Peraton Labs
  • About
    • Our Story
    • Markets we serve
    • Leadership
    • Contact us
    • Visit peraton.com →
  • Research
    • 5G
    • Cybersecurity
    • Electronic warfare
    • Machine learning and data analytics
    • Mobility
    • Optical, photonics and quantum
    • Wireless systems and networks
  • Services
    • Critical infrastructure
    • Networking and cloud
    • Service and data assurance
    • Other services
  • Products
    • Critical infrastructure
    • Cybersecurity
    • Network defense
    • Spectrum solutions
    • Wireless solutions
    • Other products
  • News and media
    • Events
    • Highlights >
      • CLOSURE Toolchain for Cross-Domain Solutions
      • Peraton Labs Supports Cyber Exercise for Nebraska Army National Guard
      • Conceptual Simulation for Designing High Performance Computers
      • FLEET: Reconfigurable Optical NICs for Fast Data Transfer
      • Turbocharge Simulation
      • Analytics and AI for Predictive Maintenance
      • Minimizing the Cyberattack Surface
    • Press releases
    • Media hits
  • Careers
    • Life at the Labs
    • Tackling Tomorrow's Challenges
  • Search
Our products > Other products > SecureIO for CSfC

SecureIO for CSfC

SecureIO Suite and SecureIO RapidDeployer accelerate fielding of CSfC Android devices and applications

The National Security Agency’s (NSA) Commercial Solutions for Classified (CSfC) program establishes requirements for government agencies to safely use wireless networks and commodity hardware to handle classified communications. By using NIAP (National Information Assurance Partnership)-approved commercial products in layered solutions, registered CSfC solutions can protect classified data at substantially lower cost, with greater functionality and more immediate availability than traditional approaches. 

CSfC requirements for commercial end-user devices (EUDs)—laptops, tablets and smartphones—to connect to secure networks are stringent, involving complex, precise provisioning and extensive per-application certification requirements. Our SecureIO product suite offers software solutions and tools to accelerate fielding of Android EUDs and mission-critical applications.
SecureIO Transport Layer Security (TLS) software significantly accelerates the fielding of mission-critical applications on Android devices »

Jump to

How it works
Features
Advantages
Research, services and products of interest
Request more information
Picture
Anchor Element
Copy for linking on the same page:
https://www.perspectalabs.com/?data-scroll-to-anchor=HowItWorks
Copy for linking from an external page:
https://www.perspectalabs.com/?data-anchor-link=HowItWorks

How it works

SecureIO TLS Solution

CSfC Mobile Access Capability Package (MACP) requirements stipulate that each application implementing Transport Layer Security (TLS) must be individually tested and approved by NIAP. Since Android EUDs typically use TLS-encrypted app traffic inside an IPSec tunnel, each Android CSfC app that uses TLS would be subject to NIAP testing and NSA review. NIAP certification can be a long and expensive process, representing a high barrier to entry for new Android CSfC apps, especially government off-the-shelf apps.  

Our flagship product is the SecureIO TLS Solution, which dramatically reduces the time required to approve, test and field CSfC-compliant Android devices. It provides a NIAP-approved common, shared TLS encryption function that can be used by every app running on the EUD. This SecureIO solution eliminates the need for the installed apps to implement their own transport security, enabling a wide variety of new apps to be quickly deployed on MACP-compliant Android EUDs.  

The SecureIO TLS Solution consists of SecureIO application software, which is installed on the Android EUD to provide an API, and the SecureIO VPN gateway, which provides a Linux-based VPN gateway / server component.  

SecureIO Rapid Provisioner

Monitoring application displays real-time status for access and VPN on an end user device in a CSfC campus WLAN deploymentSecureIO Rapid Provisioner for Windows: Monitoring application with real-time status for CSfC campus WLAN

​MACP requirements for EUDs include separation of IP stack space for outer and inner Internet Protocol Security (IPSec) tunnels, diversity of IPSec clients and separation of security credentials for the two tunnels. Manual separation of IP stacks, installation and configuration of IPSec clients and further configuration of in-host routing to achieve the desired networking and security posture is a time-consuming procedure fraught with possibilities of user and administrator error at each step. For an enterprise-wide deployment, this leads to excessive delays in formulating plans for installation, testing and eventual release of EUDs to end users.

The SecureIO Rapid Provisioner is an industry-leading solution, available for both Windows and Android devices, which provides an automated process so that all necessary CSfC deployment and configuration steps can be performed accurately with a few button clicks. Rapid Deployer has been shown to reduce configuration time from more than 4 hours per device to 15 minutes, saving agencies resources and valuable time. It delivers speed, security compliance and scalability, while eliminating manual steps, improving accuracy of device provisioning and reducing the training required for the personnel performing the provisioning.

​For Windows laptops and tablets, Rapid Provisioner runs like a familiar wizard-based Windows application installer. Rapid Provisioner ​for Windows first deploys and configures an inner IPsec client and type-2 hypervisor on the host. It then creates a virtual machine (VM), which hosts the outer IPSec client, and sets up internal host-only interfaces and appropriate routing rules. It additionally deploys and configures monitoring applications for the Windows system tray and an application to monitor the system even before the user logs on or when the user logs off or when the desktop is locked. This aspect is critical for setups where pre-connect features are necessary, for example, for Active Directory based login checks.​

​For Android smartphones and tablets, Rapid Provisioner provides an easy to use web interface through which an administrator creates categories of device types; each category supports users with similar device needs (e.g., different user groups require different apps). An administrator can use the Rapid Provisioner GUI to assign a new device to a specific user within a group. When the device is powered on, provisioning staff initiate the provisioning process by quickly tapping it with an NFC-capable provisioning device, after which the new device autonomously downloads, authenticates, decrypts and installs a package customized with the new user’s credentials and containing the configuration and software required for users in that user category.

Picture
SecureIO Rapid Provisioner for Android: System architecture

​Other SecureIO products

In addition to our SecureIO TLS Solution and the SecureIO Rapid Provisioner, we offer the following software products and applications:
  • SecureIO VPN Chaining Manager: an optional component that runs on Android devices and works with the SecureIO TLS Solution to establish and enforce VPN chaining
  • SecureIO Over-the-air (OTA) Certificate Manager (CM) for Android and SecureIO Over-the-air Certificate Manager for Windows: provides OTA monitoring for certificate expiration and automated capability to request and install an updated certificate. The SecureIO OTA CM consists of our OTA CM Management Server, which is software running in the CSfC network infrastructure, plus EUD software, which is available in a version for Android EUDs and a version for Windows EUDs
  • SecureIO CSfC Status Monitor for Android and SecureIO Status Monitor for Windows: is a standalone application that monitors network connectivity on the EUD and displays status to the user
Anchor Element
Copy for linking on the same page:
https://www.perspectalabs.com/?data-scroll-to-anchor=features
Copy for linking from an external page:
https://www.perspectalabs.com/?data-anchor-link=features

Features

  • Support for ATAK: off-the-shelf ATAK is supported on classified EUDs using the SecureIO TLS Solution without requiring any modifications to ATAK or the CSfC-compliant configuration
  • Support for multicast: the SecureIO TLS Solution supports multicast traffic to / from Android devices in classified or unclassified use cases. Specifically, multicast is supported in a dual-tunnel configuration for classified use or in a single-tunnel configuration for encrypting SBU / CUI communications
  • Network-aware capability in SecureIO TLS Solution: SecureIO's optional network-aware capability is particularly suited for tactical networks where individual EUDs need to roam between disconnected network enclaves. This functionality enables the SecureIO app on an Android EUD to detect network change and create a new secure tunnel to whichever SecureIO gateway is reachable on the local network segment
Anchor Element
Copy for linking on the same page:
https://www.perspectalabs.com/?data-scroll-to-anchor=Advantages
Copy for linking from an external page:
https://www.perspectalabs.com/?data-anchor-link=Advantages

Advantages

Our SecureIO products dramatically reduce the time, complexity and risk of errors for configuring and fielding CSfC-compliant Android and Windows devices, supporting arbitrary apps on these devices, and monitoring and managing certificates and status.
  • SecureIO TLS Solution: decreases the time required to approve, test and field CSfC-compliant Android devices by providing an NIAP-approved common, shared TLS encryption function for use by every app on the EUD
  • SecureIO Rapid Provisioner: automated deployment solution which rapidly accelerates the CSfC installation and configuration process, reducing configuration time from multiple hours per device to 15 minutes
Anchor Element
Copy for linking on the same page:
https://www.perspectalabs.com?data-scroll-to-anchor=resources
Copy for linking from an external page:
https://www.perspectalabs.com?data-anchor-link=resources

Resources

Read more

CSfC trusted integrator case study: Cutting the cord for classified (PDF) 
Rapid Provisioner for CSfC: Mobile Access Capability Package (PDF)
SecureIO™ for CSfC overview (PDF)
Anchor Element
Copy for linking on the same page:
https://www.perspectalabs.com/?data-scroll-to-anchor=links
Copy for linking from an external page:
https://www.perspectalabs.com/?data-anchor-link=links

Research, services and products of interest

Research

  • Mobility research: advances in dynamic, secure mobile networking for congested and contested environments

Services

  • CSfC trusted integrator: NSA-designated, proven CSfC trusted integrator with innovative tools for mobile access and campus WLAN deployments

Products

  • SecureSmart™ continuous monitoring as a service (CMaaS): real-time cyber defense for critical infrastructure, field area networks, energy systems and smart cities​
  • SecureSense​™: affordable, real-time spectrum monitoring and protection at the place, time and frequency of interest
Anchor Element
Copy for linking on the same page:
https://www.perspectalabs.com?data-scroll-to-anchor=requestinfo
Copy for linking from an external page:
https://www.perspectalabs.com?data-anchor-link=requestinfo

Request more information
Contact us
​About
​Research
​Services
Products
​Careers
​
News and media

peraton.com
Markets we serve:
Defense
Energy
​
Financial
Government 
Life sciences 
Telecommunications
Transportation
​
Picture
© 2022 Peraton Labs.  Site map | Terms of use | Privacy policy
  • About
    • Our Story
    • Markets we serve
    • Leadership
    • Contact us
    • Visit peraton.com →
  • Research
    • 5G
    • Cybersecurity
    • Electronic warfare
    • Machine learning and data analytics
    • Mobility
    • Optical, photonics and quantum
    • Wireless systems and networks
  • Services
    • Critical infrastructure
    • Networking and cloud
    • Service and data assurance
    • Other services
  • Products
    • Critical infrastructure
    • Cybersecurity
    • Network defense
    • Spectrum solutions
    • Wireless solutions
    • Other products
  • News and media
    • Events
    • Highlights >
      • CLOSURE Toolchain for Cross-Domain Solutions
      • Peraton Labs Supports Cyber Exercise for Nebraska Army National Guard
      • Conceptual Simulation for Designing High Performance Computers
      • FLEET: Reconfigurable Optical NICs for Fast Data Transfer
      • Turbocharge Simulation
      • Analytics and AI for Predictive Maintenance
      • Minimizing the Cyberattack Surface
    • Press releases
    • Media hits
  • Careers
    • Life at the Labs
    • Tackling Tomorrow's Challenges
  • Search