Hi Dong, > About Fishbowl:... > mainly doubly encrypt voice call/VOIP I found the double encryption to be very interesting. They call it "Cascading Ciphers" when used at the same [application] layer. It was frowned upon for years by the folks on sci.crypt. Recently, a thread showed up on the cryptography mailing list on the topic: "The NSA and secure VoIP," http://lists.randombit.net/pipermail/cryptography/2012-March/002576.html.
> About Trusted Execution Environment (TEE)... How does one have a Trusted Execution Environment if there is no secure boot and no OS attestations can be made? As far as I know, Windows Phone 8 is the only mobile OS providing a secure boot, though I suspect BlackBerry may (my apologies if Android is doing so) [1,2]. Microsoft requires handset manufactures to use Qualcomm SoCs, and write public keys to the SoC and then blow the fuses. The SoC and firmware refuse to load anything not properly signed (www.uefi.org). No DFU mode trickery like on an iDevice. Jeff [1] Windows Phone 8 Security Deep Dove, channel9.msdn.com/Events/TechEd/Europe/2012/WPH304 [2] Slides for [1]: video.ch9.ms/teched/2012/eu/WPH304.pptx On Wed, Jul 11, 2012 at 10:58 PM, Dong Yang <dongyang1...@gmail.com> wrote: > About Fishbowl: > http://www.networkworld.com/news/2012/022912-rsa-nsa-android-256825.html?page=1 > > mainly doubly encrypt voice call/VOIP > IP encryption : IPSec VPN over SSL(transport layer security) VPN (SSL have > problems of interoperability) > VOIP encryption : Secure Real-Time Transport Protocol for Voice App(secure > RTP and RTCP) and Transport Layer Security (TLS, Transport Layer Security) > with keys > > > About Trusted Execution Environment (TEE) > > other form of TPM > 1. meego security: > http://wiki.meego.com/Security/Architecture > > 2. > http://www.google.com.hk/url?sa=t&rct=j&q=trusted+execution+environment&source=web&cd=5&ved=0CGEQFjAE&url=http%3A%2F%2Fwww.trusted-logic.com%2FPresentations%2FTrusted_Execution_Environment_CColas_2008Sept18.pdf&ei=G5f6T5OmHOql6wHrsZm6Bg&usg=AFQjCNEDf8nx0_LdWDes5VI_Qez-cp-4Pw&cad=rjt > > > > On Sat, Jul 7, 2012 at 2:41 AM, Hadi Nahari <hadi.nah...@gmail.com> wrote: >> >> On Fri, Jul 6, 2012 at 9:03 AM, Lisa's unattended mail >> <lisa.watson-6oh1k...@cool.fr.nf> wrote: >>> >>> On 2012-06-29, Jeffrey Walton <noloa...@gmail.com> wrote: >>> > (DARPA) has awarded a $21.4 million contract to create a locked-down >>> > version of the Android operating system for use in the field, >>> >>> This is like saying "convert this go-kart into an armored howitzer". >>> >>> Very misguided. For military use, Android has nothing to offer. They >>> should be starting from scratch, or porting an already secure platform >>> to an ARM device. >>> >> >> Incorrect. The fact that Android _devices_ don't have much to offer does >> not mean that Android [the stack] does not. Quite to the contrary, currently >> some of the more advanced security technologies (e.g. full-fledged TEE: >> trusted execution environment) have commercially-available Android ports >> (some actually _only_ on Android.) Project Fishbowl is another example, so >> is SEAndroid (checkout Stephen Smalley's post to this ML.) -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
