How do you make an airman’s phone, with all its attack points and proximity to sensitive information, secure? The Air Force and the Defense Information Systems Agency say: Don’t think about the device. Think about what’s around it.
The Air Force and DISA are currently testing phone and tablet cases that combine physical security — like coverings for cameras — and electronic methods, like having built-in biometric authentication and signal jamming. The program could allow military personnel to keep their phones with them in secure facilities that usually shun mobile devices, while helping to secure their communications when they’re just out and about.
The pilot programs are currently trying out cases with phones that handle information requiring lower-level security, but soon the tests will be pushed up to higher levels, according to the Air Force’s chief technology officer, Frank Konieczny. It’s one of the most promising efforts for the Air Force to achieve “secure mobility,” Konieczny said Tuesday during the AFCEA C4I symposium hosted by George Mason University.
“This is going to be another way of looking at how can we secure just any other phone that people buy,” he said.
The cases are designed to solve two problems: How do you make commercial devices more secure, and how do you ensure only authorized users are accessing information on them? For the pilot, the department is already partnering with industry, but Konieczny didn’t name the companies.
The case physically blocks all cameras to provide one level of cyber-hygiene. The technology also ensures nothing can come through the microphone, Steve Wallace, head of DISA’s emerging technology directorate, said during the virtual event. Other than a radio signal, everything else is “completely blocked,” he added.
“There is nothing but white noise heard in any kind of recording,” he said.
Ultimately the functions of the case could help extend the military’s use for mobile devices as the entire DOD is trying to extend its mobility. People who work in secure facilities are used to checking their phones at the door to ensure hackers can’t listen in to classified conversations. Popping any phone into a case might be able to change that practice, Wallace said.
DISA is “working with folks at the Pentagon to allow users to bring those devices into secured spaces,” he said.
More testing will continue after workers return to the Pentagon after the coronavirus pandemic, Wallace added.
To ensure the holder of the phone is the authorized user, the cases would have on-board technology to gather biometric information outside of fingerprints or other physical characteristics. DISA has been pursuing biometrics that allow for “continuous authentication” — tools that measure everything from a user’s voice, their typical walking speed to how they hold a phone. It’s unclear if the full range of continuous monitoring would be capable in just the phone case, but Wallace said it is a part of his agency’s plan.
The case would not be the only piece of the puzzle for DISA’s efforts on biometric assurance. During the virtual event, Wallace displayed a watch that would pair as a second factor of authentication to devices. Other ideas beyond just a phone case for security have been in the works for years as DISA has tried to upgrade assured identity access.
Some of DISA’s assured-identity programs put hundreds of factors of authentication into the hardware of a mobile phone. Biometric assurance also relies on artificial intelligence to process all the data being constantly checked by a device to ensure it is matched with the proper user.