SBIR-STTR Award

The requirement to support two factor authentication within tactical environments requires the balancing of security with efficacy. Sailors must be able to quick-swap on displays without requiring full operating system logoff/login. Disconnected networks are supported to meet requirements without relying upon PKI. Simple proximity badges with large-format PIN will allow an inexpensive modification within requirements to accommodate hoods and gloves sometimes in use. A centralized ability to provision user credentials, group membership, and the ability to reset proximity badges will allow onboard self-service by the crew. Authorized ship command personnel will be able to bypass authentication during emergency mission conditions to meet effective and responsive command and control. By providing an API via the Cybersecurity hub, additional subsystems may leverage this capability as well. As a natural extension of ship Cybersecurity, centralized and adjustable two factor authentication will support multiple modes and inexpensive provisioning of this vital component.

Benefit:
The ability to provide Dual Authentication meets a basic requirement and thus delivers immediate resolution of outstanding deficiencies. By extending the ability to apply it across other subsystems as an API, as well as providing onboard self-service, we are providing an ultimately flexible and standards-compliant solution that will be applicable in numerous situations in which PKI is not consistently available. Therefore, commercial applicability of this type of flexible authentication extends to all systems with the potential to be disconnected from the global grid while still maintaining proper authentication. Given the plethora of mobile platforms across Navy, Army, and Air Force environments, this is easily applicable across a wide swath of opportunities. Non-DoD applications include the ability for flexibility, periodic disconnection, and the need to enforce security when PKI networks are interrupted, therefore having applicability across multiple industries and situations requiring secure authentication.

Keywords:
cybersecurity, cybersecurity, Resiliency, Tactical, authentication, Disconnected, Responsiveness

Two Factor Authentication is cumbersome using traditional methods, and given unique constraints of tactical networks responsible for Ship Safety/Self Protect, in which operating system login/logoff causes undo delays. Use of Internet or local certificate authority to support PKI does not align with disconnected networks and could cause fatal delays. Multi-Factor Authentication Service Architecture (MuFASA) within this SBIR effort leverages RFID tokens, delivering separation from operating systems, independence from certificate authorities, and resilience via disconnected survivability while delivering a highly usable and responsive architecture that provides shipboard provisioning, inexpensive COTS hardware, STIG-compliance, and enables modified levels of authentication to support ship missions, and is extensible to support groups and any combination of devices, users, and privileges for highly configurable tactical access control.

Benefit:
The potential application of this solution extends far beyond shipboard computer systems. It is applicable to physical access control such as server racks, HM&E devices, workspaces, and dynamically changing physical space. Beyond ships, this solution is suitable for all land-based networks and a wide range of access control, including physical, dynamic, temporal, and spatial dimensions.

Keywords:
RFID, authentication, Multifactor, spatial access, Access Control, Two-Factor, Temporal Access