Posted by: Michael Morisy
DARPA, Mobile Computing, Mobile Encryption, mobile security
There’s probably no more exciting, imagination-capturing branch of military research than DARPA (Defense Advanced Research Projects Agency). They’ve brought us robo-hummingbird spies, self-driving hummers and, last but not least, the Internet.
So they can be excused for wanting just a little something in return: To be able to use their iPhones and Androids securely. From a recent Request for Information:
The primary purpose of this RFI is to discover new technologies and methods to support full disk and system encryption of the CMDs (specifically Apple and Android platforms) to include a pre-boot environment to load the operating system. The solution must use an AES-256 bit encryption algorithm compliant with FIPS 140-2 as published by the National Institute of Standards and Technology (NIST). In order to meet this objective, DARPA extends an invitation to industry and universities to submit a whitepaper with ideas/concepts that describe an innovative existing technology approach that can be deployed in less than 90 days.
Currently only Blackberries and high-end secured phones are allowed in many DoD environments, meaning Angry Birds is out. It sounds like DARPA is looking for a full-drive encryption bootloader to pick up where the consumer-friendly Droids and iPhones have left off. To be fair, Apple has beefed up its security offerings in recent iterations (with a few nay sayers), but the business need isn’t new. In my time reporting on mobile devices, I’ve heard any number of security schemes to get around security concerns: Everything run as SaaS, with no sensitive local data stored; A specialized encrypted card that held or encrypted and decrypted the data; and a number of virtualized environments that sat (supposedly) securely inside the everything goes-consumer devices.
It will be interesting to see what DARPA picks: Freedom of Information request, anyone?