Use of a secure portable application device as a component of network centric operations

Authors

Peter James, Edith Cowan University

Document Type

Journal Article

Publisher

Edith Cowan University

Faculty

Faculty of Computing, Health and Science

School

School of Computer and Security Science / Centre for Security Research

RAS ID

8808

Comments

James, P. (2009) Use of a Secure Portable Application Device as a Component of Network Centric Operations. Journal of Information Warfare, 8 (3). Available here

Abstract

Network Centric Operations (NCO) allows an organisation to structure its people, processes and technology to gather and process information to ensure the right information gets to the right person at the right time in and the right form. NCO enables an organisation to achieve information superiority, and hence gain a competitive advantage.

A secure Portable Application Device (PAD) provides a safe and secure method of loading a trusted application into a host PC and then executes the application. A secure PAD is characterised as a USB storage device containing a trusted application which is stored in a protected partition to ensure the application is separated and protected and its integrity is preserved. The device will typically provide strong authentication to only allow an authorised user to load the trusted application into the host PC and full storage encryption to protect the confidentiality of the contents of the device. A secure PAD can be issued by an organisation to an individual to perform a secure transaction on an available host PC. The secure PAD will reduce the risk to the organisation that neither malicious software (resident on the host PC) will infect the secure PAD, nor sensitive data remnants (resulting from the transaction) will remain on the host PC hard disk drive after the secure PAD has been removed.

This paper considers how secure PADs can be utilised in a network centric organisation. The characteristics of NCO are identified and the functionality and capabilities of secure PADs are described. Using the characteristics of NCO and a specific use scenario an analysis is performed to determine whether a secure PAD is a suitable tool for a network centric organisation.