Architecture for Issuing DoD Mobile Derived Credentials

dc.contributor.authorSowers, David Alberten
dc.contributor.committeechairClancy, Thomas Charles IIIen
dc.contributor.committeememberSilva, Luiz A.en
dc.contributor.committeememberShukla, Sandeep K.en
dc.contributor.departmentElectrical and Computer Engineeringen
dc.date.accessioned2015-12-24T07:00:25Zen
dc.date.available2015-12-24T07:00:25Zen
dc.date.issued2014-07-01en
dc.description.abstractWith an increase in performance, dependency and ubiquitousness, the necessity for secure mobile device functionality is rapidly increasing. Authentication of an individual's identity is the fundamental component of physical and logical access to secure facilities and information systems. Identity management within the Department of Defense relies on Public Key Infrastructure implemented through the use of X.509 certificates and private keys issued on smartcards called Common Access Cards (CAC). However, use of CAC credentials on smartphones is difficult due to the lack of effective smartcard reader integration with mobile devices. The creation of a mobile phone derived credential, a new X.509 certificate and key pair based off the credentials of the CAC certificates, would eliminate the need for CAC integration with mobile devices This thesis describes four architectures for securely and efficiently generating and delivering a derived credential to a mobile device for secure communications with mobile applications. Two architectures generate credentials through a software cryptographic module providing a LOA-3 credential. The other two architectures provide a LOA-4 credential by utilizing a hardware cryptographic module for the generation of the key pair. In two of the architectures, the Certificate Authority']s (CA) for the new derived credentials is the digital signature certificate from the CAC. The other two architectures utilize a newly created CA, which would reside on the DoD network and be used to approve and sign the derived credentials. Additionally, this thesis demonstrates the prototype implementations of the two software generated derived credential architectures using CAC authentication and outlines the implementation of the hardware cryptographic derived credential.en
dc.description.degreeMaster of Scienceen
dc.format.mediumETDen
dc.identifier.othervt_gsexam:2994en
dc.identifier.urihttp://hdl.handle.net/10919/64351en
dc.publisherVirginia Techen
dc.rightsIn Copyrighten
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/en
dc.subjectDerived Credentialsen
dc.subjectPublic Key Infrastructureen
dc.subjectCommon Access Carden
dc.subjectDepartment of Defenseen
dc.subjectx509en
dc.subjectMobile Phoneen
dc.titleArchitecture for Issuing DoD Mobile Derived Credentialsen
dc.typeThesisen
thesis.degree.disciplineComputer Engineeringen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.levelmastersen
thesis.degree.nameMaster of Scienceen
Files
Original bundle
Now showing 1 - 2 of 2
Loading...
Thumbnail Image
Name:
Sowers_DA_T_2014.pdf
Size:
1.64 MB
Format:
Adobe Portable Document Format
Loading...
Thumbnail Image
Name:
Sowers_DA_T_2014_support_1.pdf
Size:
421.35 KB
Format:
Adobe Portable Document Format
Description:
Supporting documents
Collections