Fishbowl (secure phone)

Last updated

Fishbowl is a mobile phone architecture developed by the U.S. National Security Agency (NSA) to provide a secure Voice over IP (VoIP) capability using commercial grade products that can be approved to communicate classified information. It is the first phase of NSA's Enterprise Mobility Architecture. According to a presentation at the 2012 RSA Conference by Margaret Salter, a Technical Director in the Information Assurance Directorate, "The plan was to buy commercial components, layer them together and get a secure solution. It uses solely commercial infrastructure to protect classified data." Government employees were reportedly testing 100 of the phones as of the announcement. [1]

The initial version was implemented using Google's Android operating system, modified to ensure central control of the phone's configuration at all times. To minimize the chance of compromise, the phones use two layers of encryption protocols, IPsec and Secure Real-time Transport Protocol (SRTP), and employ NSA's Suite B encryption and authentication algorithms. USMobile [2] has implemented commercial enterprise version of Fishbowl technology via the Scrambl3 mobile apps that run on both Android and iOS platforms.

The phones are locked down in many ways. While they use commercial wireless channels, all communications must be sent through an enterprise-managed server. No direct voice calls are allowed, except for 9-1-1 emergency calls. Only NSA approved applications from the NSA enterprise app store can be installed. NSA has published a 100-page overview specification for the Mobility Capability Package. [3] In tandem with the Capability Package there are a series of Protection Profiles. [4] These Protection Profiles list out the requirements a commercial product must meet to be used in the mobile phone architecture.

Related Research Articles

The U.S. National Security Agency (NSA) used to rank cryptographic products or algorithms by a certification called product types. Product types were defined in the National Information Assurance Glossary which used to define Type 1, 2, 3, and 4 products. The definitions of numeric type products have been removed from the government lexicon and are no longer used in government procurement efforts.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for voice calls for the delivery of voice communication sessions over Internet Protocol (IP) networks, such as the Internet.

<span class="mw-page-title-main">Clipper chip</span> Encryption device promoted by the NSA in the 1990s

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.

<span class="mw-page-title-main">STU-III</span> Telephone

STU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user. When a call is placed to another STU-III unit that is properly set up, one caller can ask the other to initiate secure transmission. They then press a button on their telephones and, after a 15-second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contained an internal modem and RS-232 port for data and fax transmission. Vendors were AT&T, RCA and Motorola.

The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.

Multiple encryption is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm. It is also known as cascade encryption, cascade ciphering, multiple encryption, and superencipherment. Superencryption refers to the outer-level encryption of a multiple encryption.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.

The red/black concept, sometimes called the red–black architecture or red/black engineering, refers to the careful segregation in cryptographic systems of signals that contain sensitive or classified plaintext information from those that carry encrypted information, or ciphertext. Therefore, the red side is usually considered the internal side, and the black side the more public side, with often some sort of guard, firewall or data-diode between the two.

<span class="mw-page-title-main">Secure telephone</span> Telephone that provides encrypted calls

A secure telephone is a telephone that provides voice security in the form of end-to-end encryption for the telephone call, and in some cases also the mutual authentication of the call parties, protecting them against a man-in-the-middle attack. Concerns about massive growth of telephone tapping incidents led to growing demand for secure telephones.

The Defense Information System Network (DISN) has been the United States Department of Defense's enterprise telecommunications network for providing data, video, and voice services for 40 years.

This is a comparison of voice over IP (VoIP) software used to conduct telephone-like voice conversations across Internet Protocol (IP) based networks. For residential markets, voice over IP phone service is often cheaper than traditional public switched telephone network (PSTN) service and can remove geographic restrictions to telephone numbers, e.g., have a PSTN phone number in a New York area code ring in Tokyo.

<span class="mw-page-title-main">Jitsi</span> Videoconferencing and messaging software

Jitsi is a collection of free and open-source multiplatform voice (VoIP), video conferencing and instant messaging applications for the Web platform, Windows, Linux, macOS, iOS and Android. The Jitsi project began with the Jitsi Desktop. With the growth of WebRTC, the project team focus shifted to the Jitsi Videobridge for allowing web-based multi-party video calling. Later the team added Jitsi Meet, a full video conferencing application that includes web, Android, and iOS clients. Jitsi also operates meet.jit.si, a version of Jitsi Meet hosted by Jitsi for free community use. Other projects include: Jigasi, lib-jitsi-meet, Jidesha, and Jitsi.

<span class="mw-page-title-main">Rich Communication Services</span> Mobile communication protocol

Rich Communication Services (RCS) is a communication protocol standard between mobile telephone carriers for the purpose of instant messaging, developed and defined by the GSM Association (GSMA). It aims to be a replacement of SMS and MMS, with a text-message system that is richer. RCS is also marketed as Advanced Messaging, and was previously marketed as chat features, joyn, SMSoIP, Message+, and SMS+.

Samsung Knox is a proprietary security and management framework pre-installed on most Samsung mobile devices. Its primary purpose is to provide organizations with a toolset for managing work devices, such as employee mobile phones or interactive kiosks. Samsung Galaxy hardware, as well as software such as Secure Folder and Samsung Wallet, make use of the Knox framework.

TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.

<span class="mw-page-title-main">Open Whisper Systems</span> Open source software organization

Open Whisper Systems was a software development group that was founded by Moxie Marlinspike in 2013. The group picked up the open source development of TextSecure and RedPhone, and was later responsible for starting the development of the Signal Protocol and the Signal messaging app. In 2018, Signal Messenger was incorporated as an LLC by Moxie Marlinspike and Brian Acton and then rolled under the independent 501c3 non-profit Signal Technology Foundation. Today, the Signal app is developed by Signal Messenger LLC, which is funded by the Signal Technology Foundation.

Scrambl3 is a secure communication mobile app developed by USMobile. Scrambl3 implements NSA's Fishbowl techniques and runs both on Android and iOS platforms.

USMobile, Inc. is an Irvine, California-based corporation that developed the commercial enterprise version Scrambl3 of NSA's Fishbowl techniques. The Scrambl3 apps runs both on Android and iOS platforms.

References

  1. "NSA builds Android phone for top secret calls - Applications - SC Magazine Australia - Secure Business Intelligence". 2012-03-01. Archived from the original on 2012-03-01. Retrieved 2023-06-05.
  2. "Scrambl3 Private Communications Mobile Network". www.scrambl3.com. Archived from the original on 2016-01-19. Retrieved 2016-01-17.
  3. "Information Assurance" (PDF). www.nsa.gov.
  4. "NIAP: NIAP Approved Protection Profiles". www.niap-ccevs.org. Archived from the original on 2017-12-22. Retrieved 2023-11-20.