At this year’s CeBIT (Centrum für Büroautomation, Informationstechnologie und Telekommunikation), Secusmart (a BlackBerry company) announced a world-first in highly secure mobile communication – the SecuTABLET – but what exactly is it, and what makes it so secure?
Based on the Galaxy Tab S 10.5 LTE 16GB’s hardware, the SecuTABLET is the result of a joint enterprise (no pun intended!) between Secusmart and IBM, and was developed with the express purpose of keeping data secure when on the move.
Applications installed on the SecuTABLET can be secured by an app-wrapping process (which uses IBM technology) designed to protect users from unauthorized attempts to intercept communications and app information. In addition to applications secured in this way, the SecuTABLET can also run personal apps and those that do not require an additional level of security (such as Twitter or Facebook).
The SecuTABLET is currently undergoing certification for provisional approval at the German VS-NfD (Verschlusssache-Nur für Dienstgebrauch) – “classified – for official use only” security rating, which corresponds to the NATO RESTRICTED level of security. Approval is expected to be granted this calendar year, and it is Secusmart’s intention that the SecuTABLET will be on sale at the end of this year. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) stipulates that devices purchased by German government ministries and agencies must be approved at this level.
Software and hardware combine for security
The SecuTABLET is powered by Samsung’s Knox secure boot technology ensuring that the OS on the tablet has not been tampered with at startup, and also combines IBM’s app-wrapping process (which secures each app in its own container, much like BlackBerry 10 does with Android apps) with the additional hardware security of the Secusmart Security Card.
The Hardware: Galaxy Tab 10.5 LTE
The Galaxy Tab S 10.5 LTE 16GB runs on an Exynos 5 Octa 5420 Processor (Cortex-A15 Quad 1.9GHz/Cortex-A7 Quad 1.3GHz), with 3GB LPDDR3 RAM. It has a 26.67 cm (10.5 “) Super AMOLED display with a resolution of 2560 pixels x 1600 pixels, a rear-facing 8.0 MP and front-facing 2.1 MP camera, microSD compatibility (128GB max), USB 2.0. It can connect via WiFi (802.11ac) and Bluetooth 4.0, as well as 3G and 4G/LTE networks. It has GPS/GLONASS location functionality and weighs 467g.
The Hardware: The Secusmart Security Card
The Secusmart Security Card was developed by Secusmart to function as a security barrier, which prevents confidential information disclosed within an encrypted app from entering the public domain.
The Secusmart Security Card takes the form of a microSD card, which makes it easy to insert into the SecuTABLET. The centrepiece of the Security Card is a NXP crypto-controller with a PKI coprocessor for performing the authentication, with an additional high-speed coprocessor that encrypts voice and data communications using the 128-bit AES encryption standard.
The Secusmart Security Card is also responsible for protecting communications in the SecuSUITE for BlackBerry 10 high-security solution, preventing all classified information from being intercepted during transfer between the network and the device.
The Software: IBM’s App-wrapping process
Systems integrator IBM is responsible for both pre-installation of the German government’s Bundesappstore on the SecuTABLET and for the app-wrapping process. Employees at the German government’s ministries and agencies using the SecuTABLET will be able to download secure apps directly from the Bundesappstore.
The app-wrapping process secures individual app components at all stages of app usage (data at rest, data in use, and data in motion).
- Securing the data at rest stage refers to the protection of all inactive programs and data elements. All the app components are hardware protected & encrypted by the Secusmart Security Card.
- Securing the data in motion stage refers to the protection of all data that are transferred via networks. Data are sent through a (Virtual Private Network (or VPN) via a defined, secure access point. This VPN is hardware-protected by the Secusmart Security Card.
- Securing the data in use stage refers to the protection of all data when an app is actively being used. In the example of an email app, this applies when emails are being edited or data is being sent to another secure app, such as the WPS Office app.
The SecuTABLET was developed following a study conducted on behalf of the German armed forces. Compatible with the Federal Security Network, the SecuTABLET is a crucial supplement to the system for secure mobile communication used by German government ministries and agencies. The high level of security, user-friendliness and convenience mean that it is just as attractive to international public authorities looking to secure their mobile communications as it is to commercial enterprises of any size.
The deal between Secusmart and IBM was already in place when BlackBerry acquired Secusmart last year, according to Hans-Cristoph Quelle (Secusmart’s Managing Director, and Senior Vice President at BlackBerry). The deal apparently raised questions at the highest level within BlackBerry, IBM and the government department about whether to continue, he said during the CeBIT event, particularly when taking into account IBM’s recent announcement of an alliance with Apple to deliver enterprise apps.
The SecuTABLET project survived the acquisition, in part because, as part of BlackBerry CEO John Chen’s drive to revitalize the company, BlackBerry is keen to offer its security and productivity services cross-platform. Last November, BlackBerry announced plans to extend support for its management software to Samsung devices, and at Mobile World Congress in Barcelona last month also announced it would release versions of Secusmart’s SecuSUITE voice and data encryption system, and its own WorkLife by BlackBerry management tool, for Samsung Knox devices.
Who knows, we may see the SecuTABLET in the hands of both government and commercial workers across the globe before long.
Written using official information provided by Secusmart GmBH