[guardian-dev] Proposal for Secure Connection Notification on Android
Shawn Van Every
shawn at guardianproject.info
Thu Nov 15 13:44:32 EST 2012
Wonderful!
I think it is worth sending this to the EFF folks who are pushing HTTPSEverywhere: https://www.eff.org/https-everywhere
Are you envisioning this separate from OnionKit? Could/Should it feature HTTPSEverywhere functionality as well?
How about submitting this as a patch to Android itself? (in addition)
-s
On Nov 15, 2012, at 10:17 AM, Nathan of Guardian <nathan at guardianproject.info> wrote:
> Would appreciate feedback here, or on the blog post itself. (Hint: there
> are pretty pictures on the post!)
>
> https://guardianproject.info/2012/11/15/proposal-for-secure-connection-notification-on-android/
>
> ***
>
> A major problem of mobile applications being increasingly used over
> web-based applications, is that there is no standard established for
> notifying the user of the state of security on the network connection.
> With a web browser, the evolution of the “lock” icon when an HTTPS
> connection is made, has been one that evolved originally out of
> Netscape’s first implementation, to an adhoc, defact industry-standard
> way of letting the user know if their connection is secure. Beyond just
> a binary on/off, the lock icon is also the entry point into viewing more
> information about the digital security tokens, keys and certificates
> that are powering the connection – who authorized them, who requested
> them, and so on. More recently, with browsers such as Chrome, there has
> been the user of color schemes (Green is good, Red is bad), verified
> domain display and other indicators to help ensure the user knows when
> to trust their connection, and when to be wary.
>
>
> Firefox’s HTTPS certificate display
>
> While many people claim that HTTPS/TLS/SSL are fundamentally broken,
> they are still an essential piece of basic frontline security on the
> web. In addition, when making a connection through a proxy network like
> Tor or a free VPN service, utilizing TLS/SSL is critical in making sure
> you network is not being intercepted along the way. The notification
> icon and related certificate viewing, is a critical component for the
> user, and one that is entirely missing in the mobile application space.
> The Android API does not provide a standardized method to share this
> information with the user, and the implementation on iOS is unclear, as
> well. Even worse, the proper implementation of a strong HTTP/S
> connection that properly handles verification of certificates, and
> provides an interactive option for users to accept or decline is
> entirely missing for the majority of mobile apps.
>
> With that in mind, we have added a Secure Connection Notification
> feature into our new OnionKit for Android library. Build upon our
> previous work on implementing custom Root CA Certificate stores for
> Android, this library not only provides a clear way to enable HTTP and
> SOCKS proxying for your network requests (to enable use with our app,
> Orbot: Tor for Android), but it also includes a StrongTrustManager and a
> StrongHTTPSClient implementation, that works to defend against
> man-in-the-middle attacks, and other means to intercept a TLS or SSL
> connection between a mobile app and a remote server. Part of the
> defense, is providing a clear indicator to the user when a secure
> connection is in use.
>
> We have provided a sample Android app to demonstrate how simple it is to
> enable this capability. The screenshots below are from that app.
>
> In this first screenshot, the app has connected to
> https://check.torproject.org and you can see in the Notification bar a
> “key” icon indicating there is a secure connection active.
>
>
>
> When you drag the notification bar down, you can see a more complete
> view of the Secure Connection Notification (SCN) message, which
> indicates the connection is Active and shows a summary of the secure
> certificate information. In a recent update to the OnionKit SCN code, it
> also allows for the application to include its name and icon in this
> notification.
>
>
>
> Finally, you can tap on the SCN notification and bring up a larger
> pop-over view of the certificate information. We intend to develop this
> view further, to allow for better manual management of trust – meaning
> you may have the option to accept/decline or disable trust of this
> certificate or the certificate authority that provides it.
>
>
>
> Beyond “Active” messages, the notification system will also warn or
> block connections that are deemed risky, invalid or otherwise
> unverifiable. You can use OnionKit in concert with the
> MemorizingTrustManager to manually override this verification process,
> if your application is expected to often connect to servers with
> unverifiable certificates. Finally, using our CACert project, you can
> generate custom Root CA stores for use with OnionKit, that utilize your
> own certificate authorities, or a custom rolled set.
>
> Our goal is not to overwhelm the user, but instead to provide them a
> simple notification so they can understand which applications have their
> best interests in mind, and which do not. It is amazing how many popular
> mobile apps transmit personal information using HTTP completely in plain
> text, in the clear, allowing any number of parties along the network
> path between the device and server to passively vacuum up this data.
> Users generally are not aware or do not care about this issue. It is up
> to the mobile application developer, to adopt an approach like our
> Secure Connection Notification, or to directly utilize our OnionKit
> library itself.
>
> Finally, we would like to see Android and other mobile operating
> systems, adopt a system such as this device-wide, such that it becomes
> as standard as the desktop web browser HTTPS lock.
>
> If you are a developer, please check out OnionKit for Android today, and
> let us know what you think: https://github.com/guardianproject/OnionKit/
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/shawn%40guardianproject.info
>
> You are subscribed as: shawn at guardianproject.info
More information about the Guardian-dev
mailing list