[guardian-dev] Ideas for Research Projects
hans at guardianproject.info
Thu Feb 23 10:51:12 EST 2012
Sorry, I know this is late, I hope it is still helpful. Here are a
couple of project ideas that I think would be very valuable:
Android OS with per-app secure data stores
A complete CyanogenMod system image built on top of SQLCipher, so that
all apps that store data would store their data in encrypted stores that
can use keys that are system-wide, per-app, or even more fine grained.
This would allow an app to store data in a way that is protected every
from malware that has root access to the device. SQLCipher for Android
already covers the SQLite aspect, we are currently working on a similar
idea for file stores by making a filesystem on top of SQLCipher databases.
Private, Anonymous Push-To-Talk Voice Communications
Anonymizing software like Tor uses TCP and adds a lot of latency to the
traffic, making voice calls very difficult to support. Nextel phones
include "Push-To-Talk" (PTT) functionality, which has proven very
popular. PTT messages could be pre-recorded, then sent as a soundfile,
therefore making it easy to support sending the messages over Tor.
SMS Network Testing Utilities
On TCP/IP networks, we take it for granted that we can use publicly
available network testing and monitoring utilities like nmap,
traceroute, ping, etc. With GSM/CDMA networks, there is no such thing.
It is possible to gather quite a bit of information about GSM and CDMA
networks by sending SMS, data, and voice information and analyzing the
On 02/13/2012 09:32 AM, Manuel Leithner wrote:
> Hi Guardian Project,
> we at Secure Business Austria (http://www.sba-research.org/) are currently setting up a research grant application for a Josef Ressel Center for Mobile Secure Services together with FH Hagenberg and a few others.
> In short, a Josef Ressel center is a funded cooperation of an academic institution with one or more businesses under the umbrella of a research center.
> Since this is a rather large grant, we're still looking for a few more projects we might want to tackle. Of course we do have our own preferences, but since you're some of the pioneers of practical smartphone security, it would be interesting to know what you feel are research questions that will be of interest in the next year (i.e. 2013 - large grants do take months to be accepted).
> The "deal", to put it in very simple terms, is that we will have the resources to do (more) research in the field of mobile security and need input on what's needed in the semi-long term. Since we're academic researchers, all of our work will be published in peer-reviewed journals and conferences and is therefore (as far as we're concerned) free to be used and implemented.
> To give you a short idea of what's our daily bread and butter, please see http://www.sba-research.org/research/publications/. "View all publications" will give you a rather large list, if you're interested in what each of us does simply select "Team" and pick a name.
> Please note that our time to finish the application is rather limited, so it would be great to get input from some of you until the end of the week. I can also pop on IRC if you'd prefer to discuss things there.
> Thanks in advance!
> Manuel Leithner
> Snarky IT Security Guy @ SBA Research gGmbH
> Guardian-dev mailing list
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> You are subscribed as: hans at guardianproject.info
More information about the Guardian-dev