Sectra Communications is working with Samsung Electronics to integrate its Tiger/R end-to-end hardware encryption system with the phone maker's Knox mobile security platform to create smartphones secure enough to carry government secrets.
The market is a lucrative one: Another company, Secusmart, has won over several government organizations in recent years with a BlackBerry smartphone equipped with a microSD encryption module. The combination, costing around €2,000 (US$2,250), is approved by the German government to carry Restricted-level voice and data traffic. Restricted is one of the lowest ratings for government secrets.
Sectra and Secusmart both use additional hardware in the form of a microSD card to assist in the encryption process and to protect encryption keys. While Secusmart's system will encrypt calls and data stored on the phone, Sectra's encrypts only voice traffic and text messages.
There are other government-approved secure phones, such as the Teorem from Thales or one from Sectra itself rated to carry calls up to the "Secret" level, but these are dumb feature phones that can only make calls. The difficulty in obtaining government security approval for smartphones is that encrypting traffic is only part of the problem: The phones also need to prevent eavesdropping on that traffic before it is encrypted.
That's why Sectra is working with Samsung on Tiger/R: It builds on the phone maker's Knox mobile management system for Android phones, which allows systems administrators to block the installation of untrustworthy or outright malicious apps that might compromise a device's security.
Secusmart relies on similar functions in BlackBerry's Balance platform, which allows only approved apps to access secured data.
"One of the biggest challenges is preventing people from installing apps," said Sectra Communications' president Michael Bertilsson. Games that can access the microphone or contain malware are a classic threat that Knox can help contain, he said.
The previous generation of Sectra's encryption system, Panthon, did not use Knox. To protect calls from malware, the encryption system would shut down if it detected unauthorized apps on the phone, requiring an administrator to scan the phone for threats before unlocking it again.
Panthon already has approval from the Dutch General Intelligence and Security Service, AIVD, for carrying Restricted-level traffic. Approval for Tiger/R is pending, according to Bertilsson, who said the approval process typically takes three to nine months.
Organizations willing to maintain their own gateways and key servers can buy Tiger/R outright for 20,000 Swedish krona (US$2,400) or less depending on volume, although that price includes only the microSD card and Knox license, with a compatible Samsung phone costing extra.
The system is also available as a service. A Tiger/R-equipped phone and all the necessary software licenses costs 1,000 Swedish krona per month.
"If you go for the service solution the back-end infrastructure is provided by Sectra," said Bertilsson.