Security Strategies for Mixed Use Mobile Computing Devices

Award Information
Agency:
Department of Defense
Branch
n/a
Amount:
$79,563.00
Award Year:
2012
Program:
SBIR
Phase:
Phase I
Contract:
N66001-12-P-5108
Award Id:
n/a
Agency Tracking Number:
N112-168-0761
Solicitation Year:
2011
Solicitation Topic Code:
N112-168
Solicitation Number:
2011.2
Small Business Information
67 S Higley Road, Suite 103-105, Gilbert, AZ, -
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
003083420
Principal Investigator:
DavidWheeler
Principal Engineer
(480) 577-7042
david.wheeler@SecureCommConsulting.
Business Contact:
JillWheeler
Vice President
(480) 577-7043
jill.wheeler@securecommconsulting.c
Research Institute:
Stub




Abstract
Effective protection for data-at-rest in mobile devices cannot be achieved by merely adding encryption and integrity features. Current smartphones contain hundreds of vulnerabilities that allow malware to overcome an App's containment (e.g. sandbox) to access and exfiltrate sensitive data and data protection capabilities. SecureComm proposes the Data@Ease 2.0 software development framework for Android Apps as a comprehensive, malware resistant, data-at-rest solution that provides two-layer COTS protection for data and additional anti-tamper sandboxing. To protect keys and data from exfiltration and modification by malware, Data@Ease 2.0 provides transparent cryptographic protection for data-at-rest and data-in-transit using open source cryptographic libraries, enhanced with anti-tamper technology, and a key management hierarchy with an authenticated Root-of-Trust. Data@Ease 2.0 is an enhancement of SecureComm"s Data@Ease 1.5 framework which provides APIs for the open source cryptographic libraries and both an App and end-user authentication service. Data@Ease 2.0 is suitable for tactical JTRS radio and enterprise networks alike, providing a strong authentication service without the key management and certification entanglements of other solutions. The Auth Service provides crucial protection of user and App credentials, providing strong protections against unauthorized use of those credentials to access network resources. Data@Ease 2.0 can be extended with CAC card access.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government