After many years of development and well-publicized budget overruns, the DoD’s Joint Tactical Radio System program (since reorganized and renamed) has recently given birth to a set of handheld voice and data radios — so-called Rifleman radios — built by a number of traditional military radio firms, including Exelis, GD, Harris, and Thales.

Here are some key differences between a Rifleman radio and a modern smartphone:

Because of their scale, smartphones outpace tactical radios in processing power by a significant margin and at significantly lower production cost. Yet tactical radios require custom radio hardware and software for military environments that would never be of interest to smartphone manufacturers. Rifleman and its associated waveforms were designed strictly for a military combat environment, where robust push-to-talk voice operation is by far the highest priority.

Figure 1. Mobile device tethered to tactical radio
Nevertheless, the advent of smartphones has driven military leadership to consider how best to utilize them. Powerful graphical environments have enabled a new generation of situational awareness applications, but the mobile devices’ relatively weak security and inability to communicate on resilient military networks prevent them from being used directly for tactical communications. Instead, smartphones must be tethered to rifleman radios, using the radio’s USB data port for sending maps and other data, but still relying on the radio itself for voice input, encryption, and link-layer transceiving (Figure 1).

At an order of magnitude higher in price than a smartphone, governments do not have the budget to enable all field personnel with tactical radios. Today, tactical radio possession ends at the platoon, or at best, squad leader, leaving other team members devoid of the valuable capability.

A next-generation mobile tactical communications solution would ideally meld the tactical radio and modern smartphone worlds, creating a solution that enables:

  • Powerful apps associated with modern mobile computing;
  • Ability to communicate on military tactical networks; and
  • Low cost, so every soldier can have one.

Figure 2. CSfC dual VPN approach
One might wonder why modern smartphone features cannot be simply added to the military radios, imbuing them with improved processing power, battery life, and graphical interfaces. This is not a feasible option because military radio development cycles are much longer than commercial smartphones, due to the need to follow tedious government contracting and certification processes. By the time a military radio actually ships in production quantities, commercial smartphones have evolved several cycles and are multiple generations ahead in hardware and software technology. Instead of trying to fit a square peg in a round hole, we consider a solution in which commercial smartphones are maximally leveraged with a cost and scope-reduced tactical radio.

Two important recent technology revolutions are making this vision possible: NSA CSfC cryptographic solutions and mobile security powered by separation kernel-based hypervisors.


Launched in 2012, the NSA’s Commercial Solutions for Classified (CSfC) program aims to leverage commercial off-the-shelf solutions to secure classified government networks and information. CSfC is a sharp change from the traditional approach of designing and building expensive government-purpose cryptographic communications equipment.

One of the key principles of CSfC is to implement multiple independent layers of commercial cryptographic products to replace a traditional, single-layer government cryptographic solution. For example, to send classified information over an open network (e.g. the Internet), the traditional government approach is to use a government-certified in-line encryptor, such as TACLANE or Talon. The encryptor contains specialized encryption hardware and software and undergoes a rigorous development and approval process (Type-1 NSA certification). Some Type-1 encryptors are orders of magnitude more expensive than commercial encryption products.

Figure 3. CSfC approach within Samsung KNOX Hypervisor
An example CSfC replacement for Type-1 encryptors is a dual-layer VPN, as described in the CSfC program’s Virtual Private Network (VPN) Capability Package. In this approach, classified information is encrypted twice, using two commercial VPNs, each of which must be certified to commercial quality standards (e.g. FIPS 140-2 certification) and supplied by different vendors (Figure 2).

The individual products used in CSfC-composed solutions are developed for the larger commercial enterprise and therefore are much lower-cost and not dependent upon or subject to the same government funding and certification overhead used for traditional Type-1 systems. For example, a dual CSfC VPN solution might be composed of standard enterprise Cisco and open source StrongSwan products.

Separation Kernel-Based Hypervisors

Commercial, off-the-shelf bare metal mobile hypervisors have been deployed in standard consumer smartphones and tablets for several years, and the USMC (via its Trusted Handheld, or TH2, program) recently took a leadership role in applying them to improve mission capability while reducing total cost of mobile computing for the government. Mobile hypervisors provide strong isolation between the mobile OS (e.g. Android) and other execution environments (e.g. security components or even a second Android instance) that must be protected even if the Android OS itself is vulnerable and exploited by malware or remote attacks.

Figure 4. Example dual domain TH2 Architecture
TH2 worked with mobile hypervisor technology from Green Hills Software, whose virtualization approach leverages high assurance INTEGRITY separation kernel technology that has been deployed for many years in critical commercial embedded systems, such as medical equipment, industrial controls, and avionics. The hypervisor enables multi-domain use of a single device as well as application of CSfC-compliant data protection. Green Hills’ technology powers the basis of Samsung’s commercial enterprise mobile hypervisor offering called Samsung KNOX Hypervisor. Figure 3 shows how dual-layer data-at-rest (DAR) and data-in-transit (DIT) can both be implemented using the Samsung KNOX hypervisor to provide a layer of isolated security beyond the mobile operating system itself.

Samsung KNOX Hypervisor can host two mobile OS instances. Under the auspices of the TH2 program, this solution became the first commercial solution to be approved for simultaneous access to the open Internet as well as sensitive government networks (Figure 4), in late 2013.

Applying TH2 to Tactical Radio Communications

USMC recognized that Samsung KNOX Hypervisor provides an extensible execution environment for other critical processing. Developers from Green Hills are now working on an application of this environment to offload some of the tactical radio processing onto the powerful mobile device. The mobile device can then be conjoined with a reduced footprint tactical radio to create a single unit that has the power and flexibility of the modern smartphone or tablet, yet communicates seamlessly on traditional military tactical networks.

Figure 5. Traditional red-black radio architecture
A standard tactical military radio, such as the rifleman, includes three main processing environments: a redside subsystem, a cryptographic subsystem, and a black-side subsystem. Human voice (push-to-talk) enters into and is processed by the red-side subsystem. This data is then encrypted by the cryptographic subsystem before it is transmitted by the black-side subsystem, responsible for all link layer functions. Figure 5 shows the traditional red-black tactical radio architecture.

Figure 6. Conjoined TH2 with offloaded radio functions and cost-reduced tactical radio/sleeve
The cryptographic subsystem is a traditional government-purpose Type-1 component (not CSfC) and is costly to develop and certify. The black-side components include special purpose digital signal processing hardware and algorithms that cannot be easily offloaded onto the general-purpose applications processing hardware on the mobile device. The red-side processing, however, lends itself well to the smartphone execution environment. Furthermore, the Type-1 cryptographic subsystem can be replaced with a CSfC approach that has already been developed and deployed on the smartphone.

Figure 6 shows the notional concept of a scope and cost-reduced tactical radio, wherein only the black-side processing remains, and the red-side and cryptographic subsystems have been offloaded as additional software applications on the hypervisor-powered smartphone. Furthermore, because the radio hardware is so much simpler, it can be manufactured into a smaller, more flexible form factor, such as a sleeve or attachment on the smartphone itself, enabling the warfighter to carry them easily as a single unit. When the smartphone is connected to the sleeve, the smartphone’s built-in communications peripherals are disabled, and all communication is routed to the radio. Even push-to-talk voice can be handled by the smartphone, reducing the complexity of the radio and providing the warfighter with the most modern graphical interface and application environment possible.

This article was written by David Kleidermacher, Chief Technology Officer, Green Hills Software (Santa Barbara, CA). For more information, Click Here .