Proposal for Secure Connection Notification on Android
Posted on November 15, 2012
| n8fr8
A major problem of mobile applications being increasingly used over web-based applications, is that there is no standard established for notifying the user of the state of security on the network connection. With a web browser, the evolution of the “lock” icon when an HTTPS connection is made, has been one that evolved originally out of Netscape’s first implementation, to an adhoc, defact industry-standard way of letting the user know if their connection is secure.
[Read More]
Sometimes the best solution is a library, not an app
Posted on August 27, 2012
| Hans-Christoph Steiner
Our general approach to software development starts with surveying existing solutions that are available and in use, to see if there is already enough of an ecosystem or whether we need to seed that. When there is already an adundance of tools and apps out there, we work to find the good ones, provide feedback and auditing, and then build apps and tools to fill in any gaps. For example, this was our approach in the Open Secure Telephony Network.
[Read More]
IOCipher lives! encrypted virtual file system for Android
Posted on May 17, 2012
| Hans-Christoph Steiner
Nathan and I just got the first complete test of IOCipher working in the IOCipherServer/SpotSync app. We created a filesystem sqlite.db file, then mounted it and got all the files via HTTP. In the test suite, I have lots of operations all running fine and encrypting! The core idea here is a java.io API replacement that transparently writes to an encrypted store. So for the most part, just change your import statements from:
[Read More]
Cross-Domain calling, or “toll-free long distance VoIP”
Posted on May 4, 2012
| lee
In a standard OSTN configuration, the Fully Qualified Domain Name (FQDN) of the server running Freeswitch is a core dependency to operate the service. For example, the domain ostel.me was first configured as a DNS record, a server was bootstrapped with ostel.me as the local hostname and a Freeswitch cookbook was run using the Chef automation system. Because the domain was configured both in DNS and locally, the cookbook has enough information to automatically build an operational OSTN node.
[Read More]
Mobile mesh in a real world test
Posted on May 2, 2012
| Hans-Christoph Steiner
Nathan, Mark, Lee, and I tried some OLSR mesh testing during the May Day protests and marches. We were able to get 4 devices to associate and mesh together, but not without some trials and travails. Two pairs of devices setup two separate BSSIDs, so were on separate networks. We turned them all off, then associated them one at a time, and then they all got onto the same BSSID and olsrd started doing its thing.
[Read More]
User scenarios to guide our crypto development
Posted on April 14, 2012
| Hans-Christoph Steiner
At Guardian Project, we find user-centered development to be essential to producing useful software that addresses real world needs. To drive this, we work with user stories and scenarios as part of the process of developing software. One particular development focus is the Portable Shared Security Token (PSST) project, which aims to make it easy to use encryption across both mobile and desktop computers, as well as keep the stores of cryptographic identities (i.
[Read More]
Transparent encrypted virtual disks for Android (we call it IOCipher)
Posted on April 3, 2012
| Hans-Christoph Steiner
When using phones, laptops, computers, etc. it feels like a private experience, as if our screen was the same as a piece of paper, and when that paper is gone, then no one can see it anymore. Digital media works very differently. While the user interface portrays the deletion of files as very final, for someone with the right tools, it is actually not hard to recover deleted files. Also, digital information takes up so little space, we now regularly carry vast amounts of information in our pockets.
[Read More]
Knight News funding of SecureSmartCam = a #WIN for open-source mobile security
Posted on March 29, 2012
| n8fr8
Along with our partner WITNESS, we’ve entered our SecureSmartCam project into the Knight News Challenge, and we need your support to get to the next round.
Here’s a bit more about the challenge:
The Knight News Challenge, an international media innovation contest, is evolving – and will be offered three times, with three different topics. The first challenge will be centered on networks, and will accept applications Feb. 27 – March 17.
[Read More]
Call My Email
Posted on March 22, 2012
| mark
What if you could call me directly through my email? No exchanging of phone numbers or searching for handles on Skype. Just plain and simple email. Now what if we can make that phone call as secure as it is easy. That’s the goal of what we’re doing here at Open Secure Telephony Network (OSTN).
The internet is already structured to be able to do this. That’s why I can have all of my emails point to one email box if I want to.
[Read More]
On Verifying Identity Using Cryptography
Posted on March 19, 2012
| Hans-Christoph Steiner
One of the most important uses of cryptography these days is verifying the identity of the other side of a digital conversation. That conversation could be between two people using OTR-encrypted IM, a web browser showing a bank website, a Debian Developer uploading a package to the Debian build server, an ssh client logging into an ssh server, and on and on. In all of these cases, cryptography is used to ensure that the software is indeed receiving replies from the expected entity.
[Read More]
Adventures in Porting: GnuPG 2.1.x to Android!
Posted on March 15, 2012
| Hans-Christoph Steiner
PGP started with Phil Zimmerman’s Pretty Good Privacy, which is now turned into an open IETF standard known as OpenPGP. These days, the reference OpenPGP platform seems to be GnuPG: its used by Debian and all its derivatives in the OS itself for verifying packages and more. It is also at the core of all Debian development work, allowing the very diffuse body of Debian, Ubuntu, etc developers to communicate and share work effectively while maintaining a high level of security.
[Read More]
Our new F-Droid App Repository (out of date!)
Posted on March 15, 2012
| n8fr8
Update: this blog post has been changed to reference our new FDroid repository at https://guardianproject.info/fdroid. If you are still using the old one originally described here which has the URL https://guardianproject.info/repo, you should switch to the new repo as soon as possible!
For all of you out there looking for a safe way to find and download apps outside of the Play Store (aka Android Market) or random, sketchy third-party app stores and file sharing sites, then your wait is over:
[Read More]
ObscuraCam v2 ALPHA (with video!)
Posted on March 2, 2012
| n8fr8
We’ve been making exciting progress with our work on ObscuraCam, part of the SecureSmartCam project with our partner WITNESS. The biggest jump forward is the addition of video support, including automated face detection, pixelization and redaction.
Screenshots below, and soon a video below (also at: http://youtu.be/9hi4c_DCrkw)
Source code branch is here: https://github.com/guardianproject/securesmartcam/tree/obscurav2
Latest ALPHA test build at: https://github.com/guardianproject/SecureSmartCam/ObscuraCam-2.0-Alpha-2.apk/qr_code
How many ways to store 5 numbers?
Posted on February 23, 2012
| Hans-Christoph Steiner
At the core of all software that aims to be secure, private and anonymous is encryption, or as I think of it, amazing math tricks with really large numbers. These really large numbers can serve as a token of identity or the key to information locked away behind the encryption math. There are a number of different encryption methods commonly used based on different mathematical ideas, but they all rely on people managing sets of really large numbers, usually known as keys.
[Read More]
Free SIP Providers with ZRTP support
Posted on February 22, 2012
| lee
This post is part of a series on our work researching the Open Secure Telephony Network. After you have CSipSimple installed on your mobile handset, you will need a place to register a SIP username so you can contact others. The fastest way to get started with this is to use one of a handful of free SIP providers. I like the Ekiga free SIP service.
The only drawback to this service is the userbase is large enough that the namespace of easy to remember words is frequently occupied.
[Read More]
Open Source SIP Client for Android
Posted on February 22, 2012
| lee
The first step in the Open Secure Telephony Network (OSTN) is a client. We can’t make a phone call without a phone. In this case there are three primary goals and a number of optional features. The primary goal is an application which speaks the SIP protocol for signalling. It must also speak the ZRTP protocol for peer to peer encryption key exchange. Finally the client must have source code freely available with a license that allows free redistribution.
[Read More]
Open Secure Telephony Network
Posted on February 22, 2012
| lee
Over the last two months, I have been working on a project to research and develop a set of tools to provide secure peer to peer Voice over IP on the Android mobile platform. It is called the Open Secure Telephony Network, or OSTN. This work is done under the umbrella of The Guardian Project.
this is not the type of “open” we mean, and definitely not secure
The project will continue for another four months and I will post my public findings here.
[Read More]
Strong Mobile Passwords with Yubikey USB Token
Posted on January 4, 2012
| n8fr8
We have been experimenting with the Yubikey, a USB hardware password token, a bit over the last few weeks and would like to share our initial findings. We have not received any financial support or donation from Yubico for this work. We simply think they have a very affordable, interesting product that, due to its design, does *not* require any on-device driver software and can easily work with any Android device that supports USB Host/HID mode.
[Read More]
SQLCipher for Android v1 FINAL!
Posted on November 29, 2011
| n8fr8
Team GP along with the good folks at Zetetic, are happy to announce that we have reached FINAL on our first release (“v1” 0.0.6 build) of SQLCipher for Android. This means we consider this a production release, ready for shipping with your apps to provide for reliable, open-source, secure application data encryption.
If you need a refresher, here is what the cross-platform, open-source SQLCipher provides:
SQLCipher is an SQLite extension that provides transparent 256-bit AES encryption of database files.
[Read More]
Progress on Mobile Video Privacy Tools
Posted on September 10, 2011
| n8fr8
If you are a developer you may just want to skip all the prose below, and just jump over to Github to find our new FFMPEG on Android project{.vt-p} and build system. You can also check out our SSCVideoProto Project{.vt-p} to understand how we are using it to redact faces and other identifying areas of HD video right on the Android phone itself. For more context, read on…
Last October at the Open Video Conference 2010, the idea of a camera application that could be designed to understand the needs and requirements of the human rights community was born.
[Read More]
