Security Strategies for Mixed Use Mobile Computing Devices

Award Information
Agency: Department of Defense
Branch: Navy
Contract: N66001-12-P-5108
Agency Tracking Number: N112-168-0761
Amount: $79,563.00
Phase: Phase I
Program: SBIR
Awards Year: 2012
Solicitation Year: 2011
Solicitation Topic Code: N112-168
Solicitation Number: 2011.2
Small Business Information
SecureComm, Inc
67 S Higley Road, Suite 103-105, Gilbert, AZ, -
DUNS: 003083420
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 David Wheeler
 Principal Engineer
 (480) 577-7042
 david.wheeler@SecureCommConsulting.
Business Contact
 Jill Wheeler
Title: Vice President
Phone: (480) 577-7043
Email: jill.wheeler@securecommconsulting.c
Research Institution
 Stub
Abstract
Effective protection for data-at-rest in mobile devices cannot be achieved by merely adding encryption and integrity features. Current smartphones contain hundreds of vulnerabilities that allow malware to overcome an App's containment (e.g. sandbox) to access and exfiltrate sensitive data and data protection capabilities. SecureComm proposes the Data@Ease 2.0 software development framework for Android Apps as a comprehensive, malware resistant, data-at-rest solution that provides two-layer COTS protection for data and additional anti-tamper sandboxing. To protect keys and data from exfiltration and modification by malware, Data@Ease 2.0 provides transparent cryptographic protection for data-at-rest and data-in-transit using open source cryptographic libraries, enhanced with anti-tamper technology, and a key management hierarchy with an authenticated Root-of-Trust. Data@Ease 2.0 is an enhancement of SecureComm"s Data@Ease 1.5 framework which provides APIs for the open source cryptographic libraries and both an App and end-user authentication service. Data@Ease 2.0 is suitable for tactical JTRS radio and enterprise networks alike, providing a strong authentication service without the key management and certification entanglements of other solutions. The Auth Service provides crucial protection of user and App credentials, providing strong protections against unauthorized use of those credentials to access network resources. Data@Ease 2.0 can be extended with CAC card access.

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government