Slashdot Mirror
NSA Publishes Blueprint For Top Secret Android Phone
mask.of.sanity writes "The National Security Agency has designed a super-secure Android phone from commercial parts, and released the blueprints(Pdf) to the public. The doubly-encrypted phone, dubbed Fishbowl, was designed to be secure enough to handle top secret phone calls yet be as easy to use and cheap to build as commercial handsets. One hundred US government staff are using the phones under a pilot which is part of a wider project to redesign communication platforms used in classified conversations."
That'd be the coolest geeky thing to have. Although I suspect it doesn't do you a lot of good unless both sides of the conversation is using them.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Wow sounds very secure, hopefully they did n't decide to go with ROT-13 twice.
not quite top secret anymore. Unless they think Slashdot's following just doesn't matter. I cry fowl!
In a shoe?
A feeling of having made the same mistake before: Deja Foobar
If you get caught with one you are presumed to be working for a TLA.
All your database are belong to U.S.
All I've really wanted for christmas for the last 10 years is a phone easily disassemblable, with a transparent case, and user facing dip switches for the mic, the antennas, the battery, and these days, the power line going to the camera. Or alternately for the camera, a physical piece of plastic that slides to expose/cover the camera. Also the dip switches should be placed in such a way that it is reasonably convincing to technical users that they are in fact breaking the relevant physical traces/wires.
Maybe in 10 more years...
Just wondering when Microsoft sues the NSA for patent infringement for using Android.
Sensationalistic, inaccurate, or self-contradictory, pick any two.
Pi Ran Out
Having a classified conversation or meeting without prior notification to your FSO and/or outside of a classified environment is a no-no.
So what is the point of having a mobile phone?
The link is to a specification, not a blueprint. A blueprint is enough information to build the product. A specification defines the products behaviour, but is only the first step. You still have to design the product.
(dons tin foil hat) Do they really want phones like these to become inexpensive and easy to produce? Would we have been able to locate bin Laden if the courier and the whole group had these? Is there a back door hidden in the design that allows the NSA access? (removes tin foil hat)
Well, that should be the final nail in the coffin for the Blackberry. I've been saying for the last 2 years: All RIM has going is the fact that they have a secure phone. All someone needs to do is offer an Android-based phone with the same level of security, and they will have lost the only real selling point remaining that they had.
re: "The doubly-encrypted phone, dubbed Fishbowl"
A strange combination of clever and ironic.
Fishbowl is an anagram of Blowfish, though I dunno if they use that cipher.
However to most folks, a fishbowl is something in clear view, under close observation.
Quirky.
Back when cell phones had analogue circuits you could sometimes spot a red NATO phone. On the technological trash heap of history now.
Where is the schematic for this thing??
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Anyone Read the PDF?
Page 98 ... Anyone wonder what was Redaction in and around the red horizontal box?
"The Mobility Program enables the mobile warfighter to access secure
government enterprise services from any device, anywhere, anytime."
now seriously ctrl-c ctrl-v did the job... but i wonder what wireshark + SRTP/SDES dev tool kit and a 2L of coke and Large NYC pizza would produce ;) bah only the imagination can Dream!
I hope not in China for the obvious reasons.
The design of the phone itself may be super-secure, but for it to be genuinely secure you need to have absolute faith in the integrity of the company building the thing.
I am Slashdot. Are you Slashdot as well?
...like double DES, because that's theoretically TWICE as secure as DES, right? Right? Of course, it MUST be. It's DOUBLE!
Or maybe this phone uses the awesome power of Double ROT-13!
Remember, double encrypting rogue apps in AES does not make them good. The traditional approach towards security doesn't work very well in the mobile world especially Android. You have to not only do the regular things like encrypt but have a strict login such that they cannot run any app other than authorized. Not even the HTML5 stuff because it doesn't matter how locked down the phone is - once you allow an app on the phone that can access the data, it is game over.
Seriously, NSA, DOD, CIA, etc should be paying motorola/Google to build these SECURELY in the USA. Having this produced in China is NOT how you get secured communications.
I prefer the "u" in honour as it seems to be missing these days.
This is a top-secret comment.
... until Anonymous and WIkileaks publish recordings of phone calls made on the phones...
I was at the talk yesterday (at the RSA Conference) where NSA IAD director Margaret Salter presented this information. While the linked article is mostly factually correct, it glosses over or misses quite a few things. In no particular order:
* NSA's goal was to produce a spec for how to use commercial devices and commercial carriers yet still meet the requirements for SECRET or higher classified comms *without* forcing every user to be a COMSEC custodian. IMO, this represents a *huge* change in NSA's outlook on COMSEC and security in general. In the past, their focus has always been "security first, regardless of the impact on usability." Fishbowl's goals are an intriguing departure from this mindset.
* The selection of Android was not a starting point, but the outcome of a selection process that included requirements like "we have to be able to get the OS tweaked to meet our needs." The relative openness of Android played well against this requirement.
* Fishbowl currently only works on one handset. Salter declined to say which one, but it was clearly a Motorola product. Again, this was related to technical requirements around customization, boot loaders, etc
* The article gets it right about IPSEC vs SSLVPN but falls short of detailing the laundry list of things NSA wanted but was ultimately unable to obtain. It's clear that as the landscape evolves, NSA will update the fishbowl spec. For example, if someone made available an Android that supported Suite B, I think that would appear on the spec immediately.
* Salter did address the issue of rogue apps directly. She said that Fishbowl basically required policy support for locking out unapproved app installs, and that only NSA approved apps from the NSA enterprise app store would be allowed. "we don't want to be in the business of accrediting Angry Birds" is as close a quote as I can manage from memory.
* The best question from the audience was when someone asked if, by publishing a spec on how to do encrypted secure comms on an Android, her division hadn't made the job of the SIGINT spooks impossibly more difficult. She somewhat artfully dodged/refused to answer, and simply said that her job was to protect the data and communications of the US Government. My take: draw your own conclusions about NSA's ability to break IPSEC.
The talk was interesting, well presented, and completely sold out. I got one of the last 5 or 6 seats before they stopped letting people in the room.
Unfortunately the government didn't read the small print on the EULA and didn't notice that CarrierIQ was installed on the phone....'for their benefit'... but hey Carrier IQ promise not to do anything bad with all the data on their servers.
it'll be interesting to see what official uses such a secure infrastructure will be put to as time passes
MS knows that the government controls patents and that national security is a grounds that the government can take a patent away and make it public domain.
Interestingly enough the NSA has special status when it comes to patents. They can file secret patents that remain classified until someone tries to patent the same thing. At such time their patent is revealed and is valid from that date of revelation.
Telephone leaks YOU!
This sig is not paradoxical or ironic.
So let's have a look and see what classified information has ever been leaked by Wikileaks. Looks like just the diplomatic cables and video that came from Bradley Manning. Well guess what? That wasn't a hack, that was a person with access, that misused their access to give the information to an unauthorized party. That kind of thing has been going on as long as there have been spys and it is something the intelligence community works on (preventing or exploiting depending on) all the time.
Past that? Nothing. I see nothing from Anonymous getting on to JWICS and grabbing and releasing tons of documents. They've DDoS'd webservers (and failed to DDoS others, Amazon proved to be too big a target) and gotten in to people who have security holes, but they don't seem to be able to get at the classified networks.
Maybe, just maybe, the NSA is a little better at signals security than you give them credit for.
One of RIM's most ironclad money-for-life lynchpins has been their contracts with the government and the military, providing secure communication devices. As the narrator of Fallout once said, "Life in the Vault is about to change."
in your browser address bar - type "illuminati" backwards and then add ".com" and see what site pops up ... they have a sense of humor!
Where you'd find out the encryption isn't about apps, but about the calls. The NSA requires it so that in the event there is a failure in the implementation of one of the encryption layers, that isn't an automatic compromise.
In terms of app control yes, it only gets apps from a DoD run app store. The phones can only get apps that the NSA has decided are ok. The control actually goes further than that, in that to place a call you connect to signals and they then route your call to the requested party. So you can't even just call whomever you'd like, you have to go through a central point (which means they can track who called who).
You have to remember the NSA is not new to this game. They are pretty much the best the world has ever seen at signals intelligence, and they were doing encryption back in the days when nobody had heard of such a thing. They are pretty good at it. Well their mission isn't only signals intelligence (as in capturing and decoding information from non-US entities) but also information assurance, meaning protecting US government communications.
Further, they have a mission to help protect US civilian interests like helping keep electronic banking secure. This is why you see things like this phone, or SELinux, released to the public.
Since the USA claimed that pedo-terrorists were the only ones that used encryption, what is the NSA trying to tell us.
I have mod points and I am not afraid to use them.
Well you can highlight and copy the text in the redacted areas...
GG NSA.
SELinux has a history with the NSA; it's known. anything Linux related will leverage that history. Actually, I thought that MS complained and used their corrupt influence to cut down on the governments contributions to linux.
Democracy Now! - uncensored, anti-establishment news
stupid secures stuff by more stupidity only
Nice conspiracy theory. The government chose Android for the same reason the military is giving the finger to defense contractors every time they try to sucker them with vendor lock-in.
Get serious. We're talking about Apple here. This is the same company that forces end customers to deal with warranty service through them directly instead of retailers. Idiot consumers may be stupid enough to sign off on "the human centi-pad" but the national security types apparently can actually read before they sign up for Apple's dick in their mouth.
So someone's been selling insecure phones eh? Every phone sold should be completely secure, what went wrong with regular phones and can it be fixed?
The purpose of existence is to make money.
First of all it is not a "blueprint" for the device, it is a specification for a very secure device.
Second of all no place in the document does it say, "this device uses android"
The references to Android are as follows, all of them:
Requirements Description DC.1 "The Device Configuration and Policy Management service shall be able to determine the configuration of the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2."
Requirements Description DC.3 "The Device Configuration and Policy Management service shall be able to configure the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2."
Requirements Description DC.4 "The Device Configuration and Policy Management service shall be able to configure policy settings for the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2."
Requirements Description RR.1 "The Remediation service shall be able to remediate the configurations of the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2. "
Requirements Description LT.1 "The Location Tracking service shall be able to track the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2. "
Requirements Description W.1 "The Secure Disable and Wipe service shall be able to request audit reporting from the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2. "
Requirements Description D.AC.1 "The Device Audit Collection service shall be able to request audit reporting from the device types and operating systems identified for use, e.g., Motorola Droid Pro with Android 2.2.. "
So Sorry Android Fan boys and girls nothing in this document requires of specifies ANY Phone running ANY particular OS it simply references some of the features of the Motorola Droid Pro running Android 2.2
Hey KID! Yeah you, get the fuck off my lawn!
One day I was reading James Bamford's book "The Puzzle Palace" which was all about the NSA and crypto stuff. I was sitting on the back porch of The Last Exit on Brooklyn street coffeehouse reading when I got to a chapter about a guy who had made an encrypting phone out of cheap off the shelf components. He called it the phasorphone. When he applied for a patent the NSA seized it and gagged him (that means he was threatened and coerced to not talk about it). I pointed at the name in the book and held it up to the guy across the table from me and said "Carl, is this you?". He told me a bit about it and said the NSA kept track of him all the time after that. Department of Defense DIRECTIVE NUMBER 5535.02 March 24, 2010 USD(P) SUBJECT: DoD Patent Security Review Process You know, national security and all that. Because the light of democracy is so weak that it can only succeed if veiled by the cloak of secrecy, right?
In the past, their focus has always been "security first, regardless of the impact on usability."
Not necessarily. Look at the AES competition about a decade ago. The winning cipher was pretty secure, but also easy to make work quickly in hardware...
All NSA is doing here is trying to get secure voice over IP on a smart phone. They're not trying to secure the phone for non-voice data or support secure applications. The smart phone isn't helping; if they could get people to carry a second voice-only device, it would be far easier. A voice-only phone with all the firmware in ROM would be a much more secure device.
Will it blend?
However cryptography wasn't widely used or known to the public back in the day. Also while the codes used were technically cryptography by the pure meaning of the word, they really weren't by modern thinking. They were, well, codes, secret language and the like. As an example the highly successful Navajo Code Talkers in WWII weren't using mathematical encryption, book cyphers, or the like, they were just speaking a language that nobody in Germany understood, and using special terminology.
The public really didn't have much of a study of cryptography in the modern sense back in the day. Heck, read up on the DES process. The NBS asked for submissions and nobody presented anything useful so they went to IBM and asked them to try (IBM being the biggest civilian employer of mathematicians at the time) and they developed DES, with some consultation with the NSA (who asked them to keep a lid on things like differential cryptanalysis).
When DES came out, it lead to a real jump start of civilian study of cryptography. People were curious about this new thing and started looking at it.
If you want to equate coded speech with mathematical crypto, ok fine then I guess, but it really isn't. Mathematical cryptography changed the game. With codes it was all about working to understand and guess the enemy's coding scheme, and such things were done all the time. With mathematical crypto, you can design a system that is unbreakable except through brute force (which you can make infeasible) or via some sort of new discovery in cryptology.
This is something the NSA was one of the very fist involved in, and indeed they came about due to the importance of code breaking in WWII. They were the largest employer of mathematicians in the world for a time (not sure if that is still true).
That's what I mean by "nobody had heard of it." I don't mean they invented it, I mean the concept was pretty much unknown to the public. The idea of a mathematical system that you could use to secure information was just not something people had heard of on any large scale. The NSA was writing crypto systems back when the geeks who now use crypto all the time were doing everything in plain text.
Or you could keep your phone in a small metal tin?
When you actually need to use your phone all those security measures for the mic/battery/antenna/etc are going to have to be disabled anyway. Easier to keep it in a tin.
Yeowch, flamebait. That might be my first -1 comment.
I'm guessing it provoked the ire of the Android folk? I had originally put in more against Apple to increase the level of levity, but figured I shouldn't provoke that lot. Without it, I guess people took it too seriously.
Oh well, lesson learned. Never try to have a sense of humor when fanboys are around. Guess I'll add that to the list, right after "never get involved in a land war in Asia" and "never go up against a Sicilian when death is on the line."
I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
Just buy a fu**ing pre-paid phone at Walmart every time you have to make a phone call.
The bad guys will never get your number... and neither your contacts will do!
Top Secret is a secret/protection classification for information and determines who can access the information. If it has been released to the public it is not "top secret". This is a highly secure phone, not a top secret phone.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
The notion of a "born secret" is pretty bullshit, too, which is why the government never tried it in court. The idea is that some things are so secret that they are secret even if arrived at independently by third parties who did not use any secrets in doing so. Therefore, if you sat on a mountaintop and came up with nuclear bomb blueprints by yourself, the government would consider that classified material even though it was independently created. That's awesome in theory, but still fucking annoying.
A NYC lawyer blogs. http://www.chuangblog.com/
GPS tracking and logging, recording what you say, where you've been, what you post and what you read - the total police state. People mod me flamebait when I point out that we're living, eventually and soon, in a giant prison, a fishbowl, where the powerful get to see what we're up to, but we never see them or what they do.
Now we have the concrete illustration. "Fishbowl". They are fucking laughing at us.
The NSA doesn't need or even want to spy on its own people. That's what the clearance process is for; to screen out 95%+ of the people who might be internal security threats. The remaining few percent are likely some form of high functioning sociopaths no one can catch until they slip up, and when they do slip up, it'll be the FBI's job to hunt them down as it is. Unlike the NSA, the FBI has legal authority to target American citizens suspected of criminal activity with far more invasive measures courtesy of the good ol' search warrant and related tools.
Parnell: "Hello?"
Leila: "Is it you? This is Leila. Are you using a SCRAMBLER?"
Parnell: "I can't hear you, I'm using a SCRAMBLER!"
Have gnu, will travel.
Please tell me, that the black box above the text on page 98 is not intended to censor the text. Surely the NSA has learned by now that PDFs don't work that way!
Undoubtedly uses SELinux
At first I had Read NASA secret phone, but after reading the all post I had understood, that it's about NSA and their secret device.
Hey, I just discovered a fast and easy way to generate really big prime numbers using.. &*#@&*$IUIUI# .......
NO CARRIER
Your ad could be here!