Secure Android kernel could make for 'classified' smart phones

A research team from Google, George Mason University and the National Security Agency have developed a hardened kernel for the Android 3.0 operating system that could solve the problem of using smart phones in military operations and emergency response.

The kernel, which is in the final stages of certification testing, opens the way for the Army to begin issuing smart phones or tablet-type wireless devices to troops in combat operations.

The White House also is interested because the hardened kernel could help fulfill a government plan to create a secure national wireless network for first responders, Michael McCarthy, operations director of the Army’s Brigade Modernization Command’s Mission Command Complex, said in an interview with GCN's sister publication Defense Systems at the AUSA Annual Meeting and Exposition in Washington on Oct. 10. McCarthy also heads the service’s Connecting Soldiers to Digital Applications (CSDA) program, the lead organization involved in selecting handheld wireless technologies for military use.

Related stories:

Rising battlefield smart-phone use raises safety concerns

Android a likely target once mobile crime pays

One of the problems vexing Army smart phones has been getting the right security accreditation to operate on military networks and eventually on classified networks. This is particularly important to allow smart phones to connect into battlefield networks, McCarthy said. The initial goal is to get the hardware and software accredited.

“We have to have a way to verify the identity of the user of the smart phone. So it’s a triple-level security measure that we have to deal with,” he said.

There were delays in getting the operating system accredited until NSA came forward several months ago and offered to expedite the approval process, McCarthy said. The new effort kicked off with a series of meetings with CSDA program personnel and representatives from NSA and the National Institute of Standards and Technology.

The Android kernel is now being tested for a Federal Information Processing Standard 140-2 certification, which is expected by mid-October. “That’s the first level of security that we’ve got to get before we start moving onto being able to ultimately do secret [communications],” he said.

After the testing is complete, it is just a matter of filling out the certification paperwork, McCarthy said. “That is a game-changer for the security business because it then sets the conditions so that in the second quarter [late March 2012] they can do the certification of the Secure Sockets Layer, which then gives us the ability to operate at the classified levels,” he said.

In addition to the Army’s plans to provide troops with smart phones, the Obama administration was attracted to the technology to support two of its initiatives. One is an effort by the White House Communications Office to move the executive branch from BlackBerry devices to Android-based phones. The reason is because Android devices with the new kernel can be secured at a higher clearance level than BlackBerry devices, McCarthy said.

In June 2011, NSA approached McCarthy about working on the problem. The White House interest came from the Office of Science and Technology Policy, run by federal CTO Aneesh Chopra. “They had apparently been tracking the CSDA project on the Internet for several months, and they wanted me to come and give them a briefing,” he said.

McCarthy thought he was going to brief White House staffers, but instead he presented to Chopra, his deputy, senior representatives from the Justice Department and the FBI. The other, wider government interest tied into an ongoing White House initiative to create a secure, wireless national public safety infrastructure. The infrastructure would combine all of the nation’s public safety organizations into a secure wireless system, moving first responders away from radio-based systems. “It is potentially a multi-billion dollar effort,” he said.

Justice is the lead civilian agency working on the White House effort. There, the FBI and its scientists are the responsible for developing their version of CSDA. The FBI and Justice are also planning to conduct pilot projects, but on a larger scale than the Army, McCarthy said.

One of the concerns behind the government’s drive is that the radio communications networks used by federal, state and local response agencies are not very secure. This is a special concern for law enforcement and emergency response organizations’ operational channels, which could be subject to interception, spoofing and jamming. “They’re looking at replacing radio with a smart phone,” he said.