[guardian-dev] Proposal for Secure Connection Notification on Android

Shawn Van Every shawn at guardianproject.info
Thu Nov 15 13:44:32 EST 2012 

Wonderful!  

I think it is worth sending this to the EFF folks who are pushing HTTPSEverywhere: https://www.eff.org/https-everywhere

Are you envisioning this separate from OnionKit?  Could/Should it feature HTTPSEverywhere functionality as well? 

How about submitting this as a patch to Android itself?  (in addition)

-s



On Nov 15, 2012, at 10:17 AM, Nathan of Guardian <nathan at guardianproject.info> wrote:

> Would appreciate feedback here, or on the blog post itself. (Hint: there
> are pretty pictures on the post!)
> 
> https://guardianproject.info/2012/11/15/proposal-for-secure-connection-notification-on-android/
> 
> ***
> 
> A major problem of mobile applications being increasingly used over
> web-based applications, is that there is no standard established for
> notifying the user of the state of security on the network connection.
> With a web browser, the evolution of the “lock” icon when an HTTPS
> connection is made, has been one that evolved originally out of
> Netscape’s first implementation, to an adhoc, defact industry-standard
> way of letting the user know if their connection is secure. Beyond just
> a binary on/off, the lock icon is also the entry point into viewing more
> information about the digital security tokens, keys and certificates
> that are powering the connection – who authorized them, who requested
> them, and so on. More recently, with browsers such as Chrome, there has
> been the user of color schemes (Green is good, Red is bad), verified
> domain display and other indicators to help ensure the user knows when
> to trust their connection, and when to be wary.
> 
> 
> Firefox’s HTTPS certificate display
> 
> While many people claim that HTTPS/TLS/SSL are fundamentally broken,
> they are still an essential piece of basic frontline security on the
> web. In addition, when making a connection through a proxy network like
> Tor or a free VPN service, utilizing TLS/SSL is critical in making sure
> you network is not being intercepted along the way. The notification
> icon and related certificate viewing, is a critical component for the
> user, and one that is entirely missing in the mobile application space.
> The Android API does not provide a standardized method to share this
> information with the user, and the implementation on iOS is unclear, as
> well. Even worse, the proper implementation of a strong HTTP/S
> connection that properly handles verification of certificates, and
> provides an interactive option for users to accept or decline is
> entirely missing for the majority of mobile apps.
> 
> With that in mind, we have added a Secure Connection Notification
> feature into our new OnionKit for Android library. Build upon our
> previous work on implementing custom Root CA Certificate stores for
> Android, this library not only provides a clear way to enable HTTP and
> SOCKS proxying for your network requests (to enable use with our app,
> Orbot: Tor for Android), but it also includes a StrongTrustManager and a
> StrongHTTPSClient implementation, that works to defend against
> man-in-the-middle attacks, and other means to intercept a TLS or SSL
> connection between a mobile app and a remote server. Part of the
> defense, is providing a clear indicator to the user when a secure
> connection is in use.
> 
> We have provided a sample Android app to demonstrate how simple it is to
> enable this capability. The screenshots below are from that app.
> 
> In this first screenshot, the app has connected to
> https://check.torproject.org and you can see in the Notification bar a
> “key” icon indicating there is a secure connection active.
> 
> 
> 
> When you drag the notification bar down, you can see a more complete
> view of the Secure Connection Notification (SCN) message, which
> indicates the connection is Active and shows a summary of the secure
> certificate information. In a recent update to the OnionKit SCN code, it
> also allows for the application to include its name and icon in this
> notification.
> 
> 
> 
> Finally, you can tap on the SCN notification and bring up a larger
> pop-over view of the certificate information. We intend to develop this
> view further, to allow for better manual management of trust – meaning
> you may have the option to accept/decline or disable trust of this
> certificate or the certificate authority that provides it.
> 
> 
> 
> Beyond “Active” messages, the notification system will also warn or
> block connections that are deemed risky, invalid or otherwise
> unverifiable. You can use OnionKit in concert with the
> MemorizingTrustManager to manually override this verification process,
> if your application is expected to often connect to servers with
> unverifiable certificates. Finally, using our CACert project, you can
> generate custom Root CA stores for use with OnionKit, that utilize your
> own certificate authorities, or a custom rolled set.
> 
> Our goal is not to overwhelm the user, but instead to provide them a
> simple notification so they can understand which applications have their
> best interests in mind, and which do not. It is amazing how many popular
> mobile apps transmit personal information using HTTP completely in plain
> text, in the clear, allowing any number of parties along the network
> path between the device and server to passively vacuum up this data.
> Users generally are not aware or do not care about this issue. It is up
> to the mobile application developer, to adopt an approach like our
> Secure Connection Notification, or to directly utilize our OnionKit
> library itself.
> 
> Finally, we would like to see Android and other mobile operating
> systems, adopt a system such as this device-wide, such that it becomes
> as standard as the desktop web browser HTTPS lock.
> 
> If you are a developer, please check out OnionKit for Android today, and
> let us know what you think: https://github.com/guardianproject/OnionKit/
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>       Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>       Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/shawn%40guardianproject.info
> 
> You are subscribed as: shawn at guardianproject.info

More information about the Guardian-dev mailing list