UNCLASSIFIED – FOUO

Commercial Mobility Device (CMD)Way Forward

mark.norton@osd.mil703-607-0711

1

DoD Mobility TEMJuly 18 , 2011, Mitre

Unclassified: https://www.intelink.gov/sites/mobileSIPR: https://www.intelink.sgov.gov/sites/mobileJWICS:  https://www.intelink.ic.gov/sites/mobile

UNCLASSIFIED- FOUO

The Future is MobilityThe Future is Mobility

2

Go Forth & B Mobile - No Really Go …Go Forth & B Mobile - No Really Go …

UNCLASSIFIED- FOUO

GIG Transport Services Tiers

3

WGSCommercial SATCOM

UNCLASSIFIED - FOUO

Mobile Device Strategy

4

Mobile Strategy (Draft) Goals:1. Evolve the infrastructure to support mobile devices 2. Establish a common mobile application environment3. Enable mobile device security and information assurance

https://www.intelink.gov/sites/mobile

UNCLASSIFIED- FOUO

Core Policy Issues: Emphasizing Security, Spectrum, and App Management

5

Security- Data-at-Rest- Data-in-Transit- Two-factor Authentication- Mobile Device Management

Application Management - App Development / Portability- Data Interfacing across services/networks- Applications/system functionality- System operation

Spectrum • Commercial and Military waveforms• Commercial Coexistence commercial• TRANSEC• Anti-Jam

UNCLASSIFIED - FOUO6

CMD Memo Topics

-CMD Memo ( 6 Apr 2011) ( https://www.intelink.gov/sites/mobile)-Emphasizes the importance of adhering to existing security policies

-Component CIOs should thoroughly review the security requirements and consider the potential mitigations listed below before granting limited-use IATOs (Interim Authority to Operate) for devices with no currently approved STIG.

-Copies of IATOs, best practices, and results from completed or ongoing Component-level pilots and assessments should be forwarded to the DoD CIO Commercial Mobile Device Working Group (CMDWG)

-Defines Security Objectives/Challenges/Mitigations• Enterprise Management• Data Protection• Access Control • DoD Public Key Infrastructure (PKI) Credentials• Software/ Applications• Training

• CMD policy goal - Update Directive 8100.02

UNCLASSIFIED- FOUO

Selected Mobility Efforts

7

2011 Jul Aug Sep Oct Nov Dec 2011 Jan Feb Mar Apr

NSA “Fishbowl”Capability (needs revision)

3/4/11 Pilot IOC3/28/11 Working Solution5/4/11 Pilot FOC

8/2011 Operational FOC9/1/12 Service Delivery

Service Agency Pilots

DISA STIG Projections

06/2011 iOS GO MobileDraft STiG 8/15/11 RIM Playbook (Projected)

12/30/11 NSA Phone (projected)

DoD CIO 4/6/11 CMD Memo

06/2012 CMD DoDD

Formation of CMD Policies

8/11 Draft CMD Letter / DTM

Circuit SwitchedData Phase Out (In process)

Sprint (est) T-Mobile (est)

AT&T (gradual rollout)

Verizon (2012?)

Reuse MCEPCapabilities Explore Additional Use Cases

SME PED Rolling Out?

Adapt Infrastructure

Application Development / Hosting / Certification Strategy

Use Case Analysis (Pilot research)

NLCC Capability Closed VoSIP Pilot (In-house VoIP gateway testing, C&A)

Open VoSIP PilotConnectivity to Voice GWs

Data Pilot (Cellular & WiFi for U/FOUO, S, and/or TS)

Under Evaluation to Benefit Policy Development

9/11 CMD Letter / DTM

Formal CMD DoDI / DoDD Development

Upgraded Infrastructure (Notional)

09/2011 Android / Dell Streak (Projected)

UNCLASSIFIED - FOUO

CMD Security Overview

8

Use Cases

Requirements

U/FOUO SECRET TOP SECRET

• 128-bit AES Encryption • FIPS 140-2 L1

• 128bit AES Suite B or Type 1• FIPS 140-2 L2

‒TEMPEST‒Anti-tamper

• 256 Bit AES Suite B or Type 1• FIPS 140-2 L3

‒TEMPEST‒Anti-tamper

All Users

Mobile Device Management

• Auditing• Data-at Rest / Data-in-transit encryption• Remote wipe• Strong authentication• CMD peripheral control (Camera/GPS/Wi-Fi/etc.)

Transport• Broadband service• QoS

Mission Critical Services

• Low latency• High availability• Robust cellular roaming / persistent connectivity

Application Management

• Certified / Accredited Apps• Application Authorization• Centralized App Store

Gateways• Interoperable access• Redundancy• Cross domain support

Executive • Priority Access• Gateway(s) to C2 Networks

Wide-use • No additional requirements beyond “All Users”

TacticalSupport

• Ruggedized device• Delay tolerant networking• SAASM• TRANSEC• Anti-Jam

• Spectrum• Interoperability• Phase of conflict• Removal of fixed infrastructure vulnerability

‘Tactical support’ users will require unique

hardware, spectrum, infrastructure, and

networking requirements

UNCLASSIFIED//FOR OFFICIAL USE ONLY

Requirement iOSiOS

w/GOODAndroid

Android w/GOOD

Windows Mobile

Windows Mobile

w/GOODBlackberry

Data-in-Transit Protection

Data-at-Rest Protection

S/MIME (PKE)

Jailbreak / Root Detection/Protect

End-to-End Architecture

Mobile Device Management

Audit / Monitoring

User Preference

CMD /Operating System Security Matrix

++ ++ - - -

Low Security Risk Medium Security Risk High Security Risk

9

• Blackberry provides security advantage but offers limited user features

• Alternate approaches provide greater capability with reduced security

• New products such as Dell Streak may provide a balance of security and performance

UNCLASSIFIED – FOUO

DoD LTE Security Goals and Commercial Standard Vulnerabilities

DoD UserHAIPE/AES VPN

Encryptor

LTE Modem

Data Confidentiality and Integrity:Data frames protected with Type 1 / AES overlay. Guards data against sniffing, eavesdropping, interception, unauthorized access, mistaken identity, masquerading, modification, manipulation

Availability and Network Robustness:Management frames may not be authenticated or encrypted (based on ISP decision), which can lead to a logical DOS attack vulnerability (identity spoofing, base station impersonation, unauthorized disassociation)

Rudimentary DOS attacks may be launched, whereby the carrier signal is overpowered by RF noise, and the client is unable to synchronize with the base station

HAIPE/AES VPNEncryptor

LTE eNodeB

DoD Enclave Network (FOB, TOC, etc.)

Interoperability, Standards and Cross Vendor Support:LTE radios must have support for a common spectrum band in order to interoperate.

The security solution that provides authentication and data confidentiality must adhere to a standard that ensures key exchanges, encryption, and authentication negotiations are consistently performed in a heterogeneous network

Adversary

Eavesdropping

Man-in-the-middle

Denial-of-service

Rogue LTE eNodeB

LTE Modem

COMSEC (Overlay Security):Data Frames – Type 1 or AES encryption

TRANSEC (Native 3G Security):Management Frames – in the clearData Frames – DOCSIS 56 bit DES

Residual TRANSEC Risk:· Clear mgmt frames - denial of service attacks· LTE data security – possibly acceptable security,

however not FIPS 140 validated· RF signals susceptible - signal jamming

LTE Security Goals

Commercial Standard Vulnerabilities

UNCLASSIFIED - FOUO

The Cellular Solution

• The employment of cellular systems offers DoD with a seemingly ideal solution for Phase 4 of deployment – except: The placement of BTS – the environment

and the need to protect this infrastructure The security associated with the signaling

exchange Spectrum of cellular assignments Embedding the COMSEC Identity and assured user access

• BTS structures can be housed on mobile platforms and placed on secure sites, but environmental obstructions force extensive solutions

• Ownership of the BTS and MSC can offer solutions to signaling and the introduction of unwanted software

• Offsetting the spectrum offers a means to resolve the license issues• Embedded COMSEC and potential token solutions can be employed

11

While solutions exist for cellular implementations – the offered solution set falls short

UNCLASSIFIED - FOUO12

Metrics Mobile Device

Platform Lockheed MartinMONAX

General Dynamics:Itronix GD300

XG TechnologyXMAX TX70 Handset

EDGE Product DevelopmentBioread

OS Smartphone OS Android™ based on Linux XG OS Smartphone OS (prototyped w/ iPhone OS)

Security Non FIPS 140-2 , Supports ‘Good’ Security, Wi-Fi, Bluetooth, No PKI Infrastructure,Applications available via a private app store

Uses commercial-based security technologies (e.g. trusted platform module, high security bios, computer tracing agent, stealth control)

New security capabilities will be made available through software upgrades

FIPS, authentication, and encryption options (versions TBD)

Spectrum/ Data Rate/ Range

Enhanced version of commercial 3G wireless operating on different frequencies (TBD)

Compatible with tactical and land mobile radios ; has a wrist mounted radio interface kit to integrated with JTRS architecture/Data rate and range vary with wireless protocol

Uses DSA within ‘free’ spectrum between 902-928 MHz (unlicensed)/18 Mbps per basestation/2-5 miles

Wi-Fi, Bluetooth, and military waveforms (to be specified)/Data rate and range vary with wireless protocol (levies MONAX for long haul communications)

Performance/Capabilities

Doppler & GEO (SATCOM) delay-tolerant capabilities, LM App Store, extends connectivity several km away from 3G base station

Designed to work within JTRS architecture; has integratedSIRF Star III GPS and a high-gain quadrifilar-helix antenna

Prioritizes voice by dedicated timeslots and b/w to users – unlike traditional best effort VOIP services, Cognitive radio, works with Google VoiceAdjustable output power for unlicensed or licensed use

Measures pulse rate, blood oxygen, temperature, respiration, Heart (ECG) through wifi, bluetooth, or military waveform (to be specified)

Form Factor/ Network Integration

Portable sleeve, connects touch-screen COTS CMD to base infrastructures on ground or airborne platforms

wrist- / chest-mounted GPS unit  (8oz ruggedized); 3.5’ 800 x 480 touch screen display/Can integrate with JTRS communications (targeted towards Rifleman)

System infrastructure consisting of base stations, mobile switch centers, handsets, and modems. TX70 handset is dual-mode xMax and Wifi; with voice capabilities above 3G/4G

Wearable sensors connect to centralized data concentrator (within warfighter’s vest); can be remotely accessed through CMD

Military Applications of CMDs (Selected Examples)

• Multiple vendors/Mil R&D developing CMDs for edge applications

• Each vendor approaches CMD networking by leveraging different components of commercial architectures (i.e. operating system, closed cell based networks, commercial waveforms, etc)

• Systems offer performance features of commercial networks and are exploring ways to mitigate security risks

UNCLASSIFIED - FOUO

To be determined……

• Dual Persona

• Data Delivery Diversity (Local WLAN vs 3G/4G)

• Services of the future:

– CMD Voice over IP, etc

• Technology Wildcards

– Super Wi-Fi

– Contactless payments – near field communications

• Application Management –

– Metrics, Common Operating Environment

13

UNCLASSIFIED - FOUO

Way Forward

• New product evaluations

• Update Policy

– Re-examine security posture

– Common Operating Environment for CMD Applications

• Business case analysis

• Life cycle management

14

UNCLASSIFIED - FOUO

Federal Mobility Summit

15

Sponsors: Fed CIO Council/ISIMC/DoD/DoJ/Federal Business Council

Date/Time: 23-24 Aug /0800-1600

Location: UMUC, Auditorium/Conference Center, College Park MD

Max Attendees: 750 (USG Primarily-No Rank Requirements)

Focus: 6 Main DoD Mobility Issues Mentioned in TT's Memo/6 Apr 11 & Approximately 25 other Issues from the Rest of .gov

POA/Outcome: 1. Provide the Major Players with Our Issues B4 the Summit vs. Presentation of their Wares/Sell Products

2. Get their buy-in and/or assistance to work with us in fixing the big problems we have vs. piecemeal

solutions.

C3PO – Collaborate, Communicate, Connect & Produce Outcomes

UNCLASSIFIED - FOUO

CMD Policy Development Topics

16

• The following lists provide the criteria definition of minimum acceptable CMDs, OSs, and Applications

End Point Security PostureData-in-Transit Protection FIPS 140-2 validated cryptographyData-at-Rest Protection FIPS 140-2 validated cryptographyJailbreak/ Root Detection/ Protection

Ability to determine if security architecture has been compromised

Smart Card S/MIME operations Support for secure information using hardware-based certificates for authenticationWeb Browser CAC Auth Support for hardware-based certificate authentication to web servicesData-in-Transit Protection FIPS 140-2 validated cryptography

Enterprise Security PostureFirst Party Mobile Device Management (MDM) - capable

Platforms with access to APIs and an ability to enforce end point security services and policies

Third Party MDM - capable Platforms with limited first party capabilities which may still meet MDM requirementsOver-the-air patching capability Enterprise services able to patch/push CMD updates in a timely mannerAverage mitigation timeframe Time for vendor to patch discovered vulnerabilities

Code transparency Appropriate amount of code escrow (OS, kernel, drivers, software services) shared for security review and ability to add/enforce controls

InteroperabilityExchange profile support, security overlays, interface with Gateway and/or Mobility Management Center (Ex: TCP/IP, SIP)

Image management Ability to make “secure” local backups of the device data and appsIntegration of virtual/cloud services

Ability to control syncing of data and/or backups with enterprise services / cloud

UNCLASSIFIED - FOUO

CMD Policy Development Topics (Cont’d)

17

Industry / Market Analysis (Subjective - intended for decision support)Market share / market forecast

Current / future professional and industry adoption of COTS platforms

Active DoD Pilots Lessons learned and use case potentialLife of deployed devices How long do vendors support their productsSupplier Diversity Degree to which multiple, trusted suppliers of alternative products are available

Cost/Benefit Analysis Return to DoD based on required implementation challenges on existing COTS platforms

Security Posture Does the vendor take Security seriously? Secure SDLC, standard certification or independent review process

Application DevelopmentConsistent user interface Easier to develop apps when developer has a smaller variance between platformsHardware Variance Tailoring of software or Operating Systems to account for non-standard hardware chips, libraries,

and other specific qualities that require specialized programming Developer Tools Maturity, Training, best practices, open sourceSupport for security/application design patterns

Flexibility in app development and quicker C&A

Interoperability Network communication between apps and backend databases (Ex: HTML, XML)Portability Execution of application on different platforms (high level java app could be enhanced to work on

Android and BlackBerry) [Source code that efficiently moves between different platforms] (Flash, HTML5)