Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Devices in the DoD

Published byErica Flory Modified over 10 years ago

Similar presentations

Presentation on theme: "Mobile Devices in the DoD"— Presentation transcript:

1 Mobile Devices in the DoD
Michael P. Butler DMDC Deputy Director for Identity Services and Personnel Security / Assurance June 18, 2013

2 Background Challenges:
DoD Component - desire to improve usability of PKI on emerging mobile computing environments Dislike of smart card sleds and dongles (due to form factor challenges and bulkiness) Activity: DMDC is working within the Department’s identity management community to examine ways to improve the user experience by conducting several proof of concepts

3 Authentication on Mobile Devices (DoD’s Thought Process)
US Government employees must use Personal Identity Verification (PIV) smart cards for authentication HSPD-12 and FIPS 201 Office of Management and Budget (OMB) Memorandum M-11-11 Successful usage for Windows laptops and workstations Strong Authentication to Windows, applications and networks Signing and encrypting s / documents Mobile Devices must meet the same use case as desktop environment Use existing identity investment as much as possible

4 Authentication on Mobile Devices
Challenges Same needs as on our office computers Sign, send, and encrypt Web authentication Hardware challenge: Connecting the smartphone to a smart card (or similar strong credential) Software challenge: Lack of native OS/device secure application Lack of centralized cryptographic service to allow extension of PKI to other applications on the device Lack of smart card middleware to connect smart card (or similar strong credential) to device applications Standard secure encrypted channel for NFC and contactless

5 Why Pursue NFC with CAC? Just place the card on the back of the phone! Leverage the user’s dual-interface card No reader required, with differences based on mobile device No new derived credential to procure and manage Works with majority of devices Nine out of the top ten smartphone manufacturers have released Near Field Communications (NFC) enabled handsets Other business needs within DoD to enable secure contactless transactions with CAC Transit E-purse

6 Authentication on Mobile Devices DMDC Proof of Concept 1
Commercial Android OS mobile device (ice cream sandwich) Enabled contactless access on CAC applets Prototype Secure app (DMDC developed) Custom interface to connect CAC to Secure app (DMDC developed) Demonstrated: Sign/encrypting Reading signed CHUID from card Lesson learned: Timeout challenges with cards and device Device side—NFC parameters are too short (had to recompile OS) Card side—the implementation of FIPS 140 crypto self-checks takes too much time. Need to secure the communication channel between card and device via ANSI 504 Opacity Need standard PKCS#11 or Microsoft mini driver implemented on device

7

8 Authentication on Mobile Devices DMDC Proof of Concept 2
Commercial Android OS mobile device DISA Mobility Lab managed devices with Good Technology products DISA Mobility lab test accounts Enable contactless access on CAC prototype CAC 2.7.x applet structure 3rd party secure app Prototype 3rd party mobile CAC middleware Test DoD PKI end-user certificates Target Use Case: Sign/encrypt Web Authentication

9 DMDC’s Vision Smart Card Side: Mobile Device (hardware):
CAC implementing draft FIPS sequences for cryptographic algorithm self-checks CAC enabled to support PKI function over contactless interfaces CAC containing secure contactless capabilities (i.e., ANSI 504 OPACITY ZKM implementation) Information on implementation/standard is posted on Smart Card Alliance website at Mobile Device (hardware): Support for NFC Support for NFC implementing ISO 7816 PPS like functions or improved timing Mobile Device (software) Out of the box SMIME enabled mail client Out of the box PKI enable web browser Native OS certificate management store Native OS implementation of ANSI 504 OPACITY enabled PKCS #11 module or mini driver

10 Project Milestones The Mobile-enabled CAC
November 2012: POC Part 1—Complete July/August 2013: POC Part 2 Enabling secure contactless access on CAC applets with OPACITY CAC Middleware for Android with OPACITY Commercial Application Non production credentials; 20 to 30 users 2014: Potential Production Pilot Targeting FIPS Compliance Production credentials

11 Authentication on Mobile Devices List of Options DoD is Examining
Method User Experience FIPS 201 Compliance Availability Cost Bluetooth Reader Poor Yes Today $$$$ Connected Reader Poor to Reasonable $$ Derived Credential in secure microSD Good In process (FIPS 201-2) Proof of concept $$$ Derived Credential in UICC / SIM Concept Derived Credential in Embedded SE Built-in NFC Reader Good / Reasonable In process (FIPS 201-2) Proof of Concept $

12 Take Away Messages It is possible to use contactless cards with NFC-enabled mobile devices It is possible to use a secure contactless interface compliant with US Government standards This represents one of several viable options to provide strong authentication services on mobile devices DMDC is working to make this NFC solution a reality in the US Department of Defense by building on a protocol solution (not a vendor solution) Extent of how protocol can be adopted Transit Opacity (readers)

Download ppt "Mobile Devices in the DoD"

Similar presentations

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.

For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.
Eclipse, M2M and the Internet of Things

Eclipse, M2M and the Internet of Things
Interchange fees and innovation in retail payment systems Marc Bourreau, Telecom ParisTech 1.

Interchange fees and innovation in retail payment systems Marc Bourreau, Telecom ParisTech 1.
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Status of U.S. Smart Card Deployment Jim Dray Porvoo 7/ World eID Meeting May 2005.

Status of U.S. Smart Card Deployment Jim Dray Porvoo 7/ World eID Meeting May 2005.
End Slide Format DO NOT place photos or additional text boxes on this slide. An ASSA ABLOY Group brand PROPRIETARY INFORMATION. © 2013 HID Global Corporation/ASSA.

End Slide Format DO NOT place photos or additional text boxes on this slide. An ASSA ABLOY Group brand PROPRIETARY INFORMATION. © 2013 HID Global Corporation/ASSA.
Smart Identity Protection That Works for You and Your Users 2 Petri Ala-Annala Senior Principal, CISSP-ISSAP, CISA, CISM.

Smart Identity Protection That Works for You and Your Users 2 Petri Ala-Annala Senior Principal, CISSP-ISSAP, CISA, CISM.
Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.
Security for Mobile Devices

Security for Mobile Devices
November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.
Securing Emerging Mobile Technology JOHN G. LEVINE PH.D. D/CHIEF ARCHITECTURE GROUP 13 SEP 2012 1.

Securing Emerging Mobile Technology JOHN G. LEVINE PH.D. D/CHIEF ARCHITECTURE GROUP 13 SEP
© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5, 2013 www.secureauth.com.

© 2012 SecureAuth. All rights reserved. 2-Factor Authentication and Single Sign-On in a Mobile World Thursday, December 5,
New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014

New Release Announcements and Product Roadmap Chris DiPierro, Director of Software Development April 9-11, 2014
SAMSUNG AUSTRALIA Paul Suhr Channel Sales Manager Device & operating system alternatives – what’s here and what’s on the horizon.

SAMSUNG AUSTRALIA Paul Suhr Channel Sales Manager Device & operating system alternatives – what’s here and what’s on the horizon.
Brian Epley, VA PIV Program Manager

Brian Epley, VA PIV Program Manager
NIH is a Valuable Place with Valuable People: We Need to Protect it! Cyber threat is one of the most serious economic and national security challenges.

NIH is a Valuable Place with Valuable People: We Need to Protect it! Cyber threat is one of the most serious economic and national security challenges.
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)

- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Similar presentations

Ads by Google