DHS Works with Qualcomm, Kryptowire on Device Security
Friday, May 15, 2020 | Comments

The Department of Homeland Security Science & Technology Directorate (S&T) is addressing vulnerabilities found in mobile devices and apps that can be exploited by attackers to access and control a device and its sensitive information. The government is leveraging commercial capabilities to address its needs.

“With new state-of-the-art capabilities continually being realized in the commercial industry, S&T is working diligently to partner with industry to further strengthen the mobile ecosystem and protect the federal government’s workforce,” said Vincent Sritapan, S&T mobile security research and development program manager.

Compounding the issue, savvy adversaries can craft attacks that go undetected. They do this by gaining access deeper down the mobile device stack, including disabling existing defenses in the high-level operating systems and applications. This vulnerability puts operational data at risk and leaves mobile device users unsure of the security of their equipment.

S&T partnered with Qualcomm Technologies and Kryptowire, which demonstrated a set of application programming interfaces (APIs), together called the Mission Critical Grade Security Layer (MCGSL).

“The MCGSL could help strengthen the mobile ecosystem and the information and communications technology supply chain for user equipment such as smartphones,” said Sritapan. “It significantly raises the bar by checking application behavior and providing continuous protection against cyber-attacks targeting mobile devices.”

The APIs enable increased visibility to mobile application platforms to monitor and validate activity of third-party apps, device run-time integrity checking and continuous user authentication through multiple biometric, behavioral and contextual factors.

The MCGSL operates at the hardware level, making it much harder for hackers to break into a mobile device without detection. By continuously checking device health, application behavior and user authentication, MCGSL provides users with peace of mind that their data and programs are secure.

“MCGSL is a valuable tool that could help mobile security teams root out vulnerabilities in mobile devices before they can compromise sensitive government information,” said Larry Henschel, senior advisor at DHS’s Cybersecurity and Infrastructure Security Agency (CISA), which had a keen interest in this project because the MCGSL can be leveraged to help secure information and communications technology.

The companies demonstrated how developers and ecosystem partners can leverage the MCGSL to improve their existing security models for detecting mobile threats. This demo served as a lighthouse example for other application platforms to address the critical need for greater trust in mobile devices.

Together, Qualcomm’s foundational commercial capabilities and Kryptowire’s military-grade mobile application security platform proved a successful model for employing commercial features to satisfy a specific mission-critical use-case for government agencies, such as providing high-integrity and secure communications to mobile devices used by federal government employees and leaders.

The demonstration of the MCGSL tool is completed. Qualcomm Technologies incorporates many of these APIs in its chipsets, which can be found in some of the latest commercial devices such as Samsung phones.

Would you like to comment on this story? Find our comments system below.



 
 
Post a comment
Name: *
Email: *
Title: *
Comment: *
 

Comments

No Comments Submitted Yet

Be the first by using the form above to submit a comment!

Site Navigation

Close