The military is looking to use off-the-self smartphones to assist their soldiers in their operations – that’s no secret by now. But they’ve hit a bit of a roadbump in doing so – most smartphone operating systems aren’t secure enough to facilitate this. DARPA has invited security experts from research universities and deep within the security field to propose an AES-256 capable system that could realistically be deployed in as little as 90 days and is fully compliant with the government’s requirements. Get it done, people – our soldiers need smartphones! [via TG Daily]
The military needs to pick a different platform or talk to Motorola.
I dont think its that hard. Take the latest hardware, add in some crypto chipset(in much the same way the gpu handles 3d and video de/encoding, this would handle encryption). With hardware based encryption, would take the load off of the software. Then of course lock down the software. Android is already open source and based off of linux. A lot of work has been done to harden linux like selinux, so port that over. So three steps, 1) encrypt the signal(ie all traffic) 2) Hardware based encryption(non removable encrypted storage too) and 3) harden the os(sandbox apps, selfdestruct mode).
Yes let’s outsource the integrity and security of military systems to the masses on a device that’s already built in the private sector. Then we’ll pocket the $5 Billion that we were given for this project.
It’s all been outsourced for many years now. Especially digital systems. Do you really think the US Government builds it’s own OS? No. It uses COTS or open-sourced software.
In fact, AES256 was “crowd-sourced” before that was even a word. Read “The Cathedral and the Bazaar”.
Good job on the spell checking, all you do is repost other websites content and on the RARE occasion that you actually write your own original content you can’t even notice a spelling mistake in the first line? Terrible.
i don’t see it…
off-the-sHelf
With AES-256 you must prevent the bad guy from obtaining the encryption key. Every phone that is issued to a soldier should have its own unique key. But how to keep the key from being discovered?
Use a signed bootloader. (PKI)
Build an Android image that does not offer developer mode.
Prevent sideloading of apps.
Since you want military security, only enable loading of apps from an approved Military “store”.
You can do that the same way the military does with all comsec gear: Use a removable key, that is easily destroyed.
Why not just put encryption from 2.6 back into the kernel,and then use a loopback file system or encrypt the whole device? Ubuntu has this already done.