Open Kernel Labs (OK Labs) announced an “ObamaBerry”-like smartphone security solution for open source mobile platforms, based on the company's OKL4 mobile virtualization technology. Available initially for Android, SecureIT Mobile combines software and services that will let governmental agencies, contractors, integrators, and OEMs build secure devices using commercial off-the-shelf hardware and software, says OK Labs.

SecureIT Mobile comprises OK Lab's flagship OKL4 Microvisor, along with OK:Android, an off-the-shelf, paravirtualized version of Android that enables Android to run as a guest operating system (OS) in a secure "hypercell" alongside another phone OS. Other features include board support for a range of development hardware, and a menu of development and integration services direct from OK Labs.

Although initially available for Android, the underlying security solution, described in a newly available white paper, could be applied to other open source operating systems, such as Linux or Symbian, says OK Labs.

SecureIT Mobile architecture
(Click to enlarge)

OK Labs does not mention it specifically, but SecureIT Mobile appears to be related to a One Core mobile virtualization reference platform for Android announced in March. One Core was billed as an OEM solution for developing virtualization-enabled, low-cost smartphones based on Android.

SecureIT Mobile appears to be more directly focused on government workers with more robust security requirements. The solution is said to support the COTS (commercial off the shelf) initiatives recently launched by the U.S. and other governments, enabling secure phone services on standard commercial smartphones. Applications are said to include homeland security, law enforcement, fire protection, public safety, emergency responders, and corporate security.

SecureIT Mobile is billed as a supply-chain alternative that leverages off-the-shelf software and hardware. The solution reduces the need for expensive, proprietary security phones, while eliminating the burden of needing to carry and maintain two different mobile devices, says OK Labs.

The solution would offer government workers technology somewhat similar to President Obama's super-secure BlackBerry phone, sometimes called the ObamaBerry, but at what ought to be a much lower cost. The phones would run secure voice and SMS services in an OKL4-based secure hypervisor compartment.

A BeagleBoard-based Android proof-of-concept

The SecureIT Mobile hardware design is based on an earlier proof-of-concept OK Labs and Sirrix announced in June. Detailed in the white paper (see link below), the OK:Android design for secure voice communications is based on Digi-Key's community-driven BeagleBoard running a Texas Instruments OMAP3530 system-on-chip. An architecture diagram for the design is shown below.

Diagram showing SecureIT Mobile proof-of-concept for secure voice using Android
(Click to enlarge)

The secure voice design uses OKL4 to split up the phone's resources among multiple mobile hypervisor (or "microvisor") compartments, including one for OK:Android, one for secure communications, and various shared server compartments. The latter include shared server cells for audio, I2C (for various peripherals), system functions such as clocks and power management, and a console for debugging.

The white paper also details a much simpler proof-of-concept for SMS text communications using a Nokia N900 running Maemo Linux (see below). Here, none of the server cells are required.

SecureIT Mobile proof-of-concept for secure SMS on Maemo Linux-based Nokia N900

The underlying OKL4 allows multiple operating systems to run on a single phone, or alternatively, enables a single operating system to offer multiple secure compartments.

OKL4 runs almost everything in userspace, and includes a thin hardware abstraction layer that can support Android, Linux, Windows Mobile, Windows CE, Symbian, and/or other guest OSes. It also includes a minimal POSIX-compliant execution environment, enabling multiple applications and device drivers to run in separate, isolated partitions.

Stated Steve Subar, President and CEO, OK Labs, "Police, firefighters, and other government workers need a single device for both secure and personal communications. Previously, such devices were only seen on TV or in movies, with actual secure handsets requiring costly development of custom hardware and software. Now, OK Labs' SecureIT Mobile solution brings together the technology and know-how to streamline the supply chain and deliver secure smartphones built on COTS hardware and software."

Stated Ammar Alkassar, CEO, Sirrix AG security technologies, which co-developed the proof-of-concept designs for the SecureIT Mobile, "The OKL4 Microvisor provides strong isolation, broad device support and sleek performance — a rock solid foundation for building and delivering secure and certifiable systems. Together with OK Labs, we can offer manufacturers, integrators, enterprises and government agencies off-the-shelf solutions for trustworthy and reliable mobile communications."

Availability

SecureIT Mobile is available today, says OK Labs. More information, including registration for a free white paper, may be found here.

---

This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.