Both the DOD and IC have significant appetite to leverage Commercial Off-The-Shelf (COTS) mobile devices on both unclassified and classified networks. For the unclassified use scenario, these mobile devices may be enterprise owned or personally owned (governed by a Bring Your Own Device policy). Given the limited battery and CPU on mobile devices, ensuring mobile end point integrity and attestation is a significant challenge. This project shall research mechanisms to improve client attestation for mobile and points connecting to cloud based secure handheld hosted on DOD/IC networks. This shall include researching; client masquerading,""background""monitoring, rooted device detection, application""cracking""detection, ARM Trustzone security extentions, software TPM and TCG software stack, use of hardware MTM modules, smartcard based client attestation, and client attestation using e-fuses.
Benefit: The most important anticipated benefits of this research shall be improved cypher security for mobile devices in the DOD and IC. If security and attestation techniques are conceptualized in the performance of a phase I award resulting from this proposal, Droidcloud intends to further develop those techniques as part of a phase II award, and will then look to transition these techniques into its COTS products.
