TEOPAD: security for smartphones & tablets

THALES COMMUNICATIONS & SECURITY – 4, Avenue des Louvresses – 92230 Gennevilliers, France Tél: +33 (0)1 46 13 22 29 – E-mail: [email protected] – Web: http://www.thalesgroup.com/teopad/

w w w . t h a l e s g r o u p . c o m

INFORMATION TECHNOLOGY SECURITY

TEOPAD: security for smartphones & tablets

- 04/2

013 -

©Th

ale

s se

rése

rve le d

roit

de m

odifie

r sa

ns p

réavi

s le

s ca

ract

éri

stiq

ues

tech

nique

s de c

e m

até

riel

TABLE OF CONTENTS

1. A Market at the Heart of a Revolution 2

1.1. The Rise of Digital Nomadism 2

1.2. The Impact of Smartphones and Tablets 3

1.3. The Consequences for the Professional Data Protection 3

1.4. The "Store" Effect 3

2. The Thales Approach 4

2.1. The Needs Study 4

2.2. Thales: the Expertise in Telephony and Mobility Security 5

3. The TEOPAD Solution 6

3.1. A Key Principle 6

3.2. Innovations and Differentiators 7

3.3. The Security Functionalities 8

3.4. TEOPAD Sandboxing Technology 8

3.5. The Architecture 10

4. The Deployment 12

4.1. Deployment on System Information Department Side 12

4.1.1. Deployment Preparation 12

4.1.2. Users' Registration 12

4.2. Deployment on the End User Side 13

5. The Professional Services 14

1

1.1. THE RISE OF DIGITAL NOMADISM

Nowadays, more than 22% of the employees are estimated to benomads, while additional 25% spend half of their working time awayfrom the office.

This spectacular rise can be explained by several factors, includingthe following ones:

• The companies' globalization inducing a dispersion of their activities: offshoring of production and R&D activities', commercial exploration of new markets, etc:

• The higher complexity of projects and the increase in thenumber of suppliers and subcontractors with whom it is moresuitable to maintain a proximity follow-up.

• The expansion of telecommuting, at home or in temporary premises.

This mobility of the employees has rapidly induced the necessityto provide them with tools that allow to maintain their work capacity, irrespective of their location. This trend initiated with mobile phones and laptops is nowadays transferred to their successors, i.e. smartphones and tablets.

Moreover, tablets and smartphones are more and more oftenused for "internal nomadism" inside the company's premises asalternatives for terminals of PC type (workshops, hospitals...), orfor specific terminals (transports, personal services...).

1.2. THE IMPACT OF SMARTPHONES AND TABLETS

Market key figuresSmartphones• Market increase by 60% end of 2011 vs. 2010 (Gartner)• 460 million sold in 2011 that will reach 1 billion by 2016

(IMS Research)• 657 million sales estimated in 2012 (JPMorgan)• For the first time, the smartphones' sales will go past the PC

sales in 2012 (Morgan Stanley Research)

Tablets (Gartner)• 60 million tablets sold in 2011, 119 million estimated for

2012 (+98%)• 369 million in 2016 (+515% vs. 2011) • The companies' purchase will represent 35% of the sales in

2012• Android will equip 32% of the tablets that will be sold in

2012.

However, the migration of laptops and mobile phones towardstablets and smartphones is far from being neutral as it deeplymodifies the uses. This evolution may be explained by severalfindings:• The "call for competition" between professional and personal

equipment. All the mobile phones had previously the samefunctionalities on a global level. This allowed the companiesto provide quite easily their employees with a standard andnot very evolutive fleet. Smartphones disrupt this balance.There is now a significant gap between equipment providedby the company to its employees and between what the employees personally can or wish to have. This gap may be functional (smartphone vs. telephone) or related to communities (Apple, Android, Windows, RIM).

• The entrance of new players. The emergence, via smart-phones and tablets, of new players coming from computerand on-live services' worlds (Apple, Google, Microsoft…)intensifies the competition and induces major technical andapplication innovations. In addition to the accelerated replacement of series of products, anticipating the servicesthat will be available in the short term, as well as the

technological leaderships, becomes very difficult. This accelerates significantly the fleets' obsolescence.

• The size-weight factor. The golden age of mobile phoneshas mainly led to a miniaturization of the terminals. This evolution was possible because the terminals were functionallylimited to telephony. The entrance of smartphones, and furthermore, of tablets, has suddenly reversed this trend withterminals that are again more bulky but much more evolved.As the new functions do not allow a significant size reduction(high-definition screen to visualize videos and documents,keyboard - including tactile - for text editing…), it is less andless acceptable for an employee to take with him/her a professional terminal in addition to his/her personalequipment.

Therefore, it has highlighted a new phenomenon: it is moreand more difficult for companies and public services to impose specifically professional terminal fleets to their employees, as the latter may refuse.

1.3. THE CONSEQUENCES FOR THE PROFESSIONAL DATA PROTECTION

This analysis has given rise to two trends that keep on intensifying:• Either the professional terminal is used for personal purposes,

and then, the employee does not invest for him/her personally.• Or the personal terminal is used to carry out professional

tasks. Even if it leads to numerous difficulties related to business protection and fleet management, this solution isnow interesting for many companies due to the decrease inprocurement costs it may induce.This trend is named "BYOD" (Bring Your Own Device), doesnot exclude the previous one and may be preferred by someorganization and for some types of populations and uses. In every instance, there is then a cohabitation of private andprofessional spheres on a single terminal, with the risks it induces as regards information and professional activity security. These risks did barely exist with simple mobilephones, because of their limited storage and connectivity tocompanies' Intranet capacities.

1.4. THE "STORE" EFFECT

The deployment of tablets and smartphones within companiesalso affects the application equipment management. In orderto make the most of the potential of these new terminals, it ismore suitable to install various applications on it: documentediting and reading, data communication and exchanges, butalso specific business applications, geolocation, payment, logistics, etc. In numerous cases, the company wishes to controlthese applications in order to ensure the interoperability withthe tools of its information system, verify their harmlessness,adapt the service to each user depending on his/her needsand facilitate the users' support.The company requires its private "Company Store" in order tomake available the software its employees need and control it.

1. A MARKET AT THE HEART OF A REVOLUTION

2 3

2. THE THALES APPROACH

2.1. THE NEEDS STUDY

The previous analysis allows to define accurately the essential characteristics of an efficient and flexibleprotection solution for a professional environment on smartphones and tablets.

It is therefore essential that the solution offers the following: • True flexibility in choosing the terminals: for a given OS, the solution must enable to choose a terminal

in the largest possible series, and not to impose a model in particular. It is also essential to be ableto track “real time” the terminals and operating systems market developments.

• High flexibility in choosing the applications: the solution must enable the largest possible choice in professional applications to be secured. It must also be compatible with business applications (ERP,CRM, home applications, etc.). This particularly implies being able to use market applications withoutbeing obliged to modify them.

2.2. THALES: THE EXPERTISE IN TELEPHONY AND MOBILITY SECURITY

Today the smartphones' and tablets' securing products impose either the terminal,or the applications (often proprietary), sometimes both. The difficulties related toobsolescence and interoperability with IS are then irremediable.

• In-depth security: the patrimony to be protected is information. The latter can be locally stored on theterminal and it can also be exchanged via various WiFi or 3G applications, by SMS or e-mail, etc. Thesecurity must then apply to all the applications and uses proposed by the smartphone or the tablet.

• An infrastructure for application management: the company must be in a position to plan, prepare anddeliver the applications to the users on the same principle as that for "Market Places".

• Unchanged ergonomics: the security deployment must not modify the user's habits in the way he/sheuses the terminal and related applications.

The main thing in a flexible and automatic deployment context:• For the user, the security deployment must be extremely simple and rapid.• For the company, security solution ease of rollout and management for a large fleet of terminals.

In general, the security solutions for smartphones and tablets only cover applicationsrelated to telephony, e-mails and Intranet. This represents only a limited part of the potential offered by these types of terminals and it can turn out to be rapidly insufficient.This is therefore a significant limitation of the possibilities offered by these tools by thenegation of their application nature.

Thales can rely on an expertise that is unique in the worldwith "success stories", the most remarkable of which are thefollowing:• The security of companies' phones: through a strategic

partnership, Thales develops and supplies the on-boardsecurity layer in telephony systems on IP OmniPCX Enter-prise sold by Alcatel-Lucent. This includes the infrastruc-ture and the software of the stations themselves. By theend of 2011, about 1.200.000 terminals benefit fromtheses technologies in the companies worldwide with thevery high availability and service quality requirements itinduces.

• The security of government mobile phones: The TEOREMproject, developed by Thales within the framework of acontract of the DGA (Direction Générale de l’Armement- French General Directorate for Armament) on behalf of the SGDSN (Secrétariat Général de la Défense et de la Sécurité Nationale - French Secretariat-General for National Security and Defense) and the EMA (Etat-Majordes Armées - French Defense Staff), aims at providing withencrypted phones the high State's authorities, the armedforces and different ministries dealing with confidential-

classified information. The DGA has ordered more than14,000 terminals, 7,000 of which are for the armedforces.

To develop these security solutions, Thales relies on its teamsof information system security experts of international reputation: in addition to the R&D teams in charge of thesolutions described above, Thales also has teams with expertise internationally recognized in the area of so-called"ethical" hacking, detection and analysis of vulnerabilitiesand whose works are often published.

Thales is considered as a key player in information technologysecurity for companies - number 1 in Europe and number3 in the world - and as such, supplies almost all of the worldbiggest players of IT, finance, e-commerce, energy or pharmaceutical sector.

Nowadays, these teams represent around 2,000 people inthe world and the expeditions are performed every year inmore than 100 countries.

4 5

TEOPADSecuring solution for professional applications on smartphones and tablets.

3.1. A KEY PRINCIPLE

TEOPAD is a securing solution for professional applications onsmartphones and tablets, developed by Thales and dedicated tocompanies and public services.

TEOPAD allows to create on the terminal a secure professional environment that can coexist with an open personal context. Thisprofessional environment is in the form of an application that can bestarted after a strong user authentication and by means of a simpleicon on the terminal's native desktop. The user can then access a second desktop, which constitutes his/her professional environment. The latter is completely isolated from the personal andnative part by a patented sandboxing technology.

This part is entirely encrypted and controlled, contains all the appli-cations, data and settings necessary for the user within the frameworkof his/her business activity:• Applications of all types: web browser, e-mail client, viewers,

note pads, telephony client, business applications, etc.• Documents, contact database, personal organizer, e-mail

archives, etc.

The applications deployed in the professional environment comemandatorily from the company's private "TEOPAD Market Place" andunder no circumstances they can be downloaded from a publickiosk.

Moreover, the connection to the company's resources (Intranet,messaging application, file servers, etc) must be encrypted andauthenticated through the operators' networks.The direct access to public web sites is therefore impossible fromthe professional desktop, but in that case, it must be enabledby a "rebound effect" from the company's information system.

It is then subject to the security policy of the latter. However,this direct access to public web sites potentially remains authorized for the user within the framework of his/her privateuse and from a browser in his/her personal environment, whichTEOPAD does not modify.

3. THE TEOPAD SOLUTION

The user's personal and professional environmentswork then simultaneously and completely indepen-dently on the terminal. Switching from one to theother is perfectly fluid. The user is permanently informed of what occurs in each of them, withoutbeing obliged to "go and see on the other side".

• Flexibility of the secure perimeter: thanks to "TEOPAD Market Place"the company can make any time new secure applications availablefor its employees. For instance, they can be adapted depending onthe employees' missions or business trips. This flexibility enables theemployee to travel in complete safety with a terminal, the content ofwhich is strictly adapted to his/her needs. He/she can leave with aterminal with no professional context, the latter being downloadedsecurely once he/she has reached his/her destination.

• Simplicity of deployment for the user: once he/she has receivedhis/her authentication means, the user downloads the TEOPAD application and his/her customized professional context from the"TEOPAD Market Place" available on the Intranet of his/her company.

• User-friendly interface: TEOPAD preserves integrally the ergonomicsof the native OS and the applications used.

3.2. INNOVATIONS AND DIFFERENTIATORS

The innovations developed by Thales enable TEOPAD to propose significant differentiators with respect to the other market solutions:• Flexibility in choosing the terminal: for a given OS, the solution may

be deployed on most of the market terminals using this OS.• Flexibility in choosing the applications: for a given OS, most of the

applications available on the market may be hosted and protectedin the secure environment. This applies to native applications, aswell as to third applications or applications developed by the company for its own needs.

This capability to secure all the situations of use is also aninnovation and is the result of technologies patented byThales.

6 7

1. OS Android 2.3.X and 4.X. Other OS to come.

• Protection of the information in all its forms: information remainsvulnerable when manipulated, transmitted or stored. Therefore, thereis no use encrypting only e-mails or telephony, as most of the current solutions offer to do so. TEOPAD allows to protect informationin all its editing, viewing or exchanging contexts.

The capability to combine both freedom axes is a worldfirst. It is the result of technologies patented by Thales.

When there is absolutely no adhesion, TEOPAD securesany type of market applications on any market terminal.

3.3. THE SECURITY FUNCTIONALITIES

The main security services offered by TEOPAD in the professionalenvironment are the following ones:• Compartmentalization of professional and personal environments;• Access to professional space by strong user authentication by

means of a security element associated with a code;• Control of the execution context of professional applications

(patented sandboxing), including during document viewing phase;• Encryption of all the users' data and data generated by the

professional applications;• Forcing of professional connections towards the company's infor-

mation system;• Encryption of professional connections towards the company's

information system;• Encryption of telephone communications;• Remote and secure fleet management;• Secure deployment and remote management of the professional

applications' fleet thanks to an application kiosk controlled by thecompany.

• No additional specific infrastructure: TEOPAD is connected verysimply to the existing information system. There is no use deployingproprietary servers or gateways, which highly limits the costs.

• Offer of high-quality professional services dedicated to the users:see § 3.5.

• Flexible operation: it may be partially or completely given to atrustworthy third.

3.4. TEOPAD SANDBOXING TECHNOLOGY

This unique and patented technology allows to create terminal duality between two environments - professionaland personal - working simultaneously, but independently,and without resorting to proprietary applications. This technology does not rely on virtualization principles,which makes it particularly light, with all possible benefitsin terms of performance and autonomy.

The Android applications are authorized to perform specifictasks or reach system components depending on the privileges they received. The TEOPAD SANDBOX system controls the authorizations,and then, filters the exchanges between:• Professional and personal applications;• Professional applications and operating system.

This mechanism allows the Information System Departmentto limit the interaction capabilities of professional appli-cations with their environment. The ringfenced professionalenvironment is then generated and is displayed in theform of a separate desktop on the terminal.This technology supplies efficient means to fight againstintrusions, information leaks or trapping of professionalapplications.

The TEOPAD SANDBOX advantages:• Customized compartmentalization of professional applications and data with respect to the rest of the terminal;• Professional desktop that can host any type of applications available on the market or developed by the company (no mandatory Thales

proprietary application);• Simultaneous operation of professional and personal environments with unique notification interface for the user (Android native bar);• Application content exclusively from the company's Teopad Market Place and entirely under control of the latter; • Protection of professional data, including those being visualized, when they are no longer encrypted;• Very poor print on the terminal, which enables to maintain perfectly the performance of the latter;• User-friendly interface maintained.

The TEOPAD SANDBOX compartmentalization service is proposed independently from the local encryption service on the terminal. Theseare two complementary services.

The communication protocols and encryption are

based on standards to ensure a maximum inter-

operability. Nevertheless, their implementations

are developed or checked by Thales in order to

guarantee the highest trust level.

The TEOPAD sandboxing technology based on technologies patented by Thales allows each professional application

to have its own execution environment. This mechanism ensures professional and personal compartmentalization as

regards unique flexibility on the market.

This capability combination makes TEOPAD the firstdevice to propose to System Information Depart-ments a credible and simple solution to solve the coexistence complexity of personal and professionaluses on a single terminal, smartphone or tablet. Ratherthan offering security on a limited number of uses,TEOPAD allows to put «a smartphone in a smartphone».

8 9

PersonnalApplications

ProfessionalApplications

SANDBOX

VM Dalvik

TEOPAD:Professionalenvironment

Personnalenvironment

OS

3.5. THE ARCHITECTURE

The TEOPAD solution is composed of the following elements:

• For the user:- the TEOPAD application to be installed on the terminal.- the TEOPAD Market Place client application.

• For the company:The TEOPAD infrastructure is particularly light as it does notrequire any proprietary element to connect the users to theinformation system.It allows a centralized and industrialized deployment, andthen operation of TEOPAD. The tools enable in particularto create generic or customized profiles and to becomeadapted to fleets with high dimensions or specialized perbusiness activity.

The management infrastructure includes the following modules:

• TEOPAD Management Center (TMC)TMC allows to register and manage TEOPAD users. This stationis interfaced with the existing elements of the information system(address book) using standard protocols (LDAP, SMTP), whichmakes the integration into the information system easier. The TMC has 3 functions:• Allows to enrol users and to customize the user authentication

support and the security policy;• Allows to generate setting files for secure professional appli-

cations (for instance, server addresses, messaging accounts,bookmarks, etc.);

• Allows to deal with commercial off-the-shelf applications tosecure them in the TEOPAD professional environment."

• TEOPAD Market Place (TMP)The TMP is the applications' store dedicated to TEOPAD secureprofessional applications. It is under the company's control andallows to make available for users, depending on their businessactivity, secure applications and setting parameters of the latter.This system enables to manage the different versions of a sameapplication, the updates, the applications' dependencies and thecreation of applications' "bundles".

• TEOPAD GatewayUnique input point of incoming and outcoming flows of TEOPADapplications, the reverse proxy server:• Checks the validity of connection requests to the information

system thanks to a mutual authentication mechanism withthe terminal. This mechanism relies on a verification of certifi-cates;

• Ends the TLS tunnels established by the terminals;• Hides the information system infrastructure;• Performs a protocol break.

TMCServer

Terminal

Terminal

Internet

network3G

NetworkWLAN

TEOPADGateway

TMPServer

TTSServer

TLSTunnel

4

4

4

2

1

1

1

3

Business server

Directory server

TOIP Company server

Fixed phones

1

2

3

4

10 11

• TEOPAD ToIP Server (TTS)If the company has chosen it, TEOPAD proposes a Voiceover IP (VoIP) service encrypted thanks to a dedicated ToIPserver. The latter is connected to the company's IPBX and offers a system of unified and secure communications forusers.

Furthermore, TEOPAD is compatible and may interfere withthe tools of the market's Mobile Device Management (MDM).

All these tools allow a light integration into the

information system, without any proprietary

equipment. The deployment on the terminals becomes

also completely transparent for end users who do

not need any technical pre-requisite.

In option

12 13

TMC : Teopad Management CenterSAM : Secure Application ManagerTMP : Teopad Market Place

BusinessServer

Company IS

Secure ElementConfiguration

AppsManagement

Securityapplication

4.2. DEPLOYMENT ON THE END USER SIDE

• Installation of the TEOPAD MANAGEMENT AGENTThe TMA enables to download the TEOPAD application, the secure professional applications and their configuration profilesfrom the TMP server. The TMA may be deployed in different wayson the users' terminals, via:• The µSD card, if this format is selected for the security element;• The company's web portal;• The fleet management tool (MDM).

• Installation of applicationsAs soon as he/she has the TMA application on his/her terminal,the user can download and then, install the TEOPAD applicationand the secure professional applications made available by thecompany are pushed to the user's device.

The TMA will automatically launch the installation and thepre-configuration:• Of the chosen secure professional application;• Of related dependencies.

4. THE DEPLOYMENT

4.1. DEPLOYMENT ON SYSTEM INFORMATIONDEPARTMENT SIDE

The deployment of TEOPAD is composed of two different steps:• Deployment preparation by the company;• Users' registration.

4.1.1. Deployment preparation

• Securing of applications to be deployed:After having selected the professional applications, the company'sInformation System Department can secure and sign these via theSAM module of the TMC, and then, can publish them towards theusers thanks to the TMP. The applications are signed by means ofa certificate of the company's PKI or by a self-generated certificate.

• Preparation of the profiles:• Creation of security element profiles

A security element profile contains a security policy. It is possibleto manage several security policies that will be allocated todifferent groups of users.The profiles contain for example the following data:- size and format of the authentication code;- number of authentication attempts before locking;- duration of the TEOPAD session;- etc.

• Creation of configuration file profilesThis phase concerns the creation of profiles for configurationfiles of each application. A profile contains a form for data spe-cific to each user, as well as information shared by all the users.For instance:- security element type (software or hardware);- FQDN of the e-mail server;- settings of the TLS service;- etc.

4.1.2. Users' registration

This step consists in registering the user to the TEOPAD service. It includes the generation of a security element (software or hardware)and the configuration of the TEOPAD environment specific to eachuser. Further to this step:• The security element and the TEOPAD authentication code are

transmitted to the end user;• The user configuration data are published on the TMP.

• The security:• Registration/procurement of smartphones and/or tablets;• Application of software control policies installed on the

smartphone and/or the tablet;• Application of control policies of hardware components

(camera, etc.);• Application of filtering policies of URL compliant with the

company in SaaS mode;• Installation of the company's applications.

• Procurement of the terminals.

• A unique call platform whatever the request is:• The user support is based on the call back principle:

- calls are accepted 24 hours a day, 7 days a week;- calls back are performed depending on the nature

of the incident and the service contract (SLA).• Access to the portal is given:

- to the administrator who has a view on all the incidentsand service requests;

- to the user who can then enter himself/herself the incidentsand service requests and follow up his/her tickets.

• Each action gives rise to a follow-up by e-mail.

As a security product itself is not sufficient, the professional services offered by Thales and its partners allow to follow the users as closeas possible, including in their VIP component. Left to the end customer choice, these services include:

Wherever they are in the world, theTEOPAD users can be assisted whileusing the product.

The company benefits from servicesstrengthening the protection of its business patrimony whatever the geographical situation of its employees is.

14 15

5. THE PROFESSIONALSERVICES