Security concerns in accessing Naval e-Learning with personal mobile devices

Abstract

The purpose of this study was to investigate the feasibility of using personal mobile devices for Naval e-Learning (NeL). Another objective was to find out which mobile device and which method of authentication offers the most practical and secure form of essentially bring your own device (BYOD). The use of personal mobile devices to access NeL is a form of BYOD. Finally, Virtual Desktop Infrastructure (VDI) was examined in this study as another secured means to access NeL from BYOD. This study tested the various mobile devices that were Department of Defense (DOD) approved for network use. The study also tested the Common Access Card (CAC) readers that are approved by DOD for CAC authentication against the approved mobile devices. Then the mobile devices and CAC readers’ functionality were tested in a VDI environment to examine the various layers of security that could be implemented when using BYOD on DOD networks to maintain the necessary level of information protection. The results of this study show the iOS devices were capable of accessing NeL training site via the approved CAC readers. However, the iOS devices could only access and enroll, they were unable to launch training due to Flash not being supported by the native browser, the language used to develop NeL training. The results also revealed attempts to use the iOS device and CAC in a VDI to be unsuccessful as a work around to the Flash issue with the iOS browser. The principal conclusion is that through the use of multi-layer security BYOD could be used to access NeL— making it truly available “whenever and wherever.” There is also a need to look into ways authentication can be done without the use of hardware readers. Finally, there is also the need to develop training to support multiple browsers.