Air force 14. 1 Small Business Innovation Research (sbir) Proposal Submission Instructions

PHASE III DUAL USE APPLICATIONS: Partner with AFLCMC/HBM (Airspace Mission Planning Division) to integrate IMPACT into Unit-Level Mission Planning and Force-Level Mission and Campaign Planning at Air Operations Centers (AOCs) and airborne gateway mission wings and squadrons.

REFERENCES:

1. Bonneau, R., Complex Cognitive Networking (multiple studies), AFOSR, 2010-2013.

AF141-047 TITLE: Air Force Weather Mobile Application

OBJECTIVE: Evaluate technologies, security and authentication mechanisms and services required to enable Air Force Weather (AFW) data and tailored products to be available to authorized and authenticated users on Android- OS (and potentially iOS) platforms.

DESCRIPTION: Bluetooth common access card (CAC) readers for Android (and others) smartphones and tablets are commercially available, and some configurations have already been analyzed by the Defense Information Systems Agency (DISA) (http://iase.disa.mil/stigs/net_perimeter/wireless/smartphone.html). However, it needs to be determined if all the required technology and approvals exist and only the Air Force Weather apps need to be written, or if there is a technology gap that must be solved first. And in the case of a technology gap, potential solution sets need to be identified and evaluated.
In this SBIR, we will investigate the current and near-term state of technology for military mobile applications to determine what is possible for supporting mobile application integration for Air Force Weather data and services. Specifically, the challenges of Android (and possibly other) mobile applications with Information Assurance (IA) requirements over mobile devices will be addressed for AFW web pages and services. Android applications and mobile devices have many challenges within DoD Information Assurance IT systems. Generally, a DoD IT system must apply for IA certification & accreditation (C&A) that have stringent guidance programs that must be addressed in order to receive an authority to operate (ATO) with a DoD Designated Approving Authority (DAA). This SBIR will investigate Cyber Security and IA best practices and determine how they are to be incorporated into the AFW application development process. When there is no solution resulting in a technology gap that must be addressed, potential solutions will be identified and evaluated.
For example, Android implements an application permission framework that provides the ability to control which operations are allowed for individual applications. This SBIR will determine the use of application permissions (e.g., obtain/grant access to capabilities of the Android device) and the rationale for defining new permissions for controlling inter-application access.
Using the DISA Android STIG and the Application Security and Development STIG as guidance for application authentication and access control, this SBIR will determine the approach for AFW Android mobile apps (e.g., multi-tier versus in-device) and identify the potential authentication points. Both the need for a DoD Public Key Infrastructure (PKI)-approved credentials and a CAC reader and password authentication will be addressed, as well as software security certificates, as an alternative to physical CAC authentication.
In addition, the SBIR will recommend solutions or identify technology gaps and potential solution sets for:

a. Use of standard Notice and Consent Banners

b. Data protection

- Encryption for data/databases on the Android device

- Encryption and integrity protection for data stored on and external SD card and/or alternatives to using an

external SD card

c. Reverse engineering protection (e.g., file permissions)

d. Secure programming practices for

- Input validation

- Injection attack avoidance (e.g., SQL, command)

- Digital signatures

- Android NDK or Java JNI

- Third-party libraries

e. Secure data communication

- Transport Layer Security (TLS) utilization

- Parameter content

f. Secure inter-app communication

- Securing Android intents

- Securing content providers

g. Secure application update process

h. Non-Android SDK applications

PHASE I: Determine if the technology and policy exists to deploy a secure authenticated AFW-WEBs application. If there is a technology gap, identify and evaluate potential solution sets. Design and demonstrate a prototype AFW- WEBS application on an Android device using approved authentication and authorization to securely access services and display product on a standalone and/or simulated network.

PHASE II: Develop a prototype that accesses and displays AFW-WEBS products and services, utilizing either CAC authentication or a software certificate to accomplish secure access over the NIPRnet environment and that can be fielded with authority to test (ATT). Demonstrate the suitability and effectiveness of this solution in exercises and test scenarios. The contractor will include in this effort the associated costs and schedule to demonstrate the AFW-WEBs mobile app to the user command.

PHASE III DUAL USE APPLICATIONS: Harden and integrate this mobile solution into the Air Force Weather Family of Systems. Demonstrate solution in an operational environment.

REFERENCES:

1. CAC Use on Mobile Devices; http://militarycac.com/mobile.htm.

AF141-048 TITLE: Integrating Tactical Weather Sensors with Mobile Devices and the AF Weather

Enterprise
KEY TECHNOLOGY AREA(S): Information Systems Technology

OBJECTIVE: Evaluate technologies to enable Air Force Weather sensing technologies, data and services to be available to authorized/authenticated users on mobile devices and data collected from tactical sensors to be integrated within the AF Weather enterprise.

DESCRIPTION: This SBIR will focus on using mobile devices and applications to integrate first-in deployed capabilities for the combat weather teams into the greater Air Force Weather Family of Systems (AFWFS). Specifically, this topic will determine methods to more effectively exploit modern communication and weather-sensing technologies to support automated data collection, processing, and dissemination to augment and assist the combat weather team. For example, the ability to link the Iridium satellite phone data connectivity capability with an Air Force Weather mobile device and software application that goes beyond basic voice capabilities (i.e., calling in weather observations) will provide valuable point data from denied areas to assist local military operations.
In this SBIR, we will be investigating the current and near-term state of technology for military mobile applications to determine what is possible for supporting mobile application integration for Air Force Weather sensing technologies, data and services. This SBIR will identify and use Cyber Security and information assurance (IA) best practices and demonstrate their use in automated AFW data collection, processing, and dissemination using mobile applications. In addition, this SBIR will identify the challenges and any technology gaps related to the limitations of mobile devices relative to automated AFW data collection, processing, and dissemination. For the technology gaps, potential solutions will be identified and evaluated.
The SBIR will also evaluate:

a) Sharing data from an AFW mobile device and software application on a tactical/forward-deployed network to make it available to the Air Force Weather Agency (AFWA) and command and control (C2) systems.

b) Using the AFW mobile device and software application to further synthesize local and external meteorological data to allow for the development and tailoring of data products to share with other tactical/forward-deployed systems and users.

c) Integrating AFW mobile devices and software applications with additional tools and data resources (e.g., weather sensors such as the TMQ-53 and Weather Pods, and tactical hardware and software such as the Joint Environmental Toolkit) to more fully support the local users and systems.

d) Making an AFW mobile application available for download and use by warfighters to allow them to get the local observation, forecast, and radar/satellite imagery.

e) Having an AFW mobile application on warfighter mobile devices support weather warnings, advisories, and alerts to enhance safety for friendly forces.

PHASE I: Determine if the technology and policy exists to securely integrate weather data collected from tactical weather sensors (e.g., Kestrel) into the AFW enterprise. If there is a technology gap, identify and evaluate potential solution sets. Design and demonstrate a prototype application on a mobile platform that processes and disseminates such data onto a standalone or simulated network.

PHASE II: Develop a prototype that securely integrates weather data collected from tactical weather sensors (e.g., Kestrel) on a tactical/forward deployed network to make available to the AFW enterprise, C2 user, and local warfighter/unit. Demonstrate the suitability and effectiveness of this solution with authority to test (ATT) in exercises and test scenarios. The contractor will include in this effort the associated costs and schedule to demonstrate the solution to the user command.

PHASE III DUAL USE APPLICATIONS: Harden and integrate this mobile tactical weather collection solution into the Air Force Weather Family of Systems. Demonstrate solution in an operational environment.

REFERENCES:

1. Kestrel Weather Meters; http://www.kestrelmeters.com/.
2. Team weathers the mission; http://www.af.mil/news/story.asp?id=123026095.
3. ESC Weather Programs; http://www.afceaboston.com/documents/events/cnsatm2011/Briefs/01-Monday/08-Dreher-HBAJ%20WeatherOverview.pdf.
4. METOC Handbook; http://www.dtic.mil/doctrine/doctrine/jwfc/metoc_hbk.pdf.
KEYWORDS: tactical weather sensors, secure mobile applications, secure data transmission, Android OS, iOS, Kestrel, Air Force Weather, mobile device software, observation, forecast

AF141-049 TITLE: Command and Control of Dynamic Traffic Prioritization (C2DTP) to Enable Mission-

Responsive Crypto-Partitioned Networks
KEY TECHNOLOGY AREA(S): Battlespace Environments
The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 5.4.c.(8) of the solicitation and within the AF Component-specific instructions. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws. Please direct questions to the AF SBIR/STTR Contracting Officer, Ms. Kristina Croake, kristina.croake@us.af.mil.

OBJECTIVE: Provide commander the ability to reprioritize traffic dynamically within a crypto-partitioned network to maximize mission responsiveness to changing battlefield needs. C2DTP provides commander graphical geospatial control over communications nodes.

DESCRIPTION: Network traffic prioritization is traditionally controlled by creating policies on a network's routers. This process is difficult, requiring highly-skilled information technology and security specialists, and, even with expert construction, the policies are often error-prone and subject to revision to invoke new or modified policies as battle space conditions and higher headquarters decisions change. Moreover, networks with cipher-text (CT) cores significantly complicate matters as black-side routers cannot distinguish encapsulated packets based on their original contents.
The Air Force seeks a quality of service (QoS) solution that is capable of disseminating prioritization policies, which are based on commander’s mission needs, over a CT core. The goal is to enable a network command authority to choose network traffic prioritization policies "on the fly" instead of being saddled with one-size-fits-all configurations for an entire mission.
If the network’s routing core were not crypto-partitioned (CT core), command-defined traffic prioritization could be realized with existing network QoS mechanisms (e.g., IntServ, DiffServ, SWAN) or through minor enhancements of these existing QoS mechanisms. However, the need to determine the priority of both ends of the flow, adjust to the highest priority, and then convey this information from the plain text (PT) side endpoints to the CT core routers along the path, is a major technology gap that needs to be closed.
The proposed solution should preserve the strict separation rules of crypto-partitioned tactical networks, i.e., no information from the original packet is conveyed in plaintext across the CT core. It should operate in the traditional policy-based QoS mode, as it does today, until override is requested by the commander's communications team. Furthermore, the solution should not introduce additional out-of-order delivery of application-layer packets. The solution should support different classes of traffic (e.g., fire control, voice, video stream, Web, e-mail) and dynamic prioritization within the traffic classes.
Commercial Potential: Internet service providers could use such an approach to offer data prioritization to their customers who employ virtual private networking over the Internet.

PHASE I: Develop concept through analysis and simulation. Provide means to represent communications nodes graphically and geospatially, allowing communications leads (JICO, A3, A6, Cyber Control) means to rapid reconfigure routing schemes without manual commands to routers. Provide means to prevent introduction of errors and misrouting through positive control of operator authority and set conditions.

PHASE II: Construct prototype system of C2DTP with means to demonstrate manual routing control and a simple geospatial routing control with innovative user interface (use [NASA] WorldWind, NGA [DoD] GoogleEarth, AGI STK, AgileClient, or similar geospatial GUI in use by USAF). Demonstrate how RF propagation and performance parameters (e.g., distance, ERP, BER, etc.) and compatibility of routed RF nodes are accommodated.

PHASE III DUAL USE APPLICATIONS: Migrate concept to tactical airborne network efforts. Commercial Potential: Internet service providers could use such an approach to offer data prioritization to their customers who employ virtual private networking over the Internet.

REFERENCES:

1. IntServ: RFC 2215, "General Characterization Parameters for Integrated Service Network Elements."

AF141-052 This topic has been removed from the solicitation.

AF141-054 TITLE: Advanced Indexing and Search for Efficient Information Discovery

OBJECTIVE: Research & develop an advanced indexing and search capability that combines Information Extraction and Information Retrieval methods to enable rapid identification & discovery of relevant information in large (web scale) volumes of textual data.

DESCRIPTION: Finding and extracting new knowledge from large volumes of textual data remains one of the most significant challenges to intelligence analysts. This problem spans across multiple intelligence domains (ex. Behavioral Influence, Command and Control), requiring systems to be adaptable in both a multi-domain and dynamic world environment. As the volume of data continues to grow beyond the capacity of intelligence analysts to cull through it, the need to identify relevant information in a timely manner further compounds the problem. Analysts need capabilities that support efficient identification and discovery of relevant information in web- scale document collections within a time-limited window of analysis.
Current tools for Information Retrieval (IR) are too general and current tools for Information Extraction (IE) are too specific to effectively meet the needs of intelligence analysts working in a continually changing environment. IR systems allow the analyst to cast a wide net when searching for information, do not require apriori knowledge of what the analyst will be looking for, and support serendipitous discovery of relevant information the analyst may not have known to look for. However, they fail to identify information in a narrower context and do not identify entities, events, and relations. IE systems, on the other hand, automatically identify entities, events, and relations and provide structured information from unstructured text. However, these systems must be customized apriori to the domains of interests, and the analyst is only able to find information that the system extracted.
The goal of this topic is to research and develop an advanced indexing and search capability that combines Information Retrieval (IR) and Information Extraction (IE) methods to: (1) dynamically model user information needs, including building models for retrieving entities, events, and relations; (2) rapidly search large (web scale) volumes of textual data to identify relevant information; (3) return relevant information with precision and recall which exceeds the current state-of-the-art; and (4) enable users to refine or change their information needs over time through interacting with the system. By combining IR and IE methods, and increasing user interaction with the system to model, persist, and refine their information needs, analysts will be better enabled to find a more complete set of relevant information from large volumes of textual data in a time- limited window of analysis than they would using IR or IE individually.

PHASE I: The goal of Phase I is to investigate advanced indexing and search capabilities that combine IE and IR methods to enable rapid identification and discovery of relevant information in large (web scale) volumes of textual documents. The investigation should produce a prototype design that considers multiple domains and entity, event, and relation types.

PHASE II: The goal of Phase II is to implement the Phase I design into a prototype system that can be demonstrated across multiple domains and entity, event and relation types. This phase would also include functional and performance testing of the prototype, and demonstration that the prototype meets the goals of this topic.

PHASE III DUAL USE APPLICATIONS: An advanced indexing and search application that combines IE and IR methods would benefit military intelligence analysts, as well as law enforcement and homeland security customers who need to rapidly identify relevant information in large volumes of textual data.

REFERENCES:

1. D. Bollegala, Y. Matsuo, & M. Ishizuka. “Relational Duality: Unsupervised Extraction of Semantic Relations between Entities on the Web.” WWW 2010, Raleigh, NC, April 26-30, 2010.

AF141-055 TITLE: Enhancing Real Time Situational Awareness with Latent Relationship Discovery

OBJECTIVE: Provide improved real-time situational awareness through discovery of unknown relationships across multiple structured and unstructured textual data sources.