Information-Centric Security

Abstract : Under Phase I, the TecSec team focused on applying information centric security in a commercial medical and healthcare scenario. Use cases showed the utilization of a portable electronic device (PED) to assure information resident on the PED. However, the platform is not well protected as information is moved along from the host PED to its final destination. As governed by laws (i.e., Healthcare Information Portability and Accountability Act or HIPAA), medical information must be assured of its confidentiality, integrity and availability (CIA). Cryptography can be used for access control enforcement. It is further recognized that an efficient key management must be emplaced to accommodate the mobile operating environment where it is often represented by a dynamic, ad-hoc environment. In order to access the feasibility of such a security design, the Team assesses the feasibility of such a design alternative. In line with the certification and accreditation, a hardware implementation of asymmetric key management was examined. The use of a field programmable gate array (FPGA) was examined, benchmarked and validated. In order to capitalize on the fast moving commercial market, we evaluate the buy vs. make option and recommend that an initial design is to host the information centric security solution on a PED platform which is the HP/Compaq iPAQ h5500 Personal Digital Assistant (PDA). A Phase II 5-Page Plan, which focuses on the benefits for Future Naval Capabilities, was submitted on February 4, 2003.