dmg tem2011-0718-02 norton cmd disa mitre overview - v9
DESCRIPTION
TRANSCRIPT
UNCLASSIFIED – FOUO
Commercial Mobility Device (CMD)Way Forward
1
DoD Mobility TEMJuly 18 , 2011, Mitre
Unclassified: https://www.intelink.gov/sites/mobileSIPR: https://www.intelink.sgov.gov/sites/mobileJWICS: https://www.intelink.ic.gov/sites/mobile
UNCLASSIFIED- FOUO
The Future is MobilityThe Future is Mobility
2
Go Forth & B Mobile - No Really Go …Go Forth & B Mobile - No Really Go …
UNCLASSIFIED- FOUO
GIG Transport Services Tiers
3
WGSCommercial SATCOM
UNCLASSIFIED - FOUO
Mobile Device Strategy
4
Mobile Strategy (Draft) Goals:1. Evolve the infrastructure to support mobile devices 2. Establish a common mobile application environment3. Enable mobile device security and information assurance
https://www.intelink.gov/sites/mobile
UNCLASSIFIED- FOUO
Core Policy Issues: Emphasizing Security, Spectrum, and App Management
5
Security- Data-at-Rest- Data-in-Transit- Two-factor Authentication- Mobile Device Management
Application Management - App Development / Portability- Data Interfacing across services/networks- Applications/system functionality- System operation
Spectrum • Commercial and Military waveforms• Commercial Coexistence commercial• TRANSEC• Anti-Jam
UNCLASSIFIED - FOUO6
CMD Memo Topics
-CMD Memo ( 6 Apr 2011) ( https://www.intelink.gov/sites/mobile)-Emphasizes the importance of adhering to existing security policies
-Component CIOs should thoroughly review the security requirements and consider the potential mitigations listed below before granting limited-use IATOs (Interim Authority to Operate) for devices with no currently approved STIG.
-Copies of IATOs, best practices, and results from completed or ongoing Component-level pilots and assessments should be forwarded to the DoD CIO Commercial Mobile Device Working Group (CMDWG)
-Defines Security Objectives/Challenges/Mitigations• Enterprise Management• Data Protection• Access Control • DoD Public Key Infrastructure (PKI) Credentials• Software/ Applications• Training
• CMD policy goal - Update Directive 8100.02
UNCLASSIFIED- FOUO
Selected Mobility Efforts
7
2011 Jul Aug Sep Oct Nov Dec 2011 Jan Feb Mar Apr
NSA “Fishbowl”Capability (needs revision)
3/4/11 Pilot IOC3/28/11 Working Solution5/4/11 Pilot FOC
8/2011 Operational FOC9/1/12 Service Delivery
Service Agency Pilots
DISA STIG Projections
06/2011 iOS GO MobileDraft STiG 8/15/11 RIM Playbook (Projected)
12/30/11 NSA Phone (projected)
DoD CIO 4/6/11 CMD Memo
06/2012 CMD DoDD
Formation of CMD Policies
8/11 Draft CMD Letter / DTM
Circuit SwitchedData Phase Out (In process)
Sprint (est) T-Mobile (est)
AT&T (gradual rollout)
Verizon (2012?)
Reuse MCEPCapabilities Explore Additional Use Cases
SME PED Rolling Out?
Adapt Infrastructure
Application Development / Hosting / Certification Strategy
Use Case Analysis (Pilot research)
NLCC Capability Closed VoSIP Pilot (In-house VoIP gateway testing, C&A)
Open VoSIP PilotConnectivity to Voice GWs
Data Pilot (Cellular & WiFi for U/FOUO, S, and/or TS)
Under Evaluation to Benefit Policy Development
9/11 CMD Letter / DTM
Formal CMD DoDI / DoDD Development
Upgraded Infrastructure (Notional)
09/2011 Android / Dell Streak (Projected)
UNCLASSIFIED - FOUO
CMD Security Overview
8
Use Cases
Requirements
U/FOUO SECRET TOP SECRET
• 128-bit AES Encryption • FIPS 140-2 L1
• 128bit AES Suite B or Type 1• FIPS 140-2 L2
‒TEMPEST‒Anti-tamper
• 256 Bit AES Suite B or Type 1• FIPS 140-2 L3
‒TEMPEST‒Anti-tamper
All Users
Mobile Device Management
• Auditing• Data-at Rest / Data-in-transit encryption• Remote wipe• Strong authentication• CMD peripheral control (Camera/GPS/Wi-Fi/etc.)
Transport• Broadband service• QoS
Mission Critical Services
• Low latency• High availability• Robust cellular roaming / persistent connectivity
Application Management
• Certified / Accredited Apps• Application Authorization• Centralized App Store
Gateways• Interoperable access• Redundancy• Cross domain support
Executive • Priority Access• Gateway(s) to C2 Networks
Wide-use • No additional requirements beyond “All Users”
TacticalSupport
• Ruggedized device• Delay tolerant networking• SAASM• TRANSEC• Anti-Jam
• Spectrum• Interoperability• Phase of conflict• Removal of fixed infrastructure vulnerability
‘Tactical support’ users will require unique
hardware, spectrum, infrastructure, and
networking requirements
UNCLASSIFIED//FOR OFFICIAL USE ONLY
Requirement iOSiOS
w/GOODAndroid
Android w/GOOD
Windows Mobile
Windows Mobile
w/GOODBlackberry
Data-in-Transit Protection
Data-at-Rest Protection
S/MIME (PKE)
Jailbreak / Root Detection/Protect
End-to-End Architecture
Mobile Device Management
Audit / Monitoring
User Preference
CMD /Operating System Security Matrix
++ ++ - - -
Low Security Risk Medium Security Risk High Security Risk
9
• Blackberry provides security advantage but offers limited user features
• Alternate approaches provide greater capability with reduced security
• New products such as Dell Streak may provide a balance of security and performance
UNCLASSIFIED – FOUO
DoD LTE Security Goals and Commercial Standard Vulnerabilities
DoD UserHAIPE/AES VPN
Encryptor
LTE Modem
Data Confidentiality and Integrity:Data frames protected with Type 1 / AES overlay. Guards data against sniffing, eavesdropping, interception, unauthorized access, mistaken identity, masquerading, modification, manipulation
Availability and Network Robustness:Management frames may not be authenticated or encrypted (based on ISP decision), which can lead to a logical DOS attack vulnerability (identity spoofing, base station impersonation, unauthorized disassociation)
Rudimentary DOS attacks may be launched, whereby the carrier signal is overpowered by RF noise, and the client is unable to synchronize with the base station
HAIPE/AES VPNEncryptor
LTE eNodeB
DoD Enclave Network (FOB, TOC, etc.)
Interoperability, Standards and Cross Vendor Support:LTE radios must have support for a common spectrum band in order to interoperate.
The security solution that provides authentication and data confidentiality must adhere to a standard that ensures key exchanges, encryption, and authentication negotiations are consistently performed in a heterogeneous network
Adversary
Eavesdropping
Man-in-the-middle
Denial-of-service
Rogue LTE eNodeB
LTE Modem
COMSEC (Overlay Security):Data Frames – Type 1 or AES encryption
TRANSEC (Native 3G Security):Management Frames – in the clearData Frames – DOCSIS 56 bit DES
Residual TRANSEC Risk:· Clear mgmt frames - denial of service attacks· LTE data security – possibly acceptable security,
however not FIPS 140 validated· RF signals susceptible - signal jamming
LTE Security Goals
Commercial Standard Vulnerabilities
UNCLASSIFIED - FOUO
The Cellular Solution
• The employment of cellular systems offers DoD with a seemingly ideal solution for Phase 4 of deployment – except: The placement of BTS – the environment
and the need to protect this infrastructure The security associated with the signaling
exchange Spectrum of cellular assignments Embedding the COMSEC Identity and assured user access
• BTS structures can be housed on mobile platforms and placed on secure sites, but environmental obstructions force extensive solutions
• Ownership of the BTS and MSC can offer solutions to signaling and the introduction of unwanted software
• Offsetting the spectrum offers a means to resolve the license issues• Embedded COMSEC and potential token solutions can be employed
11
While solutions exist for cellular implementations – the offered solution set falls short
UNCLASSIFIED - FOUO12
Metrics Mobile Device
Platform Lockheed MartinMONAX
General Dynamics:Itronix GD300
XG TechnologyXMAX TX70 Handset
EDGE Product DevelopmentBioread
OS Smartphone OS Android™ based on Linux XG OS Smartphone OS (prototyped w/ iPhone OS)
Security Non FIPS 140-2 , Supports ‘Good’ Security, Wi-Fi, Bluetooth, No PKI Infrastructure,Applications available via a private app store
Uses commercial-based security technologies (e.g. trusted platform module, high security bios, computer tracing agent, stealth control)
New security capabilities will be made available through software upgrades
FIPS, authentication, and encryption options (versions TBD)
Spectrum/ Data Rate/ Range
Enhanced version of commercial 3G wireless operating on different frequencies (TBD)
Compatible with tactical and land mobile radios ; has a wrist mounted radio interface kit to integrated with JTRS architecture/Data rate and range vary with wireless protocol
Uses DSA within ‘free’ spectrum between 902-928 MHz (unlicensed)/18 Mbps per basestation/2-5 miles
Wi-Fi, Bluetooth, and military waveforms (to be specified)/Data rate and range vary with wireless protocol (levies MONAX for long haul communications)
Performance/Capabilities
Doppler & GEO (SATCOM) delay-tolerant capabilities, LM App Store, extends connectivity several km away from 3G base station
Designed to work within JTRS architecture; has integratedSIRF Star III GPS and a high-gain quadrifilar-helix antenna
Prioritizes voice by dedicated timeslots and b/w to users – unlike traditional best effort VOIP services, Cognitive radio, works with Google VoiceAdjustable output power for unlicensed or licensed use
Measures pulse rate, blood oxygen, temperature, respiration, Heart (ECG) through wifi, bluetooth, or military waveform (to be specified)
Form Factor/ Network Integration
Portable sleeve, connects touch-screen COTS CMD to base infrastructures on ground or airborne platforms
wrist- / chest-mounted GPS unit (8oz ruggedized); 3.5’ 800 x 480 touch screen display/Can integrate with JTRS communications (targeted towards Rifleman)
System infrastructure consisting of base stations, mobile switch centers, handsets, and modems. TX70 handset is dual-mode xMax and Wifi; with voice capabilities above 3G/4G
Wearable sensors connect to centralized data concentrator (within warfighter’s vest); can be remotely accessed through CMD
Military Applications of CMDs (Selected Examples)
• Multiple vendors/Mil R&D developing CMDs for edge applications
• Each vendor approaches CMD networking by leveraging different components of commercial architectures (i.e. operating system, closed cell based networks, commercial waveforms, etc)
• Systems offer performance features of commercial networks and are exploring ways to mitigate security risks
UNCLASSIFIED - FOUO
To be determined……
• Dual Persona
• Data Delivery Diversity (Local WLAN vs 3G/4G)
• Services of the future:
– CMD Voice over IP, etc
• Technology Wildcards
– Super Wi-Fi
– Contactless payments – near field communications
• Application Management –
– Metrics, Common Operating Environment
13
UNCLASSIFIED - FOUO
Way Forward
• New product evaluations
• Update Policy
– Re-examine security posture
– Common Operating Environment for CMD Applications
• Business case analysis
• Life cycle management
14
UNCLASSIFIED - FOUO
Federal Mobility Summit
15
Sponsors: Fed CIO Council/ISIMC/DoD/DoJ/Federal Business Council
Date/Time: 23-24 Aug /0800-1600
Location: UMUC, Auditorium/Conference Center, College Park MD
Max Attendees: 750 (USG Primarily-No Rank Requirements)
Focus: 6 Main DoD Mobility Issues Mentioned in TT's Memo/6 Apr 11 & Approximately 25 other Issues from the Rest of .gov
POA/Outcome: 1. Provide the Major Players with Our Issues B4 the Summit vs. Presentation of their Wares/Sell Products
2. Get their buy-in and/or assistance to work with us in fixing the big problems we have vs. piecemeal
solutions.
C3PO – Collaborate, Communicate, Connect & Produce Outcomes
UNCLASSIFIED - FOUO
CMD Policy Development Topics
16
• The following lists provide the criteria definition of minimum acceptable CMDs, OSs, and Applications
End Point Security PostureData-in-Transit Protection FIPS 140-2 validated cryptographyData-at-Rest Protection FIPS 140-2 validated cryptographyJailbreak/ Root Detection/ Protection
Ability to determine if security architecture has been compromised
Smart Card S/MIME operations Support for secure information using hardware-based certificates for authenticationWeb Browser CAC Auth Support for hardware-based certificate authentication to web servicesData-in-Transit Protection FIPS 140-2 validated cryptography
Enterprise Security PostureFirst Party Mobile Device Management (MDM) - capable
Platforms with access to APIs and an ability to enforce end point security services and policies
Third Party MDM - capable Platforms with limited first party capabilities which may still meet MDM requirementsOver-the-air patching capability Enterprise services able to patch/push CMD updates in a timely mannerAverage mitigation timeframe Time for vendor to patch discovered vulnerabilities
Code transparency Appropriate amount of code escrow (OS, kernel, drivers, software services) shared for security review and ability to add/enforce controls
InteroperabilityExchange profile support, security overlays, interface with Gateway and/or Mobility Management Center (Ex: TCP/IP, SIP)
Image management Ability to make “secure” local backups of the device data and appsIntegration of virtual/cloud services
Ability to control syncing of data and/or backups with enterprise services / cloud
UNCLASSIFIED - FOUO
CMD Policy Development Topics (Cont’d)
17
Industry / Market Analysis (Subjective - intended for decision support)Market share / market forecast
Current / future professional and industry adoption of COTS platforms
Active DoD Pilots Lessons learned and use case potentialLife of deployed devices How long do vendors support their productsSupplier Diversity Degree to which multiple, trusted suppliers of alternative products are available
Cost/Benefit Analysis Return to DoD based on required implementation challenges on existing COTS platforms
Security Posture Does the vendor take Security seriously? Secure SDLC, standard certification or independent review process
Application DevelopmentConsistent user interface Easier to develop apps when developer has a smaller variance between platformsHardware Variance Tailoring of software or Operating Systems to account for non-standard hardware chips, libraries,
and other specific qualities that require specialized programming Developer Tools Maturity, Training, best practices, open sourceSupport for security/application design patterns
Flexibility in app development and quicker C&A
Interoperability Network communication between apps and backend databases (Ex: HTML, XML)Portability Execution of application on different platforms (high level java app could be enhanced to work on
Android and BlackBerry) [Source code that efficiently moves between different platforms] (Flash, HTML5)