30-day trial of GFI VIPRE Business is designed to optimize overall performance by melding antivirus and antispyware at the same time into one powerful engine.

Detailed description of Good Innovation's Security

This white paper provides a detailed description of Good Innovation's Security and Architecture. It provides an overview of the changing landscape of mobile technologies within the enterprise and enumerates the key mobile device challenges faced by enterprise and government organizations. It describes how Good's solution helps administrators manage and control their mobile deployments during maintaining a high level of security that encapsulates enterprise data.