[Year 12 SofDev] SD exam - C8 security protocols

Fitzsimmons B. Fitzsimmons.Brett at westbourne.vic.edu.au
Wed Nov 16 15:27:16 AEDT 2016


It’s a third party service on mobile devices so probably consider it transparent to the app. I’d be thinking it is one of those questions that seemed like a good idea at the time given we probably all told our students the answer to something will be VPN – the new equivalent to train-the-trainer.

From: sofdev-bounces at edulists.com.au [mailto:sofdev-bounces at edulists.com.au] On Behalf Of Mark
Sent: Wednesday, 16 November 2016 3:12 PM
To: Year 12 Software Development Teachers' Mailing List <sofdev at edulists.com.au>
Subject: Re: [Year 12 SofDev] SD exam - C8 security protocols

Thanks, Brett.

The clinics use VPN, but didn't know it was cheap or easy to implement on mobile phones for apps.
I believed proper VPN required serious hardware at each end of the secure pipeline.

And can the app alone manage complete end-to-end encryption, or is that beyond the app's purview?

And are SD kids expected to know about this?

I'm learning a lot.

Regards,
Mark



On 16 November 2016 at 14:52, Fitzsimmons B. <Fitzsimmons.Brett at westbourne.vic.edu.au<mailto:Fitzsimmons.Brett at westbourne.vic.edu.au>> wrote:
I’m guessing the answer is mobile VPN and ‘end-to-end’ encryption.

From: sofdev-bounces at edulists.com.au<mailto:sofdev-bounces at edulists.com.au> [mailto:sofdev-bounces at edulists.com.au<mailto:sofdev-bounces at edulists.com.au>] On Behalf Of Mark
Sent: Wednesday, 16 November 2016 2:37 PM
To: Year 12 Software Development Teachers' Mailing List <sofdev at edulists.com.au<mailto:sofdev at edulists.com.au>>
Subject: [Year 12 SofDev] SD exam - C8 security protocols

Hi, greyhats and greybeards. I need help.

C8 is asking about protocols for the mobile devices with the app to send this information as securely as possible.

I'm no mobile phone technology whizkid, so I hope someone can clarify things for me.

The case study makes no reference to how the phones send data from the app to the SBH system.

The phone would be using 3G or 4G technology - does the app designer have any control over 3G/4G communication security?

Is C8 assuming the app's data will go over 3G/4G using HTTP with SSL or TLS encryption? (This is what I assume the Q is fishing for.)

Or could the data go from the phone over 3G/4G using a different protocol entirely, such as text messaging (does that use HTTP?) or something I've never even heard of (which is very, very likely).

What security protocols do phone companies use to get data from mobile towers to their destinations?

Surely not all data sent by all apps over mobile phone connections uses HTTP/HTTPs. Or is it?

When you get an Angry Birds high score on your phone, is that data sent to Rovio over HTTP? Is it sent to your phone company using one protocol, then to Rovio with a different protocol?

Apart from SSL/TLS (or pre-encryption of entire data files using an RSA variant), what protocol can a phone app use to send information as securely as possible?

I have no idea.

Thanks in advance if you have a clue. I'd be keen to learn about this newfangled technobother.

I just hope the kids in the exam were not expected to be mobile telecommunications engineering experts.

I shall do research in the interim. My ignorance of this field is becoming increasing obvious to us all.

Mark

--

Mark Kelly

mark at vceit.com<mailto:mark at vceit.com>
http://vceit.com

_______________________________________________
http://www.edulists.com.au - FAQ, Subscribe, Unsubscribe
IT Software Development Mailing List kindly supported by
http://www.vcaa.vic.edu.au - Victorian Curriculum and Assessment Authority and
http://www.vcaa.vic.edu.au/vce/studies/infotech/softwaredevel3-4.html
http://www.vitta.org.au  - VITTA Victorian Information Technology Teachers Association Inc
http://www.swinburne.edu.au/ict/schools - Swinburne University



--

Mark Kelly

mark at vceit.com<mailto:mark at vceit.com>
http://vceit.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/sofdev/attachments/20161116/a7e92f31/attachment.html 


More information about the sofdev mailing list