"Covia Labs Receives FIPS 140-2 Certification"
Covia Labs’ Public-Safety Communications Interoperability Software
By: LAW and ORDER Staff
Covia Labs, Inc.’s Connector™ product has been awarded Federal Information Processing Standard (FIPS) 140-2 certification, a rare security distinction for software that provides public-safety communications interoperability. The certification of the Covia Connector Cryptographic Module™ covers the security library of the Covia Connector’s runtime engine, providing full AES 256-bit encryption. It was awarded after an extensive review process by the National Institute of Standards and Technology (NIST) and comes as the Federal Government begins the development of FirstNet, the first-ever national broadband communications network for public safety.
Currently in use by Defense Advanced Research Projects Agency (DARPA), the U.S. Marine Corps and the non-profit research organization, the Stanford Research Institute (SRI International), the Covia Connector is a software platform that merges voice, data and other key Command and Control functionality found on multiple, diverse devices and equipment into one, fully integrated system. Regardless of hardware, operating system or platform, the Covia Connector is optimized as a secure fast and lightweight addition that is easily ported to any device or hardware, including servers, routers, PCs, tablets, smartphones, LMR radios, drones, cameras and even Bluetooth headsets. It provides FIPS-certified encryption of both data in-transit and at-rest without first responder and defense agencies having to buy expensive hardware.
FIPS 140-2 is a U.S. government security standard used to accredit cryptographic modules. It assures federal, state, local and tribal agencies that information shared or accessed via the Covia Connector meets NIST’s stringent security, encryption and compliance guidelines to prevent malicious cyber intrusions. The standard was developed through the Cryptographic Module Validation Program (CMVP), which certifies products for use by U.S. government agencies and regulated industries that handle sensitive information and data.
Since the Covia Connector creates an independent and encrypted communications system that is FIPS 140-2 certified, any current or future third-party or Covia Labs Connected Application™ operating on the Connector platform will fall under Covia’s FIPS 140-2 certification and will not have to receive FIPS certification independently. All data on these applications, both in-transit and at-rest, is automatically encrypted and sealed in an instance-by-instance security enclave. By placing these applications under the shield of Covia’s FIPS 140-2 certification, the Covia Connector will enable public-safety Original Equipment Manufacturers (OEMs) and the military to innovate and update public safety applications, especially those expected to be developed for the new FirstNet network, without opening security holes. It also means these agencies will avoid the lengthy and costly process of certifying each new application or updates to currently certified applications. In addition to purpose-built Connected Applications™ running on the platform, native applications and legacy systems can communicate with services running inside the Connector to utilize its capabilities.
“Data security and interoperable systems are two of the most significant issues to tackle as FirstNet begins to lay the groundwork for the first-ever national broadband communications network for public safety,” said David Kahn, CEO of Covia Labs. “One way to ensure systems work together while maintaining the highest security standards is by requiring FIPS 140-2 certification for the libraries at the core of a platform used by different OEMs. This platform can help the development of an ecosystem of applications, which automatically inherit the data security, synchronization, redundancy, resilience, bridging, voice, text picture and video features of the platform.”
The FIPS certification for The Covia Connector is for the Linux operating system, which is the primary OS being used by the Department of Defense. Covia has also started the FIPS certification process for Android, Windows and iOS operating systems, which is expected to be complete by early next year. In addition, Covia is going to have Google Glass under the FIPS certification for Android which will offer the first FIPS-certified Bluetooth headset for public safety. Covia has been in contact with the Secret Service who said they cannot currently use Bluetooth since there aren’t any FIPS certified Bluetooth headshots on the market. Covia’s certification for Google Glass will offer not only a Bluetooth device but the heads-up display as well.
In addition to FIPS certified encryption, the Covia Connector provides the following additional security features:
• A cyber sandbox ensuring that Connected Applications perform only the functions they are authorized based on the security rights of the device and the security access and current role of the individual using the device. All applications must be digitally signed by an authority designated by public safety to run inside the sandbox and will not run if tampered. This serves as an additional security layer on top of the FIPS encryption.
• An innovative key distribution method that enables the establishment of a secure perimeter, even when the network is under attack. This ensures that only the intended devices can join the network and that their access will terminate at the completion of the incident. It also enables the remote management of devices, including removing access to data already stored on the device.
• A hardened platform that protects all applications running within its protected zone, versus the traditional method of setting up separate security processes for each specific application.
Additional features of the Covia Connector specifically critical to public safety include:
• Push-to-Talk (PTT) voice with 0.3 second latency on Wi-Fi, LTE and even 3G cellular networks that support one-to-many. Operates in conditions when VoIP (or VoLTE) is inoperable due to unreliable network connectivity or when people are talking over one another. Also enables the replay of messages.
• A “Pipes within Pipes” feature that aggregates the bandwidth of all networks the device has access to and seamlessly uses the remaining “pipes” if one network becomes unavailable.
• Dynamic Mastering™ that eliminates the need for 100 percent access to network servers and allows talk-around when the network-based servers and services are unavailable.
• When loaded on an LMR radio, enables that radio and LTE device to share a single network in a hybrid configuration where the LMR radio provides talk-around, reliable communication and “Mission Critical Voice,” while the broadband cellular provides “Mission Critical Data.”
• All information, including voice, is geo-tagged and time stamped for greater situational awareness, bringing other agencies or new incident commanders up to date and for after-action review.