Home The “Cryptoberry” Wireless E-mail Solution By Major Maryann D’Alessandro,
U.S. Army Reserve The Secure/Multi-purpose Internet Mail Extension (S/MIME) enhanced BlackBerry product developed by Research in Motion (RIM), Inc. of Waterloo, Ontario, Canada, is the only wireless device available that provides true writer-to-reader security for wireless e-mail approved to protect up to sensitive but unclassified (SBU)/For official use only (FOUO) e-mail. With President Bush’s recent recommendation to incorporate the NCS mission into the Department of Homeland Security, the option to maintain secure communications throughout our missions is vital. Assuming coverage is available, the cryptoberry devices could provide a solution for secure data communications. Ideally, the BlackBerry Model 5810 which operates over GSM (Global Systems for Mobile Communications) will incorporate the S/MIME standard to provide secure data and voice communications during our operations. The S/MIME enhanced 957-8MB BlackBerry wireless e-mail solution (cryptoberry) for Microsoft Exchange is the only device that meets the DOD wireless e-mail standards and is available via a variety of contract vehicles. It is a wireless handheld device powered by an Intel 386 processor with integrated e-mail/organizer software optimized keyboard, thumb-operated track wheel and an easy-to-read screen. E-mail is sent and received with guaranteed confidentiality, authentication and data integrity. Users can read, compose, forward, reply, file, or delete messages from the device while maintaining a single, existing e-mail address and mailbox. By setting e-mail filters that monitor key words and message fields, individuals can control which messages they receive on their own devices. The BlackBerry displays 16 or 20 lines of text with a backlight to enable viewing in low-light conditions and includes an integrated wireless modem with a two-watt transmitter. The user is always connected to the network and never has to dial in, thereby allowing discreet notification as new e-mail arrives. The S/MIME enhanced device has 512 kilobytes (Kbytes) of static random access memory (SRAM) plus 8 megabytes (MB) of flash memory, which is 3MB more than the commercially available 957 devices. The upgrade allows the user to send signed or signed and encrypted e-mail in approximately 12 seconds. The S/MIME upgraded device can hold up to approximately 100 certificates and runs on a rechargeable lithium battery with a lifetime of approximately one week when on continuously. Data sent from a COTS BlackBerry handheld and the BlackBerry enterprise servers are encrypted using U. S. Government approved, Triple-DES (Data Encryption Standard) algorithm for symmetric encryption/decryption. The same algorithm is favored by the banking industry to electronically transfer confidential financial data. No successful invasions on this encryption method have been found; however, this algorithm alone does not meet the DOD requirements, according to Robert Nowak, a contractor with the National Security Agency (NSA)’s Wireless Applications Group at Fort George G. Meade, Maryland. The S/MIME enhanced BlackBerry device provides an extra layer of security using S/MIME encryption. This enhancement incorporates the ability to securely transfer, store, forward, and authenticate messages to ensure writer to reader security and is completely compatible with the DOD X.509 Class 3 PKI. S/MIME encryption of the e-mail message is in addition to the Triple DES encryption of the wireless network connection. There are two versions of the COTS BlackBerry: the Internet version and the enterprise edition. The enterprise edition is the only version available with the S/MIME enhanced BlackBerry. A BlackBerry Enterprise Server (BES) is necessary to centralize e-mail redirection and wireless calendar synchronization for all BlackBerry users in an organization. This provides a secure, two-way link between a user’s Exchange accounts and a user’s BlackBerry handheld device. The server decrypts, then decompresses the message, and should be on the same domain as exchange. While a dedicated BES is not required, Nowak said it is recommended for backup, security, and account management purposes. It is possible for us to use a BES located at U. S. Army Reserve Command for example. The server is only a redirector of messages to and from Microsoft Exchange. It stores no messages and therefore has no access to messaging or organizational information of any kind. Nowak highly recommends the purchase of a BES rather than routing e-mail to a remote server to control our own infrastructure. A BES can be purchased for approximately $5K. Another option is to purchase a one-year free upgrade with any BlackBerries purchased, which includes the BES and the maintenance. The upgrade can be purchased for $2,100. Nowak added that since antivirus software is not bundled with the product, it is important to keep it current for the desktop and the systems that host the BES. There are limitations to consider before purchasing any BlackBerry device. The maximum message size of the standard BlackBerry device is 32K, and additional software is required to add an attachment to a message. The S/MIME device has the same 32K limitation, and currently, NSA has not authorized any third party software to permit attachments from the cryptoberry. Another limitation is the national coverage of the devices. The United States does not have 100 percent coverage; however, expanded coverage is expected over time as tower owners increase functionality of their towers and as tower population and dispersion increase. Currently, dead zones should be expected. The cost of one BlackBerry device on the General Services Administration (GSA) schedule is $1250, which includes a flat-rate wireless e-mail service for the first year. Follow-on service is $476 per device per year. Affiliated Computer Services Defense, Inc. (ACS Defense, Inc.), headquartered in Dallas, Texas is the only authorized trusted third party to load S/MIME BlackBerry software for the Government. RIM currently does not plan to incorporate a cell phone capability in the BlackBerry 957-8MB. However, the company is developing an S/MIME version of the 5810, which includes cell phone as well as wireless e-mail capability. NSA officials will evaluate this model when the company incorporates the S/MIME capability. The U.S. Army requirements to comply with DOD policy as of this writing are not in place, the safest bet is to comply with the DOD PKI Policy and the DOD Overarching Wireless Policy when making any standard BlackBerry or cryptoberry purchase.
(Major D’Alessandro is a U.S. Army Reserve officer serving as an individual mobilization augmentee (IMA) to the National Communications System
Questions or comments concerning this site? Please contact the webmaster. Reviewed December 07, 2006 |
               
|
