Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Mobile Application and Data Isolation

Summary

The nationwide public safety broadband network will enable first responders to use modern mobile devices for interoperable public safety operations. While this fundamentally changes how first responders will communicate and access public safety resources, the mobile devices and the data and applications residing on the devices, need to be secured against mobile malware and other threats. Protection mechanisms will need to include methods to isolate commercial applications from mission critical ones, while providing management and reporting capabilities to determine if a device is compromised. Since compromised devices may allow attackers to access the cellular network infrastructure and other critical resources, a set of security controls will need to keep public safety handsets hardened against attack, while ensuring they are able to assist in life saving activities. The Public Safety Communications Research (PSCR) program is conducting research to identify and enumerate methods to manage and isolate applications and data for deployment on the nationwide public safety broadband network.

Description

separation personal data and public safety data pscr

The separation of personal data and public safety data

The security of mobile devices operating within a nationwide interoperable network is critical in maintaining a secure and reliable cellular network for first responders. The inclusion of mobile devices erodes traditional network boundaries, increasing a network’s threat surface, and adding many new potential points of compromise. Devices can be attacked via their myriad of network interfaces (e.g., WiFi, Bluetooth, cellular), or their small form factor may be lost or stolen – putting confidential public safety information at risk. Protecting the mobile operating system in addition to mobile applications is necessary to ensure device security. Typical mobile protection mechanisms include: application-data encryption, user authentication, and the ability to remotely wipe specific applications and data. These security controls are governed and implemented in part via mobile device management (MDM) and mobile application management (MAM) systems. Both of these technologies are necessary to securely enable co-existence of public safety and commercial applications on the same device.

AN INNOVATIVE APPROACH

PSCR will investigate management and isolation technologies for mobile applications and data hosted on multiple major OS platforms. First steps will include determining available controls to protect public safety user applications and their practicality in real user environments. Requirements for data isolation will be weighed against the adverse impacts to the end user, network, and infrastructure. Further research will include: investigating established mobile management and isolation technologies, and identifying gaps in necessary functionality to ensure their ability to separate public safety applications from potentially malicious malware on commercial applications.

VALUE TO PUBLIC SAFETY

First responders need tools and support to accomplish their mission critical tasks. This research will ensure public safety has the right tools in place to enable secure, real-time communication, and access to vital public safety resources. PSCR’s mobile application and data isolation protection mechanisms will work in the background with limited user interaction to prevent the leakage of sensitive public safety information, without preventing first responders from performing their duties.

Network architecture mobility management system pscr
Network architecture of a mobility management system

Mobile Technology Layers
Isolation between mobility management layers
Created August 17, 2016, Updated October 18, 2018