http://www.androidpolice.com/2011/10/13/nsa-and-google-developing-hardened-android-kernel-for-government-communication-will-be-more-secure-than-blackberry

Anders

--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To post to this group, send email to android-security-discuss@googlegroups.com.
To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.

Search Discussions

  • Kevin Chadwick at Oct 19, 2011 at 4:35 pm
    I've only been to androidpolice a couple of times and it's now gonna
    have to work hard to get any recognition from me.

    "One day after android reaches "CLASSIFIED" it might get to the
    blackberry level".

    Sorry, but what a load of xxxx rubbish.

    Blackberry servers have to be locked down to get restricted and the
    phone OS and server were replaced, after barrack insisted on keeping his
    Blackberry. I imagine just a simple mail client (without html, an
    option android should have) connected via vpn to a secure server.


    Then other rediculous comments (which I realise androidpolice has no
    control of) like replacing radios with mobile phones for security
    reasons.

    Mobile networks are completely insecure. There are secure jam resistant
    radios, but so far DATA has been prohibitively slow and in the uk the
    limited bandwidth was swallowed up by voice. Hopefully mobile network
    security will improve by finally getting rid of gsm completely, it
    certainly would if there was awareness of how easily gsm can be
    decrypted. Even then there's another good reason that there is no point
    going into why the phone network shouldn't be used for this type of
    thing.


    In fact, a mobile phone is even worse than an old cb radio on a standard
    channel if you think it's secure because it's encrypted. (False sense of
    security)


    Maybe it will help get rid of the enterprise managers who say "windows
    and cisco is certified" and then use a web browser on their
    exchange box. :-)

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Anders Rundgren at Oct 19, 2011 at 6:38 pm
    Kevin,

    This project only targets the kernel.
    That's good place to start.

    Anders
    I've only been to androidpolice a couple of times and it's now gonna
    have to work hard to get any recognition from me.

    "One day after android reaches "CLASSIFIED" it might get to the
    blackberry level".

    Sorry, but what a load of xxxx rubbish.

    Blackberry servers have to be locked down to get restricted and the
    phone OS and server were replaced, after barrack insisted on keeping his
    Blackberry. I imagine just a simple mail client (without html, an
    option android should have) connected via vpn to a secure server.


    Then other rediculous comments (which I realise androidpolice has no
    control of) like replacing radios with mobile phones for security
    reasons.

    Mobile networks are completely insecure. There are secure jam resistant
    radios, but so far DATA has been prohibitively slow and in the uk the
    limited bandwidth was swallowed up by voice. Hopefully mobile network
    security will improve by finally getting rid of gsm completely, it
    certainly would if there was awareness of how easily gsm can be
    decrypted. Even then there's another good reason that there is no point
    going into why the phone network shouldn't be used for this type of
    thing.


    In fact, a mobile phone is even worse than an old cb radio on a standard
    channel if you think it's secure because it's encrypted. (False sense of
    security)


    Maybe it will help get rid of the enterprise managers who say "windows
    and cisco is certified" and then use a web browser on their
    exchange box. :-)
    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Kevin Chadwick at Oct 19, 2011 at 9:15 pm

    On Wed, 19 Oct 2011 20:37:48 +0200 Anders Rundgren wrote:

    Kevin,

    This project only targets the kernel.
    That's good place to start.

    Anders
    I'm not saying it's not good stuff and interesting news but assuming I
    read it right then saying Blackerry's are more secure than Confidential
    level, should be embarrassing not to mention highly misleading.

    I shall have to try and find the time to chase this story to a more
    technical level. I rarely find the time these days :-(


    The kernel is a great and kind of obvious place to start but you can
    likely get a Windows kernel through classified depending upon it's
    usage or the process it fits into. This kernel should reach classified
    for more processes though, which is good news especially as some
    comments hope in that some of it feeds down to Generic. :-)

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Charles Clancy at Oct 20, 2011 at 4:00 am

    On 10/19/2011 6:15 PM, Kevin Chadwick wrote:
    I shall have to try and find the time to chase this story to a more
    technical level. I rarely find the time these days :-(
    As far as I can tell, they're implementing an SSL stack that could be
    approved under NIST and NSA crypto requirements. If they implement RSA
    and AES with the NIST FIPS 140-2 stamp of approval they could support
    sensitive but unclassified material. If they implement NSA Suite B
    (elliptic curve crypto) it could support classified communications.

    The "security" described is in terms of cryptographic security for data
    in flight. It has nothing to do with proper access control policies,
    protection against mobile malware, kernel integrity, etc. Really this
    is just a pro-forma step necessary to allow DOD to use Android. For
    Blackberry, both the OS and the secure email apps have vetted crypto
    implementations. For Android only the apps have been vetted (a number
    of secure VOIP and email apps) which is creating a policy hurdle for
    those wishing to deploy Android within the military.

    - tcc

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Anders Rundgren at Oct 20, 2011 at 8:18 pm
    On 2011-10-20 06:00, Charles Clancy wrote:
    <snip>
    For Blackberry, both the OS and the secure email apps have vetted crypto
    implementations. For Android only the apps have been vetted (a number
    of secure VOIP and email apps) which is creating a policy hurdle for
    those wishing to deploy Android within the military.
    Does Blackberry devices make it possible to discriminate apps usage
    of a key?` IMO, this is a another prerequisite for secure usage of
    keys in mobile phones. Another prerequisite is to be able to enroll
    keys remotely and be sure that they indeed reside/are created in the
    secure key-store.

    AFAIK, FIPS-140 does not address these issues at all but I'm (surely)
    not an authority of this.

    Anders

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Kevin Chadwick at Oct 21, 2011 at 11:56 am

    On Thu, 20 Oct 2011 00:00:24 -0400 Charles Clancy wrote:

    As far as I can tell, they're implementing an SSL stack
    Thanks for the info, I was hoping for more than cryptography, so I'm
    glad you saved me the trouble.

    Without those details, I do think that androidpolice article is
    dangerous for general consumption. Moving all the exploits (pdf etc.)
    from the client to the servers isn't exactly a great strategy
    (priviledge amalgamation). Except maybe for users of very crap or badly
    maintained or poorly auto-maintained clients, such as chromeos replacing
    a windows os that was just used for browsing.

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupandroid-security-discuss @
categoriesandroid
postedOct 17, '11 at 11:11a
activeOct 21, '11 at 11:56a
posts7
users3
websiteandroid.com

People

Translate

site design / logo © 2019 Grokbase