Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Securing Emerging Mobile Technology

advertisement 
Securing Emerging Mobile
Technology
JOHN G. LEVINE PH.D.
D/CHIEF ARCHITECTURE GROUP
13 SEP 2012
1
UNAMBIGUOUS DEMAND SIGNAL FROM
CUSTOMERS
2
SECURE ANYWHERE, ANYTIME ACCESS
TO ENTERPRISE INFRASTRUCTURE
3
CURRENT MOBILITY ENVIRONMENT
User Threat
Mobile Landscape
• Ease of use is valued
over security
• Vulnerabilities are
widespread
• Attacks are cheap
and easy
• Apps available at low
or no cost
• Minimal technical
experience required
Mobile
Landscape
Users
Infrastructure
• Unaware of potential
threats
• Susceptible to social
engineering
• Bypassing
"inconvenient“
security
• Insider threat, leaks
and sabotage
Infrastructure Threat
• Multiple points of interception
• Communication and Data Centers / Towers
• Towers, Wireless and Wireline
• Over the Air updates
• Rogue base stations
4
PATHWAY TO SECURITY
•
•
•
•
Security must be integrated into components –
systems approach
User interfaces must be intuitive and familiar
Policy needs to stay on top of technology curve
Solutions should:
–
–
–
Support commercial functionality
Be cost effective
Align with commercial product lifecycles
Security
User
Experience
5
MOBILITY ENTERPRISE STRATEGY
PSTN
Gateways
Internet Access
Gateways
The
Cloud
Seamless
Transition
3G | 4G
Wi-Fi
6
EXTERNAL DEPENDENCIES
•
Carrier data coverage
•
QoS in carrier networks *
•
Data circuits in carrier networks
* 4G / LTE is expected to improve some of the user experience as carriers upgrade
7
MOBILITY GOALS
Establish Partnerships and
work with Industry
Commercial development focused to
meet security requirements out of the box
Forecast and prepare for next generation
security technologies
Policy enforcement & enterprise security
Establish a Mobile
Enterprise Capability
Interoperability via gateways
Anywhere, Anytime, Access to Unclass,
Secret, Top Secret & SCI infrastructure
Minimum security capabilities
Publish and update
Capability Packages
Vendor agnostic architectures
Residual risk assessments
8
CAPABILITY DELIVERY PROCESS
Technology Gaps
Implement
Operational
Capability
System Bugs
Requirements
Guidance to
Industry
•Capability
Package
Identify
Need
Develop
Concept
Design Security
Architecture
Prototype
Pilot
Test &
Evaluate
9
h Level Topology
MOBILITY PILOTS
Architecture
–
Carrier
Core Network
–
Gateway
Leased
Line
(DS3)
–
SCIF
Carrier Infrastructure
Black
Router
–
–
3G
–
VPN
Concentrator
Secure
VoIP App
Two layers of encryption (VoIP and VPN)
Gateway connection to Enterprise
Infrastructure
Backend services secured in a SCIF
Delivers secure voice and data capability
Dependant on carrier QoS
Hardened handsets
- SRTP
Milestones
Red
Router
–
Red
Switch
Leased
Line
(DS3)
Enterprise
Gateway Connection
SIP
Server
Haipe
Device
Unclassified Pilot Kickoff (30 Sep 2011)
– Classified Pilot Kickoff (Dec 2011)
– Web based Data Pilot (May 2012)
Haipe
Device
Fishbowl Implementation
UNCLASSIFIED//FOR OFFICIAL USE ONLY
10
MOBILITY CAPABILITY PACKAGES
Mobility Capability Package
•
Pilots are used to help create CPs
• Development and release is an iterative
process between IAD experts,
interested vendors, and external
partners
Customers
CSfC
Package Release
IAD SME
Community
Vendors
Integrators
Partners
April
2012
2012
April
2012
April
2012
April
2012
April 2012
April 2012 April
April 2012
April 2012
July
2012
2012
July
2012
July
2012
July
2012
July 2012
2012 July
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability July
Capability
Mobility Capability
July Mobility
2012
July 2012
Mobility CapabilityMobility Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility Capability
Package
Update
Package
Update
Package
Update
Package
Update
Package
Update
Package
Update
Package Update
Late
2012
October
2012
October
2012
October
2012
October
2012
October
2012
October
2012
Mobility CapabilityMobility Capability
Package
February
2012
February
2012
February
2012
February
2012
February
2012 Update
Package
Update
February
2012
February 2012
OctoberUpdate
2012
October 2012
Package
Update
Package
Update
Package
Update
Package
Update
Package
Update
Package
Update
Version
1.2
Version
1.2
Version
1.21.2 Package
Version
1.2
Version
Version
1.2
February 2012
FebruaryVersion
2012 1.2
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Package Update
Package
Update
Version
1.2Initial release
Version
1.2
Initial
release
Mobile
Initial
release
Mobile
Initial
release
Mobile
Initial
release
Mobile
Initial
release
Mobile
Mobile
Initial release
Mobile
Mobility
Capability
Mobility
Capability
Version
2.0
Version
2.02.0
Version
Version
2.0
VersionUpdate
2.0
2.0Version
Published
Published
toto
Published
Published
Published
to to to Version
to2.0
Published
Initial release Mobile
InitialPackage
release
Mobile to
Package
Update
Package
Update
Package
Update
Package
Update
Package
Update
Package
Version Published
2.0
Version
2.0
Published
to
Published
to
Capability
Package
Capability
Capability
Package
Capability
Package
Capability
Package
Package
Capability Package
Update
Package
Update
(Interoperability
Web
Data)
(Interoperability
&&
(Interoperability
&
Web
Data)
(Interoperability
&Data)
Web
Data)Package
(Interoperability
&Web
Web
Data)
(Interoperability
& Web
Data)
(Interoperability
&
Web Data)
NSA.gov
NSA.gov
NSA.gov
NSA.gov
NSA.gov
NSA.gov
NSA.gov Capability
Capability Package
Capability
Package
(MDM)
(MDM)
(MDM)
(MDM)
(MDM)
(MDM)
(Interoperability &
Web Data)
(Interoperability
& Web Data)
NSA.gov
NSA.gov
(Secure
Voice)
(Secure
Voice)
(Secure
Voice)
(Secure
Voice)
(Secure
Voice)
(Secure
Voice)
(Secure Voice)
(MDM)
(MDM)
(Secure
Voice)
(Secure
Voice)
(Secure
Voice)
(Secure
Voice)
(Secure
Voice)
(Secure Voice)
(Secure
Voice)
(Secure Voice) (Secure
Voice)
(Secure Voice) (Secure Voice)
2012
March
2012
March
2012
March
2012
March
2012
March 2012March
March 2012
March 2012
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility Capability
Mobility CapabilityMobility Capability
Package
Update
Package
Update
Package
Update
Package
Update
Package
Update
Package Update
Package Update Package Update
1.2
Version
1.2
Version
Version
1.21.2
Version
1.2
Version 1.2Version
Version 1.2
Version
1.2
toto
Delivered
I2M
Delivered
to I2M
Delivered
to
I2M
Delivered
toI2M
I2M
Delivered toDelivered
I2M
Delivered to I2M Delivered to I2M
(Secure
Voice)
(Secure
Voice)
(Secure
Voice)
(Secure
Voice)
(Secure
Voice)
(Secure Voice)
(Secure Voice) (Secure Voice)
March 2012
Mobility Capability
Package Update
Version 1.2
Delivered to I2M
(Secure Voice)
August
2012
August
2012
August
2012
August
2012
August
2012
August 2012
August 2012
August
2012
Late
2012
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility Capability
Mobility CapabilityMobility Capability
Package
Update
Package
Update
Package
Update
Package
Update
Package
Update
Package Update
Package Update Package Update
(Wi-Fi)
(Wi-Fi)
(Wi-Fi)
(Wi-Fi)
(Wi-Fi)
(Wi-Fi)
(Wi-Fi)
(Wi-Fi)
October 2012
Mobility Capability
Package Update
(MDM)
February
2013
February
2013
February
2013
February 2
February
2013
February
2013
February 2013
February
2013
Early 2013
February 2013
August
2012
Mobility
Capability
Mobility
Capability
Mobility
Capability
Mobility Cap
Mobility
Capability
Mobility
Capability
Mobility
Capability
CapabilityMobility Capability
MobilityMobility
Capability
Package
Update
Package
Update
Package
Update
Package U
Package
Update
Package
Update
Package Update
Package Update Package Update
Package
(3G/4G
&&
(3G/4G
WiFi
Roaming)
(3G/4G
&Roaming)
WiFi
Roaming)
(3G/4G & WiFi
(3G/4G
&
WiFi
Roaming)
(3G/4G
&WiFi
WiFi
Roaming)
(3G/4GUpdate
& WiFi
Roaming)
(3G/4G
&
WiFi
Roaming)
(3G/4G
&
WiFi
Roaming)
(Wi-Fi)
11
KEY ACHIEVEMENTS TO DATE
•
Established Mobility Innovation Center (MIC) to
drive/prove technology
•
Delivered TOP SECRET voice and data pilot
(FISHBOWL)
•
Delivered NSA Campus laptop pilot (WIFIGHTER)
•
Demonstrated tablet architecture
•
First Mobility Capabilities Package on web at NSA.gov
12
LOOKING AHEAD
•
•
•
•
•
•
•
Improve user experience
Prototype and pilot data services to other devices
Continue to perform vulnerability analysis of emerging
technologies
Prototype and pilot Evolved Packet Core (EPC) capabilities
Continue to mature Mobility Capability Packages
Continue to work with Industry
Incorporate lessons learned into future demonstrations
13
CONCLUSION
Securing mobility requires a new way of thinking:
•
Use commercial standards, platforms and applications when
possible
• “Composable” and layered solutions/services to achieve
desired security
• Integrated and hardened commercial infrastructure
• Keep pace with emerging technologies
• Strong partnerships between government
and industry
• Work early and often with Industry to
get it right from the start!
14
Forward.
Thinking.
Related documents
Data/ora: 11 e 12 november Relatori: programme currently being
Data/ora: 11 e 12 november Relatori: programme currently being
to download the full list of speakers
to download the full list of speakers
Fostering_Greater_Compatibility Dr.Ninnat
Fostering_Greater_Compatibility Dr.Ninnat
Erasmus+ Programme
Erasmus+ Programme
Download
advertisement