addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgoogleimageimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

Securing your Communications

Hello all!

In honor of the 4 year anniversary of the SeaDroid meetup group (first event was August 17, 2010!) we are going to have two events this month.  The first is a strong technical presentation on securing your communication in an Android application, and the second will be a fun session with some interesting toys and technology discussions from Thalmic Labs!

Hope to see everyone there!

Abstract:

Think your Android app is using secure communications? It may not be as secure as you think... Mobile applications often need to communicate, either to central servers or to other devices, but Android presents some unique challenges. Manufacturers often don't update devices to the latest versions of Android, and without the updates you're using code that may have known vulnerabilities. Fortunately there are ways around this issue, either using the new Play Services ProviderInstaller API to get updated Conscrypt security code or using the open source Bouncy / Spongy Castle library.

In this talk you'll learn about both options. ProviderInstaller is a simple option that works well for most developers. Bouncy / Spongy Castle is more complex, but also adds support for newer protocols and features not available in the standard security APIs. You'll see how to Bouncy / Spongy Castle for securing both standard socket-based TLS 1.x and the datagram DTLS alternative, as well as for ordinary crypto tasks such as generating public/private key pairs and certificates. Dennis will also discuss algorithm suites and techniques to give your communications the highest protection from all observers.

Bio:

Dennis Sosnoski is a Java and Scala developer with a strong security background developed over many years of work on data communications and enterprise systems. Currently based in New Zealand, Dennis provides consulting and training services to clients worldwide, especially in the areas of web services and communications security. His current projects include Android apps supporting secure communications, Java/Scala data exchange and transformation tools, and enhancements to the Apache CXF web service project. Dennis was a regular at SeaJUG Java Users Group meetings when he lived in the Seattle area, and is looking forward to meeting up with everyone again while he's back in town.

Join or login to comment.

  • Dennis S.

    Interesting related article in today's Register: http://www.theregister.co.uk/2014/08/21/slapdash_ssl_leaves_majority_of_android_app_in_play_store_open_to_hacking/

    I haven't posted the set of slides I used for this talk yet, but will hopefully do that once I'm back home. I'll also get the BouncyCastle / SpongyCastle demonstration code cleaned up and to github. In the meantime, you can see a version of the slides that aren't Android-specific at https://www.sosnoski.com/presents.html (the Keeping Your Secrets presentation), and read the related article http://www.infoq.com/articles/keeping-your-secrets The Java security code is at https://github.com/dsosnoski/keep-secrets

    1 · August 21, 2014

  • Pat T.

    Dennis -- thanks for a very practical and informative talk! Just the right blend of background and insider tips.

    1 · August 13, 2014

  • Matthias B.

    Had to leave early, again. But both meet-ups I have been to were informative and great to network at. Thanks

    August 13, 2014

  • Diego D.

    I'm in the lobby. What floor this thing is?

    August 13, 2014

    • Ann S.

      10th floor in the "Disney area". The security guard had to help me . Wish they would have posted better directions on the location and told us the doors are locked by 7.

      August 13, 2014

    • Diego D.

      Never mind

      August 13, 2014

  • Brian M.

    Uh oh! Looks like I'm fighting fires tonight! Sorry, all - won't be able to make it! Was very much looking forward to meeting you all this evening. =(

    Looking forward to making it to the next one!

    August 13, 2014

  • A former member
    A former member

    Will not be able to make it tonight, will there be any materials from this evening available online afterward?

    August 13, 2014

  • Sean L.

    Turns out I'm missing this one. Too bad!
    I'd love to know if any libraries aside from BouncyCastle are mentioned, especially if they help with pinning, cipher suites, PFS, etc and are licensed more in the Apache or BSD vein than the GPL style.

    August 13, 2014

  • Dennis S.

    What's the parking situation like here? Looks like I'll be driving up from the airport area.

    August 12, 2014

    • Nimret S.

      Hey Dennis - your choices for parking are: street parking, seattle public library across the street (closes at 9 pm sharp) or the convention center a few blocks away which is open late. You may also want to check out http://goo.gl/Z8atLL­ . Looking forward to catching up :) cheers!

      August 12, 2014

    • Pat T.

      Dennis -- Are you stuck with driving (e.g. have to go on to somewhere else afterward, or have to pick up a rental car)? As Jerry points out, there's very good transit from the airport -- can catch Link light rail at the airport or nearby, then get off at the University Street station in the transit tunnel. The meetup venue is about 3 blocks from the station.

      August 13, 2014

  • Jerry F.

    Sound Transit, that's light rail, goes from SeaTac airport to University Street station in the bus tunnel down town. I'd take that.

    1 · August 13, 2014

  • Kevin G. B.

    Computer security issues, like the poor, will always be with us. Seattle parking has me bycycling more these days than ever and in my 52nd year of riding a two-wheeler.

    August 13, 2014

  • Mitch

    Sadly, just caught that these next couple meetings are on a Wednesday, I'd love to see them moved back to Tuesday. Congrats on 4 years!

    August 12, 2014

  • C. Jeffery S.

    Concerning locations: The F5 site was always good because there was ample free parking. The past few sessions held downtown are a no go for me as I refuse to hassle with the city traffic and pay ridiculous amounts for parking. I don't expect the group to accommodate me personally. I only offer this up as one thing to consider when selecting future venues. Regards.

    August 4, 2014

    • Benn

      Honestly, I wish I could still use the F5 space as well, but I was the only person there with the chutzpah to make it happen :)

      August 7, 2014

    • Benn

      If you do know of other suitable locations outside of downtown, feel free to have them get in touch with me!

      August 7, 2014

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy