Peraton Labs’ SecureIO Transport Layer Security (TLS) software significantly accelerates the fielding of mission-critical applications on Android devices

Peraton Labs’ second generation SecureIO TLS software completes independent National Information Assurance Partnership (NIAP) testing and is listed as an approved product for Commercial Solutions for Classified (CSfC)

Peraton Labs’ SecureIO TLS v2.0.4 dramatically reduces the time and cost to field applications on Android devices in CSfC deployments. It provides a NIAP-approved common, shared TLS encryption function, which can be used by every application deployed on the end user device (EUD) — from email clients and web browsers to specialized multicast applications such as the Android Tactical Assault Kit (ATAK). SecureIO TLS eliminates the need for each installed application to implement its own transport security and obtain its own NIAP certification, providing dramatic reductions in the time and resources needed to approve, test and field applications on Android devices, including tablets and smartphones.

Initially approved in 2018 under the Perspecta Labs name, SecureIO TLS is a proven product that has been licensed by over 15 customers for use on more than 750 EUDs. Licenses for SecureIO TLS Android application software and the companion SecureIO TLS Gateway software are available for purchase directly from Peraton Labs ( SecureIO TLS v2.0.4 is part of Peraton Labs’ SecureIO product suite, which offers software products and tools that deliver substantial cost and time savings for CSfC mobile access deployments.

The National Security Agency’s CSfC program establishes requirements for government agencies to safely use wireless networks and commodity hardware for classified communications. Using NIAP-approved commercial products, registered CSfC solutions can protect classified data with lower cost, greater functionality and more immediate availability than legacy approaches to information assurance. For mobile devices, the CSfC Mobile Access Capability Package (MACP) imposes per-application certification requirements that, without SecureIO, are expensive and time-consuming. These requirements create a high barrier to entry for each Android application, particularly impeding the deployment of government off-the-shelf applications onto classified devices.

Using Peraton Labs’ SecureIO TLS software, agencies can rapidly install a wide variety of applications on Android devices without going through the long, costly review and approval process for each application. SecureIO TLS consists of the SecureIO application software, which is installed on the Android device to provide a virtual private network (VPN) tunnel interface, and the SecureIO VPN gateway, which provides a Linux-based VPN gateway / server component. An approved IPSEC VPN client can provide a second, diverse layer of encryption to meet CSfC requirements.

Key features of SecureIO TLS include:

  • Support for all common off-the-shelf and native network applications, such as email clients, web browsers, chat systems, and VoIP clients.
  • Support for off-the-shelf ATAK, without requiring any modifications to ATAK or the CSfC-compliant device configuration
  • Encryption and forwarding of multicast traffic to/from Android devices in both classified and unclassified use cases
  • Network-awareness: An optional SecureIO TLS network-aware capability automatically detects network change and creates a new secure tunnel to whichever SecureIO Gateway is reachable on the local network segment; it is particularly suited for tactical networks where individual mobile devices roam among network fragments that may at times be disconnected from each other.

SecureIO Product Suite

  • SecureIO Rapid Provisioner for Android and for Windows: software tool that automates CSfC deployment and reduces per-device configuration time from multiple hours to a few minutes
  • SecureIO TLS: application software and companion gateway that enable the fielding of mission-critical applications on CSfC-compliant Android devices.
  • SecureIO VPN Chaining Manager: optional component for Android that works with SecureIO TLS to establish and enforce the chaining of two independent VPNs, forming an outer tunnel and an inner tunnel
  • SecureIO Over-the-air (OTA) Certificate Manager for Android and for Windows: OTA certificate monitoring tool that automatically and securely requests and installs updated PKI certificates
  • SecureIO CSfC Status Monitor for Android and for Windows: standalone software component that monitors network connectivity on the device and displays status to the end user

​​​Learn more about Peraton Labs