Obama's secure PDA

Jerry Leichter leichter at lrw.com
Mon Jan 26 16:56:19 EST 2009 

> I know next to nothing about the state of the art of secure cell  
> devices; do list members have any (public) knowledge or informed  
> speculation about the mechanism behind the unclassified/classified  
> switches? Are we talking two entire separate CPUs with a mutex- 
> shared screen/keyboard? Or just offload of classified processing to  
> a separate on-chip security domain (ala ARM TrustZone)? Similarly,  
> the manufacturer lists separate class/unclass memory chips and  
> separate class/unclass USB ports. Are these sitting on two  
> physically separate buses?
The page you mention contains a link to a price list.  The thing is  
surprisingly inexpensive:  $3150.  (Curiously, you have a choice of a  
1 or 2 year warrantee.  The second year adds $200 to the price.  You  
can omit the wireless module and save $500 - presumably of interest if  
you already have one - they are also available separately - in Sprint,  
Verizon, GSM, and WiFi versions, for $700.)  There are versions for  
the UK, Canada, NATO, and some other allies.

There's a "Classified USB Cable for file transfer with Classified PC"  
which is "required for installing Classified Enclave Certificates".   
(Considering the obscene prices we pay for HDMI cables, this is a  
steal at only $75.)  There is a similar "Unclassified USB Cable for  
file transfer with Unclass PC" which is  "required for installing  
Unclassified Enclave Certificates".  From the sound of it, this  
probably means the USB ports are set up to authenticate connections  
and, almost certainly, to encrypt everything that leaves the device.   
Any conversion to Unclassified form probably occurs on the receiving  
"Unclass PC".  There are also both Classified and Unclassified  
keyboard/mouse USB cables.  (These are marked as "delivery 6 months  
ARO" - everything else is available in 60 days.  The obvious guess is  
that these don't really exist, but will be built if anyone wants them.

For $100, there's a 2GB Micro SD card for Unclassified memory  
extension; the Classified memory apparently can't be extended.

There's a mail server named "Apriva" that seems to go with this.

Oh, and just to make everyone feel good about these things:  They run  
Windows (mentioned in the FAQs).  The FAQ, indirectly, answers the  
your previous question of why only Secret for email:  Data-at-rest is  
encrypted using AES, which is only approved for Secret, not Top  
Secret, data.
                                                         -- Jerry




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list