| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Finally, you can manage your Google Docs, uploads, and email attachments (plus Dropbox and Slack files) in one convenient place. Claim a free account, and in less than 2 minutes, Dokkio (from the makers of PBworks) can automatically organize your content for you.

View
 

Improving Security for Mobile Apps

Page history last edited by Prabhas Pokharel 11 years, 4 months ago

The session was proposed and initiated by Nathan Freitas and focuses on four general areas -- security, privacy, anonymity, and technology.

 

Anonymity Needs

 * Dataset anonymity at collection point -- by indirection?

 * Anonymous redialer -- Google Voice, OpenBox.com possible tools

 * Short messages are easier to anonymize

 * TOR on the Android phone (see http://openideals.com/2009/10/22/orbot-proxy/)

  -- Avoids man-in-the-middle attack

  -- Also used by law enforcement

 * Make anonymity and anti censorhip the everyday habits

 * All phones support VPN now -- why shouldn't we all use it?

 * Proper government regulation is necessary to

 * Spoofing: packets look innocent and don't draw attention.

   - HayStack mentioned as stegonagraphy tool

 

Privacy+Security Needs

 * Dialer on Android is open source so can program to not log (select) calls.

 * See Shadow -- browser that doesn't log.

 * Documentary film -- subjects at more risk with new media exposure.

 * Citizen journalism -- Ushahidi, frontline SMS, Alive Iran,  SMS reports, voice calls.

    -> Reporting exposes you. Problem with crowdsourcing as well.

 * Education/guidelines about security, paranoia

 * Encrypting draws attention -- sometimes better to be clear

 * World Institute for Mobile Privacy (WIMP)

 * Mobile Active has a mobile security guide (http://mobileactive.org/howtos/mobile-surveillance-primer)

 * Using secure gmail

   -- Reports in Burma that man in the middle attacks are launched. The Internet Service Provider gives you a fake SSL cert, so you think you are secure, but you are not.

 * A "HELP I'M CAPTURED' beacon

   -- Involves 911/GPS alert/Wipe of Device

 * Possible worries

     -- Tracking in repressive countries

     --  Matching by computers.

     --  Traffic analysis

* Possible use: Mediation and Negotion

   -- requires confidentiality as migrating from web to mobile technology

 

Tools/Technology for Supporting Security

 

Name Platform Privacy (network), Encryption (device), Anonymity
CryptoSMS J2ME P, E
Crypto apps Android P, E
Remote Wipe Android P
Orbot (TOR) Android P, E, A
Shadow (Browser) Android P (doesn't log)
OpenVPN Smartphones P, E
PPPT    
Guardian Android P, E, A
SIPdroid Android P, E, voice
Skype iPhone, Windows Mobile

P voice

 

 

XMPP Android  (can be secured)

OTR (off the record) messaging

 

Comments (0)

You don't have permission to comment on this page.