National Security Agency defines smartphone strategy: Think Android (maybe)

NSA "Fishbowl" smartphones now use Google Android, centralized routing back to NSA

America's intelligence agency, the National Security Agency (NSA), today disclosed how it's going to handle mobile security.

The NSA has come up with a security design that currently depends on Google Android smartphones, though the NSA contends it doesn't want to be wedded to any particular smartphone operating system. But its current "Fishbowl" phones, as they are called, are beefed-up highly secured Motorola Android smartphones that use double-encryption for voice traffic and a unique routing scheme for 3G network traffic back to the NSA first for security purposes. This design makes them suitable for classified information sharing with other like smartphones, according to Margaret Salter, technical director at NSA's information assurance directorate, who spoke about the so-called "Fishbowl" project, which today focuses on voice use of smartphones, at a session here today at the RSA Conference.

More: What's hot at RSA 2012 

"We wanted to use the commercial standards that are out there," said Margaret Salter, technical director in NSA's information assurance directorate. "We wanted plug and play — but that was hard." The NSA also wants interoperability in order not to be trapped in vendor lock-in, but this is turning out to be hard to achieve.

The NSA looked at SSL VPN as a standard and left no stone unturned in exploring commercial SSL VPN for mobile, but found utter lack of interoperability across vendor products. Salter said NSA also was frustrated with the lack of interoperability in Unified Communications Systems (UCS) products, noting that buying one piece often meant buying several others, there being little evidence of multi-vendor interoperability. So with some frustration, NSA changed to go with an open-source Session Initiation Protocol (SIP) server for the present.

NSA also switched its mobile security strategy toward IPSec VPN, where things looked better in terms of interoperability than SSL VPN, and selected the Secure Real-Time Transport Protocol for Voice App and Transport Layer Security (TLS) with keys. This all means "the voice call is doubly encrypted," Salter said. "There's VoIP encryption and IPsec encryption."

The NSA is relying on a alphabet soup of standards for its Fishbowl smartphones: Suite B IPSec, IKE v.2, Elliptic Curve Diffie-Hellman, Elliptic Curve DSA, the SHA2 hash, all well-known in security circles. The NSA contracted to build some elements of its Fishbowl smartphone prototypes on Motorola Android since what it wants isn't commercially available. But NSA wants it to be, and to that end is releasing the basic architecture with the hope the high-tech industry will get on board in software design. The NSA also has included a so-called "police app" to make sure everything is in place on the smartphone as it should be, said Salter. She noted a number of the NSA employees in the room were now carrying their Fishbowl phones with them, which she said showed surprisingly little voice delay, even with double encryption processes.

In publishing all its Fishbowl standards on the NSA website, "our hope is someone will show this to the vendors and say 'I want that,'" said Salter.

The NSA plans to propose its mobile security design as an internationally-oriented Common Criteria standard, with the idea that products would start to make it through the NIAP labs. The Defense Information Systems Agency (DISA), which is responsible for large-scale practical networking deployments for the military, "is looking at copying this on a large scale," said Salter. She added: "We'll be standing up an enterprise app market," noting that today there are a large number of people already writing apps for military purposes.

The mobile operating system question

Although NSA doesn't want to be wedded to one mobile operating system platform, its investigations into suitable choices have so far led it to Google Android mainly because with it you can change the underlying OS, and with Apple iOS for example, you can't, Salter noted. One change was made so digital certificates would be stored in a way NSA thinks is better.

"It's not our intention to only use Android," she adds. NSA has some misgivings about Android at any rate because the intelligence agency discovered that the phone manufacturers of Android smartphones are themselves changing the Android OS so much, that "Android is not Android. It's whatever the maker of the phone decides to put in." Salter said the NSA would be glad to see that aspect of Android somehow recede.

The NSA naturally already has various secure telephone systems, among them the older STU-III encryption phones. To get them all to work together, there will need to be some gateway systems, said Salter, and that's one reason that mobile telephony traffic is being routed from an undisclosed carrier back to NSA, which is based in Ft. Meade, Md., so this interoperability can be achieved as well as various security and authentication checks.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies