While governments all over the world have no problems to spy the Internet communication of its citizens and friendly countries, the governments by itself prefer to communicate in a protected way. Doesn't matter if it is the "red phone" aka "hot wire" or nowadays mobile communication. Therefore Deutsche Telekom announced yesterday that it's latest high security smartphone, the Samsung Galaxy S3 based SiMKo 3, has successfully withstood testing by the German Federal Office for Information Security (BSI). This latest generation high-security cell phone, affectionately known as the "Merkel phone" (after the German Chancellor), has officially obtained approval for security level VS-NfD (classified information for business use only - which is the lowest security level).
Members of the federal government and employees of ministries and federal authorities will therefore for the first time have access to a mobile device that incorporates the newly developed L4 high-security microkernel as its operating system for transmitting classified information.
Running a kind of dual OS system, similar to BlackBerry, the microkernel contains only 10,000 lines of program code in contrast to standard commercially available smartphones, which use millions of lines of code. The sophisticated security technology in the new SiMKo is already up and running as soon as the smartphone is switched on and boots up. The L4 kernel immediately takes over complete control of the device and only permits operations that are secure. Another new feature of the SiMKo is the fact that it combines a secure device and an open device in one case. By simply swiping the screen, the user can toggle between secure and open Android operating modes in order to switch from composing a confidential message to obtaining train or flight information for instance. The L4 kernel makes sure that the open part of the smartphone does not pose a security risk. It makes it possible for the SiMKo 3 to run two separate operating systems that behave like two completely independent devices. Data on the open and on the secure side are strictly segregated thanks to the high level of isolation ensured by the microkernel. The user can install applications for both the open and the secure area. Programs can either be downloaded from a specially protected Telekom app store or from the customer's own servers.
The SiMKo 3 is not only designed to handle data applications such as E-Mail, calendar, contacts and tasks. It can be used out of the box as a tap-proof crypto phone which will in future offer encrypted phone calls based on Voice over IP using highly secure encryption methods. In addition, development of the government's official SNS Standard (Secure Multi-Network Voice Communication) will be completed in the next few months. If a device is lost, nobody can see what is stored in it. The Certgate crypto card takes care of user authentication and encrypts all data on the device. In addition, the content of the device can be deleted remotely.
Stephan Maihoff, who is responsible for SiMKo at Telekom, points out that "It is practically impossible to test such large operating systems which are also constantly being modified by subsequent development work. You cannot exclude the possibility of back doors. To counter the risk of hacking, we use a transparent kernel that leaves no hiding places for surprises and offers security from the inside out."
Telekom exclusively uses companies based in Germany for the SiMKo 3's kernel and security technology. Certgate crypto cards are used and NCP ensures encrypted connections, both firms are based in Nuremberg. The L4 microkernel system was jointly developed by Dresden Technical University, Dresden start-up Kernkonzept, Telekom Innovation Laboratories and Berlin start-up Trust2Core.
It was only possible to implement the kernel as a result of particularly close cooperation with Samsung. "Thanks to extensive cooperation between the SiMKo 3 project team and our development department, together we have managed to bring a high-security smartphone based on the Galaxy S3 to market. Customers who have exacting security requirements can now use one of the most successful smartphones in Germany as a mobile work device", says Dongmin Kim, President of Samsung Electronics Germany. "As the market leader, we are committed to taking secure telephony and data transmission forward."
Telekom's SiMKo devices are aimed at both the public sector and industry. Almost 90 % of all companies equip their staff with mobile devices so that they can access corporate data from anywhere. However, many companies do not secure mobile data access adequately. If sensitive corporate data falls into the wrong hands this can have serious economic consequences as well as raising personal liability issues.
The new SiMKo 3 is available right now and costs 1,700 Euro with a two-year contract. Telekom is already working on a SiMKo product range that includes tablets and notebooks for working from home. A SiMKo 3 model that supports the high-speed LTE wireless standard is coming soon.
Cheers ~ Arne