AFRL’s plan to make smartphones, tablets more secure

The Air Force is looking for innovative ways to secure smartphones and tablets, under a four-year, $24 million program to make authentication, data transmission, storage and other functions on mobile devices secure enough for government use.

The service began distributing Apple and Android devices in February 2013, allowing their use for email, documents, social media and other applications within the Defense Department’s guidelines for mobile device security. But those guidelines mostly concern how devices are used — the Air Force is looking for ways to make commercial devices themselves more secure.

One challenge for mobile security is authentication via DOD’s Common Access Card, which requires a card reader in a sleeve or other attachment, which can make a device bulky. In its Broad Agency Announcement, the Air Force Research Laboratory’s (AFRL) Information Directorate said a possible alternative would be to store a secure, read-only access certificate on a phone’s micro or nano SD card that could handle CAC authentication without a reader.

Another possibility could be using near field communication technology already on many phones to access certificates, although such a process would require additional security steps. The BAA notes that Black Hat conferences are rife with demonstrations of how to exploit commercial NFC technology.

AFRL is soliciting white papers on designated focus areas for each year from fiscal 2015 through 2018. Along with SD card certificate storage and NFC, focus areas for 2015 include automated identification and mitigation of malware, and the ability to provide situational awareness across multiple domains.

Down the road, focus areas will cover secure data containers, adaptive filter workflows, cross-domain load balancing and failover, new approaches for incorporating biometrics into mobile devices, several cross-domain functions and the ability to generate raw text files from image files and streaming formats.

Agencies across government have been steadily moving toward mobile devices for everyone from office workers to soldiers in theater. But security and effective mobile device management have remained areas of concern. AFRL’s program, if successful, could improve the security and usability of the devices other agencies as well.

Submissions for the fiscal 2015 focus areas are due by Jan. 30 this year.