Smartphones on the battlefield
Military planners want warfighters to have the same capability that civilian consumers get from their commercial smartphones and are testing different devices. However, they still have to overcome security hurdles and the short development cycles in the commercial market before full-scale deployment can happen.
The typical civilian smartphone – whether it is an iPhone 5, Samsung Galaxy III, or even a Blackberry – is easier to use and has more processing capability than any handheld device that soldiers, Marines, sailors, or airmen use in combat environments today. Modern cell phones have amazing technology, but are not seen as rugged or secure enough for military use on the battlefield. That is until recently. Different programs are in development in the Services to leverage commercial smartphones for battlefield use. One Army initiative – the Nett Warrior program, run by PEO Soldier – expects field these devices as early as 2014.
“No defense company in the world can beat the reliability and performance these small devices deliver,” says Jason Regnier, Acting Program Manager for the Nett Warrior program at Ft. Belvoir, VA. “It is money well spent. What is enabling their use in part from a policy was a relaxing of the requirements about the environments they would be used in. For example, they don’t have to survive a nuclear blast anymore. We are still looking at more ruggedized devices for underwater use and the like, but right now we are focused on commercial devices due to the tremendous cost savings and they are meeting all of our objectives so far.”
“Smartphone development within the DoD is a testing environment,” says Brett Kitchens, Senior Director, DoD Strategic Programs, U.S. Federal Government Markets at Motorola. “PEO Soldier wants a smartphone device at the edge running secret-level security, but it is not a program of record yet today. I think the efforts will move quickly. Some brigades are already testing different smartphone equipment and software. Eventually there will most likely be a pool of devices for the services to choose from based on their mission needs and user preference.”
Right now Nett Warrior – an integrated, dismounted situational awareness and mission command system – is in the operational testing phase and begins fielding in 2014, Regnier says. However, the Army is in a hurry to get this technology out earlier and is fielding Motorola Atrix Android-enabled smartphones with certain brigades this year to improve situational awareness. They are still secure with strong encryption, but not certified by NSA for secret data. It is not under a program of record, but is more of an experimental requirement.
The Nett Warrior program is currently using Rifleman Radios from General Dynamics C4 Systems during demonstrations to interface with various smartphone devices running the Android operating system, Regnier says. The Rifleman Radio is an interim solution until the Army finishes developing the Nett Warrior tactical radio, he says. General Dynamics C4 Systems also is developing the Nett Warrior radio, which will weigh less than 2 lbs., communicate using the Soldier Radio Waveform (SRW), and enable access to the U.S. government’s classified networks at the secret or sensitive but unclassified levels, according to a General Dynamics release. The Low Rate Initial Production order is for 2,052 radios, scheduled to begin delivery early in 2013.
“For the smartphones, we are looking at commercial devices that have a dual or quad processor design, are low power, are unlocked so we can remove their software and install the government code, and have a bright, easily readable display,” Regnier says. “The WiFi and Bluetooth functions are turned off on these phones and only connect through the tactical radio. Each device functions essentially as a mini computer with a dual- or quad-core processor.
“One common frustration with using these commercial devices is that just when you have one modified and the proper software added, the company stops selling them,” Regnier continues. “An example of this was a Samsung Note device we looked at that had a large, bright screen that the warfighters liked, but we were too late as Samsung has already stopped selling them and moved on to the next one. The commercial development cycle goes even faster than we thought it would. For Nett Warrior to make it through each year, I will have to look at what the next smartphone will be to keep up with what the commercial cell phone guys are doing. For example, many cell phone companies are moving to Organic Light Emitting Diode (OLED) displays, which will be brighter but easily detectable at night. We need to make it dark so the enemy can’t detect it and make the displays compatible with night vision goggles.
“The key will be to eventually have software that will work across multiple platforms even if the physical devices go obsolete,” Regnier continues. “If you do it right and follow the coding it will work. But for us there are only certain phones that will work because the manufacturers do not unlock all the phones in the same way. We need the devices unlocked so we can remove their code and upload our certified software. The reason is we have to have secret capability in the end user device.”
Securing smartphone communications
“The first hurdle for smartphone acceptance in the military is the security aspect, and industry and the government have got to prove it. But we think we have [gotten] it solved,” Kitchens says. “We anchor the data at rest, which then goes through the chip as encrypted packet and users will have the keys to secure. Also if you pull the data out without the key, you kill it. The NSA is looking at certifying the security solutions and there will be different paths to agency certification of devices. They will also need criteria for mobility. It will be up to the authorities to take the risk, and right now 256 encryption looks good enough as it has not been broken, and 256 B is even tougher.” Motorola secure smartphones include their AME 1000, which is based on the ES400 device for enterprise applications (Figure 1).
“Warfighters see the value of what you can do with a smartphone, but before it gets into the field en masse, the devices really need to be secured,” says Tim Skutt, MILS Solution Architect at Wind River. “Right now smartphone use is kind of in a middle ground, going through limited experiments, not in widespread deployment yet. Wind River’s secure Android offering has a holistic approach that supports integration of security enhancements tailored to the use case, as well as unique commercial Android capabilities, into security enhanced devices. We have five pillars that we are implementing when developing Android solutions – attack detection and prevention; device integrity; isolation; infrastructure security; data protection and system protection, which includes the ability to sanitize remotely.”
Trusted Handheld Platform
“Enabling top-secret security in a COTS phone is a difficult challenge,” says Gordon Jones, INTEGRITY Secure Virtualization at Green Hills Software. “Certifying a COTS phone for use can be done, but by the time the phone is certified, it may be obsolete before you can deploy it to the troops. What is needed is a way to keep the security portable across architectures that also meets the commercial release process.” Green Hills is participating in a Marine Corps effort called the Trusted Handheld Platform that is looking to advance the development of commercial mobile device technology for the DoD by enabling a capability to access multiple security domains, Jones says.
The program has four requirements, with the first seeking an isolation technology such as a separation kernel or security kernel, he continues. This will isolate the software components, control the intra-domain access, and also isolate the other resources on the devices. Second, it must be multipersonality, so the devices support multiple personalities on a single handset. Another requirement is that it use commercial standards and not be a custom government design. The fourth requirement is that it have a common product line architecture across multiple platforms, Jones says.
“Green Hills engineers are applying their separation kernel – INTEGRITY – and running multiple versions of Android on top of it and controlling the device,” Jones says. “This guarantees separation time and space for the applications on top and also runs a complete virtual machine monitor. There will be applications running inside of Android, and since Android is a large and complex piece of code, the level of assurance for any code running inside of Android is low so isolation is required. What we do is isolate Android from the rest of the system. For instance, one Android could be connected to the Secure Internet Protocol Router (SIPR) network and one will be connected to the Non-secure Internet Protocol Router (NIPR) network, but they will be isolated from one another on top of the INTEGRITY kernel.”
This dual domain phone would have an IT persona and a private persona – both isolated from each other on top of a trusted environment that would have an NSA-certified separation kernel like INTEGRITY, Jones says. A dual domain smartphone for the warfighter could operate in a classified and unclassified network as well as separate personal and work data. Having only one physical device also enables the warfighter to save on size, weight, and power, he adds.
“For protection of data at rest when implementing the INTEGRITY kernel on a device with Android as a guest, we insert a virtual self-encrypting drive that guarantees that every piece of data written to memory is encrypted by INTEGRITY in a trusted partition before being written to memory in the phone,” Jones says. Therefore, as data moves in and out of Android unknown to Android, it is encrypted by the architecture when in motion or at rest and cannot be compromised.
Secure networks and tactical app stores
Engineers at Lockheed Martin are enabling the use of commercial tablets and smartphones by developing a secure 4G tactical cellular network they call MONAX, says David Weber, Business Development Manager, C4ISR Systems at Lockheed Martin Information Systems & Global Solutions in Philadelphia. The network can be set up in places where there are no cell towers and, within hours, a private, secure cellular network is operational (Figure 2). No matter the smartphone or tablet device used for voice, video, and data transmission, users will still be able to access the network if they have the proper clearance, Weber says. Once connected, their device accesses a VPN tunnel that is encrypted, he adds.
“Once you get into the network, there are multiple layers of security via the Mobile Device Management (MDM) feature, which enables users to set secure access policies,” Weber says. “The system can also be Common Access Card (CAC) enabled. For data at rest protection, the system can be remotely zeroed out through the MDM feature. Tactical radio users also can access MONAX by just entering the VPN tunnel, he adds.
“We have a MONAX application store that is very minimal because we don’t build apps, but we will have the capability to download apps or purchase them from other vendors,” Weber says. “Five apps that come with the MONAX solution are VOIP, tactical app, chat, map app, and an NSA app. The apps are developed for or rehosted on a smartphone, then approved and made available to warfighters in the app store. You can download popular apps, but we recommend you turn that capability off. If the customer wants to, we can enable it, but it can be risky as it opens up to the ‘dirty’ Internet.”
The system consists of a portable MONAX Lynx sleeve that connects touch-screen smartphones and tablets to a MONAX XG Base Station infrastructure located on the ground or on airborne platforms, according to a Lockheed Martin MONAX brochure. Currently the Marine Corps uses MONAX in military exercises and it is also used for humanitarian disaster relief, Weber says. The Coast Guard is using MONAX with iPads in all their medical clinics across the U.S., he adds.
Ruggedizing the smartphone
While commercial smartphones have state-of-the-art processing capability, they are not what the military would traditionally call “rugged,” but have features and interfaces with which warfighters are comfortable. The Army did run a program for rugged handheld development called the Joint Battle Command-Platform (JBCP) Handheld System, which has since been moved under Nett Warrior. It is no longer an active program, but the Army is still looking at the ruggedization developments.
DRS Tactical Systems’ first rugged handheld offering came out of that program and was called the SCORPION H1. “Although we met the initial requirement, it became clear it didn’t meet with user expectations,” says Bill Guyan, VP at DRS Tactical Systems. “Warfighters have the same expectations – in terms of ease of use – that they get from their personal smartphone: lightweight, small enough to fit in a pocket, and an efficient touch screen with good visibility and graphics. So for the next version – the H2 – we went a bit outside the box. We ruggedized a commercial handheld instead of building it from the ground up.”
The H2’s appeal is its modularity that enables warfighters to customize it for their mission. Its sled mating system mates through a connector that allows for expansion sleds for extended battery life, USB hub, SAASM GPS, information assurance, RFID, IR camera, dead reckoning, a cold weather module chemical/biological detection, or a combination based on customer specifics. If the phone is damaged or a newer model is available, it also can be easily swapped in and out of the housing. The 3G/4G-ready H2 features the Google Android 2.3.5 (Gingerbread) preinstalled and is Android 4.0 (Ice Cream Sandwich) ready. It uses a Qualcomm Snapdragon S3 Processor and has 1 GB of RAM. It weighs 8 ounces and has about 8 hours of battery life and can be charged while interacting with tactical radios.
The General Dynamics Itronix GD300 rugged smartphone also came out of the JBCP, says a General Dynamics spokesperson. The device meets MIL-STD-810G and is resistant to dust, rain, shock and vibration, and humidity. It has GPS capability, can be worn on the arm or chest, and weighs less than 10 ounces. The GD300 also can interface to a tactical radio network for secure communications.