Obama's secure PDA
Jerry Leichter
leichter at lrw.com
Mon Jan 26 16:56:19 EST 2009
> I know next to nothing about the state of the art of secure cell
> devices; do list members have any (public) knowledge or informed
> speculation about the mechanism behind the unclassified/classified
> switches? Are we talking two entire separate CPUs with a mutex-
> shared screen/keyboard? Or just offload of classified processing to
> a separate on-chip security domain (ala ARM TrustZone)? Similarly,
> the manufacturer lists separate class/unclass memory chips and
> separate class/unclass USB ports. Are these sitting on two
> physically separate buses?
The page you mention contains a link to a price list. The thing is
surprisingly inexpensive: $3150. (Curiously, you have a choice of a
1 or 2 year warrantee. The second year adds $200 to the price. You
can omit the wireless module and save $500 - presumably of interest if
you already have one - they are also available separately - in Sprint,
Verizon, GSM, and WiFi versions, for $700.) There are versions for
the UK, Canada, NATO, and some other allies.
There's a "Classified USB Cable for file transfer with Classified PC"
which is "required for installing Classified Enclave Certificates".
(Considering the obscene prices we pay for HDMI cables, this is a
steal at only $75.) There is a similar "Unclassified USB Cable for
file transfer with Unclass PC" which is "required for installing
Unclassified Enclave Certificates". From the sound of it, this
probably means the USB ports are set up to authenticate connections
and, almost certainly, to encrypt everything that leaves the device.
Any conversion to Unclassified form probably occurs on the receiving
"Unclass PC". There are also both Classified and Unclassified
keyboard/mouse USB cables. (These are marked as "delivery 6 months
ARO" - everything else is available in 60 days. The obvious guess is
that these don't really exist, but will be built if anyone wants them.
For $100, there's a 2GB Micro SD card for Unclassified memory
extension; the Classified memory apparently can't be extended.
There's a mail server named "Apriva" that seems to go with this.
Oh, and just to make everyone feel good about these things: They run
Windows (mentioned in the FAQs). The FAQ, indirectly, answers the
your previous question of why only Secret for email: Data-at-rest is
encrypted using AES, which is only approved for Secret, not Top
Secret, data.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list