SBIR-STTR Award

Commercially available hardware based technologies employed to aid in securing Android-based mobile platforms are closed and proprietary in nature. They often rely upon unsophisticated brute force attempts to lock-down mobile devices in order to prevent rogue code being executed on the device or unapproved people for accessing data. However, such methodologies greatly impact the devices utility and makes it extremely difficult for the sailor to use one device to support multiple mission objectives. Emerging software-based security technologies are flawed in similar ways and also artificially and sub-optimally prevent device utility. The tools and methodologies developed under this topic should support users in their day-to-day activities. The goal of this topic is to reduce the current workload of the Warfighter, rather than create new functionality or capabilities. This topic is focused on novel or innovative methods that will alleviate Android OS and application security concerns and serve as enabling technology for deploying modern Android devices in a DOD environment.

Benefit:
Mobile devices are used in the enterprise in nearly every corporation. With the growing number of devices, models and operating systems available, businesses are facing new and complex challenges. Added risks associated with employee-owned devices accessing corporate data, and sensitive information exchanged or stored on mobile devices poses a significant threat to corporate security. Security for mobile devices, applications and content is a paramount concern in a mobility management strategy in every corporation. The ability to quickly enroll devices in your enterprise environment, configure and update device settings over-the-air, enforce security policies and compliance, secure mobile access to corporate resources, and remotely lock and wipe managed devices. A hardware-agnostic solution can ensure the security of all devices, whether they are corporate-owned, corporate-shared or employee-owned.

Keywords:
Android, Android, management, remote, Hardened, security, mobile, toolkit

Progeny will establish the Android Security Toolkits requirements by analyzing the KNOX specific STGs. Progeny will utilize the Samsung KNOX SDK to create a MDM device application and a web based administration console to comply with the Samsung Android with the KNOX STIGs. Progeny will develop test cases based on the Samsung Android with KNOX specific STIGs to validate that our solution meets all IA requirements set forth by DISA. Once, the solution is validated, we will create ATO package for approval and submit to FLEETCYBERCOM. Progeny will take the EDL Windows Mobile application and create an updated native Android application.

Benefit:
Mobile devices are used in civilian enterprises in nearly every corporation. With the growing number of devices, models and operating systems available, businesses are facing new and complex challenges. Added risks associated with employee-owned devices accessing corporate data, and sensitive information exchanged or stored on mobile devices poses a significant threat to corporate security. Security for mobile devices, applications and content is a paramount concern in a mobility management strategy in every corporation. The ability to quickly enroll devices in your enterprise environment, configure and update device settings over-the-air, enforce security policies and compliance, secure mobile access to corporate resources, and remotely lock and wipe managed devices. By providing an android security solution, Progeny Systems can ensure the security of all devices, whether they are corporate-owned, corporate-shared or employee-owned. Progeny Systems could also couple the security toolkit with Maintenance Works (mWorks), a software suite of maintenance applications for sale through IBM and Maximo that make use of handheld devices.

Keywords:
security, Android, STIG compliant, Mobile Device Management