Design and development of a web-based DOD PKI common access card (CAC) instruction tool

Abstract

Public key cryptography and the infrastructure that has been designed to successfully implement it: Public Key Infrastructure (PKI) is a very promising computer security technology. As a significant enhancement to this infrastructure, the DoD is now issuing smart card tokens, in the form of the Common Access Card (CAC), to its service members. This card is a relatively complex cryptographic device that contains its user's private keys, digital certificates, and other personal/administrative information. Service personnel are being issued these cards with little or no training regarding what they are or how they function. Such an omission detracts from the infrastructure's overall security. This thesis presents an introductory-level description of public key cryptography and its supporting infrastructure (PKI). The thesis then goes on to develop a web-based training tool that could provide all DoD CAC holders with the rudimentary knowledge of how their CAC fits into the broader infrastructure. The training tool will require no instructor, and will present a validation test to each user. DoD commands could utilize this tool to provide basic CAC training to their members.