Published on July 25th, 2011 | by Alexis Argent0
Aruba MOVE Architecture Eases Government Smartphone and Tablet Adoption
Aruba Networks, Inc. today announced significant expansion of its secure mobility offerings by introducing Suite B cryptography on the Aruba Mobility Controller for use in classified government and high-security enterprise networks. Aruba also announces Virtual Intranet Access (VIA) client with Suite B support for Google Android and Windows 7 devices to enable end-to-end policy compliant security for government mobile devices
The combination of Suite B cryptography and the Mobile Device Access Control (MDAC) capabilities of the Aruba Mobile Virtual Enterprise (MOVE) architecture enables fast, simple and secure provisioning of mobile devices including smartphones and tablets on secret-level classified government and high-security enterprise networks. The company also announced the availability of its Virtual Intranet Access (VIA) client with Suite B support for use with Google Android and Windows 7 devices, to facilitate policy-compliant mobile device support in government and other installations.
Developed in cooperation with the U.S. National Security Agency (NSA), Suite B is a set of publicly-available, standards-based algorithms that serve as the cryptographic foundation to secure both unclassified information and most classified information. As such, the NSA has authorized the use of Suite B to bring secure mobility to commercially available smartphones, tablets and other smart devices to facilitate the sharing of sensitive/classified information among disparate agencies.
“Government agencies see the same benefits in tablet and smartphone use that private enterprises do,” said Patrick Guerin, Chief Technology Officer, Key Management Systems, Inc. “However, they need a solution that combines commercial technology with stronger underlying cryptographic algorithms. Today’s existing solutions for classified networking are expensive, hard to use, suffer from slow performance and are operationally limited by current EKMS-based cryptographic policies and technologies. Aruba’s Suite B implementation addresses these issues by offering an easily-deployed solution that has the low price and high performance characteristics of a commercial solution. The underlying computation methods are also much more efficient, making them ideal for high-performance applications such as voice and video.”
Government agencies are under the same pressure as the private sector to allow the use of smartphones, tablets and other “commercial” devices on their networks, and while the benefits are equally clear, the security capabilities required of government networks are much more stringent than those of their general enterprise counterparts. Aruba was the first and is still the only mobile access networking vendor whose wireless portfolio is certified to meet Suite B criteria. Because the Aruba solution is based on commercially available cryptography technology, it is available not only to U.S. government agencies but to defense, government and other high-security organizations worldwide.
Suite B is supported in all currently shipping Aruba mobility controller hardware, which includes Aruba 6000 series, M3-Mk1, 3000 series and the 600 series mobility controllers. Aruba controller hardware, ArubaOS, and the VIA client will be appropriately validated through the U.S. National Institute of Standards and Technology and other agencies for certification for deployment as part of a classified access network architecture.
The Aruba VIA client, previously available from Aruba for commercial use, will now also support Suite B. The VIA client detects whether the client device is connected to a trusted or untrusted network, and then uses a combination of authentication and encryption to create a secure tunnel connection to its mobility controller. It can operate in 802.11i WLAN Client Supplicant mode, Ethernet LAN IPSEC mode or Remote Access IPSEC mode.
The following protocols and methods for Suite B are supported in ArubaOS 6.1:
- AES-128-CBC, AES-128-CCMP legacy modes
- AES-256-GCM for Suite B symmetric cryptography
- Elliptical Curve Diffie-Helman (ECDH) for key exchange
- SHA-256 / SHA-384 Secure Hash
- WLAN Mode: 802.11i + Suite B using EAP-TLS
- VPN Mode: IPSEC + Suite B using IKEv1 or IKEv2
“Military, intelligence and many civilian agencies have transitioned to network-centric applications that reside on classified networks and run well on mobile devices,” said Dave Logan, vice president of government solutions for Aruba. “As traffic has grown and as mobility has increased, these classified networks have experienced a dramatic increase in importance and usage. By focusing on commercial solutions to provide classified network access, these organizations are able to maintain high performance, lower acquisition and operations costs and reap the benefits of a more rapid cycle of feature and product innovation.”
About Aruba Networks, Inc.
Aruba Networks is a leading provider of next-generation network access solutions for the mobile enterprise. The company’s Mobile Virtual Enterprise (MOVE) architecture unifies wired and wireless network infrastructures into one seamless access solution for corporate headquarters, mobile business professionals, remote workers and guests. This unified approach to access networks dramatically improves productivity and lowers capital and operational costs.
For more information, please visit out Aruba Products Page