[Year 12 SofDev] SD exam - C8 security protocols

Wed Nov 16 15:11:45 AEDT 2016

Thanks, Brett.

The clinics use VPN, but didn't know it was cheap or easy to implement on
mobile phones for apps.
I believed proper VPN required serious hardware at each end of the secure
pipeline.

And can the *app* alone manage complete end-to-end encryption, or is that
beyond the app's purview?

And are SD kids expected to know about this?

I'm learning a lot.

Regards,
Mark

On 16 November 2016 at 14:52, Fitzsimmons B. <Fitzsimmons.Brett at westbourne.
vic.edu.au> wrote:

> I’m guessing the answer is mobile VPN and ‘end-to-end’ encryption.
>
>
>
> *From:* sofdev-bounces at edulists.com.au [mailto:sofdev-bounces at edulist
> s.com.au] *On Behalf Of *Mark
> *Sent:* Wednesday, 16 November 2016 2:37 PM
> *To:* Year 12 Software Development Teachers' Mailing List <
> sofdev at edulists.com.au>
> *Subject:* [Year 12 SofDev] SD exam - C8 security protocols
>
>
>
> Hi, greyhats and greybeards. I need help.
>
>
>
> C8 is asking about protocols for the mobile devices with the app to *send
> this information as securely as possible*.
>
>
>
> I'm no mobile phone technology whizkid, so I hope someone can clarify
> things for me.
>
>
>
> The case study makes no reference to *how* the phones send data from the
> app to the SBH system.
>
>
>
> The phone would be using 3G or 4G technology - does the app designer have
> any control over 3G/4G communication security?
>
>
>
> Is C8 assuming the app's data will go over 3G/4G using HTTP with SSL or
> TLS encryption? (This is what I assume the Q is fishing for.)
>
>
>
> Or could the data go from the phone over 3G/4G using a different protocol
> entirely, such as text messaging (does *that* use HTTP?) or something
> I've never even heard of (which is very, very likely).
>
>
>
> What security protocols do phone companies use to get data from mobile
> towers to their destinations?
>
>
>
> Surely not *all* data sent by *all apps *over mobile phone connections
> uses HTTP/HTTPs. Or is it?
>
>
>
> When you get an Angry Birds high score on your phone, is that data sent to
> Rovio over HTTP? Is it sent to your phone company using *one* protocol,
> then to Rovio with a *different* protocol?
>
>
>
> Apart from SSL/TLS (or pre-encryption of entire data files using an RSA
> variant), what protocol can a phone app use to send information as securely
> as possible?
>
>
>
> I have no idea.
>
>
>
> Thanks in advance if you have a clue. I'd be keen to learn about this
> newfangled technobother.
>
>
>
> I just hope the kids in the exam were not expected to be mobile
> telecommunications engineering experts.
>
>
>
> I shall do research in the interim. My ignorance of this field is becoming
> increasing obvious to us all.
>
>
>
> Mark
>
>
>
> --
>
>
>
> Mark Kelly
>
>
>
> mark at vceit.com
>
> http://vceit.com
>
> _______________________________________________
> http://www.edulists.com.au - FAQ, Subscribe, Unsubscribe
> IT Software Development Mailing List kindly supported by
> http://www.vcaa.vic.edu.au - Victorian Curriculum and Assessment
> Authority and
> http://www.vcaa.vic.edu.au/vce/studies/infotech/softwaredevel3-4.html
> http://www.vitta.org.au  - VITTA Victorian Information Technology
> Teachers Association Inc
> http://www.swinburne.edu.au/ict/schools - Swinburne University
>

-- 

Mark Kelly

mark at vceit.com
http://vceit.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/sofdev/attachments/20161116/53f829b7/attachment-0001.html 