Security Strategies for Mixed Use Mobile Computing Devices
Small Business Information
67 S Higley Road, Suite 103-105, Gilbert, AZ, -
AbstractEffective protection for data-at-rest in mobile devices cannot be achieved by merely adding encryption and integrity features. Current smartphones contain hundreds of vulnerabilities that allow malware to overcome an App's containment (e.g. sandbox) to access and exfiltrate sensitive data and data protection capabilities. SecureComm proposes the Data@Ease 2.0 software development framework for Android Apps as a comprehensive, malware resistant, data-at-rest solution that provides two-layer COTS protection for data and additional anti-tamper sandboxing. To protect keys and data from exfiltration and modification by malware, Data@Ease 2.0 provides transparent cryptographic protection for data-at-rest and data-in-transit using open source cryptographic libraries, enhanced with anti-tamper technology, and a key management hierarchy with an authenticated Root-of-Trust. Data@Ease 2.0 is an enhancement of SecureComm"s Data@Ease 1.5 framework which provides APIs for the open source cryptographic libraries and both an App and end-user authentication service. Data@Ease 2.0 is suitable for tactical JTRS radio and enterprise networks alike, providing a strong authentication service without the key management and certification entanglements of other solutions. The Auth Service provides crucial protection of user and App credentials, providing strong protections against unauthorized use of those credentials to access network resources. Data@Ease 2.0 can be extended with CAC card access.
* information listed above is at the time of submission.