On Mon, Oct 19, 2009 at 7:03 AM, Grizzly <[email protected]> wrote:
> remote location. Is it possible to implement a API that allows a data > provider the ability to list security settings before allowing access? > In other words can my VPN ask the device if a password is set? http://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation I'm not too worried about the remote attestation problem being solved any time soon. > 2. My security policy defines a smartphone as "removable" media. This is a good way to characterize the risks of smartphones. > It > also requires all removable media to be encrypted "at rest". Is the > storage on the device encrypted? No, but everyone wants this feature. :) Unfortunately, it's really hard. One option is to use a TPM, like BitLocker does. But a TPM alone is not really sufficient protection unless your threat model is that the attacker will remove the storage medium but not take the whole machine -- which doesn't apply to mobile devices too well. Here are some of the hard problems: 1. There is no One True Android. It's just some software that phone vendors can use as they see fit. You'd really want your bootloader to know about disk encryption, and pass the key or key protector to the kernel. Each phone vendor cooks up their own bootloader... does yours support booting from encrypted volumes? 2. Creating strong key protectors is hard enough anyway; now we have to make them easy to type on a small device. 3. By FCC mandate, the phone always has to boot into a mode in which it can at least call 911. Even if the phone holder doesn't have the key protector, or is unable to type it in. So do you have two boot modes, with two copies of the operating system? Space is already tight... (How do you enforce that removable media be encrypted, by the way? Do you check? What encryption system(s) do you use? (There is TrueCrypt, BitLocker To Go, others...)) You could more easily mount an encrypted volume as a loopback filesystem on top of the normal filesystem. But, be aware that the SD card (or other removable media in the phone) uses the FAT filesystem, and so must be vulnerable to other applications altering or reading the ciphertext. Perhaps even brute-forcing the key protector, and recovering the key embedded in the filesystem image? Hmm. So you'd want to use the (relatively small) flash filesystem, which is a real Linux filesystem. Finally, all smartphones have to address these problems, not just Android. > 3. I assume that https is supported. Does the exchange application > support encrypted communications? There is no one Exchange application (yet?). > 4. Can I set password strength rules? You can try. Have you see the Android's screen unlock system? It's not a password. A particular Android distributor could make their own... Do you enforce all of your desiderata on laptops, too? In any case, you'll have to accept the risk that people will install unofficial Android images on their droids, just as you have to accept that risk with laptops.
