Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Android Security Discussions
Message from discussion Mobile Identification

View parsed - Show only message text

Received: by 10.58.132.238 with SMTP id ox14mr2736878veb.15.1349465128470;
        Fri, 05 Oct 2012 12:25:28 -0700 (PDT)
X-BeenThere: android-security-discuss@googlegroups.com
Received: by 10.52.92.207 with SMTP id co15ls3471637vdb.5.gmail; Fri, 05 Oct
 2012 12:25:25 -0700 (PDT)
Received: by 10.59.7.167 with SMTP id dd7mr2612322ved.26.1349465125802;
        Fri, 05 Oct 2012 12:25:25 -0700 (PDT)
Received: by 10.59.7.167 with SMTP id dd7mr2612321ved.26.1349465125789;
        Fri, 05 Oct 2012 12:25:25 -0700 (PDT)
Return-Path: <krismicin...@gmail.com>
Received: from mail-vc0-f179.google.com (mail-vc0-f179.google.com [209.85.220.179])
        by gmr-mx.google.com with ESMTPS id s13si656811vde.2.2012.10.05.12.25.25
        (version=TLSv1/SSLv3 cipher=OTHER);
        Fri, 05 Oct 2012 12:25:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of krismicin...@gmail.com designates 209.85.220.179 as permitted sender) client-ip=209.85.220.179;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of krismicin...@gmail.com designates 209.85.220.179 as permitted sender) smtp.mail=krismicin...@gmail.com; dkim=pass header...@gmail.com
Received: by mail-vc0-f179.google.com with SMTP id f13so2252257vcb.10
        for <android-security-discuss@googlegroups.com>; Fri, 05 Oct 2012 12:25:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=hVSCOlK0YlzM5/RW/R/d9ZayBun3RF+sEVDOeISdtFA=;
        b=Z82NwKqigFUU25t2HI0aWQkQBEI3ZlWKtsbovHYO8ltmSXnW5mXCPQn/2p/9gPqA0v
         cvErz5+esrsejDPMwwghzr7oQ93hpSftFTyqytvnUh3IV0bwnEqq1b43PIKEdSiVRDr9
         h0A0agouARRVs9/WTxva3YdafR2TKjSw6beN4pLnUo6sVBVUYhsJySjKp3A5hu+4LFPs
         iPqF6FrrflKFSGcWLGkQh564xtaAkmLbEIfra8EZg5U8q+rHTjzyh5ohGnp2wpr3Z6UK
         Qv/SU2nekHO0UE1yIRY1H2YO+iq3RiD9ri+ef5mfnLXE8LC487z4zcRj03LLTmrM28c+
         3uKg==
MIME-Version: 1.0
Received: by 10.58.4.131 with SMTP id k3mr5868808vek.54.1349465125709; Fri, 05
 Oct 2012 12:25:25 -0700 (PDT)
Received: by 10.58.95.104 with HTTP; Fri, 5 Oct 2012 12:25:25 -0700 (PDT)
In-Reply-To: <CAD08zbvpO3A0SK0=qUEW3aziWfK=qHiVidODjHUwTCSL8+A...@mail.gmail.com>
References: <CAE+Gij26h6RqO5mjUi3bte-jZvxftjO+y5cozm0g4nDFZa2...@mail.gmail.com>
	<CAF1Sy-E7ahtyBCdwYHZqb2pQn6XdTfvE8Lehvtww5-xmrA_...@mail.gmail.com>
	<CAE+Gij03wuni-J7xOmoXitcC39zyJSdG2nfT=zvcM97Awnd...@mail.gmail.com>
	<CAF1Sy-EOGWjp8ZQQTW0-ScttvVNgrR__XZkWqT2Lr3h2SGr...@mail.gmail.com>
	<CAE+Gij1jxOU+hV4mX6EEpX53gxUQTRB_Q3DpjC+V3Qh4ysq...@mail.gmail.com>
	<CAD08zbvpO3A0SK0=qUEW3aziWfK=qHiVidODjHUwTCSL8+A...@mail.gmail.com>
Date: Fri, 5 Oct 2012 15:25:25 -0400
Message-ID: <CAF1Sy-GByOwPnwJrFK4EORS5XJJ6KnrA+NGvhNpFEgnSQh9...@mail.gmail.com>
Subject: Re: [android-security-discuss] Mobile Identification
From: Kristopher Micinski <krismicin...@gmail.com>
To: Hadi Nahari <hadi.nah...@gmail.com>
Cc: Lucas Palma <palma.lu...@gmail.com>, 
	Android Security Discussions <android-security-discuss@googlegroups.com>
Content-Type: text/plain; charset=ISO-8859-1

Right, that qualifies to me as "additional infrastructure."

kris

On Fri, Oct 5, 2012 at 3:21 PM, Hadi Nahari <hadi.nah...@gmail.com> wrote:
> One [only?] reliable way to accomplish this is to have a trust-base on the
> device (TPM, TrustZone, UICC, Secure Element, etc.) that works in
> conjunction with a backend to assert device's identity, capability, etc.
>
> -Hadi
>
>
> On Fri, Oct 5, 2012 at 12:16 PM, Lucas Palma <palma.lu...@gmail.com> wrote:
>>
>> It's not the connection speed that I said, but the rate that the user
>> sends information.
>> And, as you said and I had already stated, it was an idea but not used,
>> because it can be forged.
>>
>> I was thinking if there's a server-side strategy, because almost
>> everything that come from the client-side can be forged, but if anybody
>> knows something that can't be forged and identifies the user as mobile
>> device user, please tell me.
>>
>> Regards,
>>
>> --
>> Lucas Palma
>>
>>
>>
>> "If you are patient in one moment of anger, you will escape a hundred days
>> of sorrow."
>> - Chinese Proverb
>>
>>
>>
>> On Fri, Oct 5, 2012 at 4:10 PM, Kristopher Micinski
>> <krismicin...@gmail.com> wrote:
>>>
>>> I think that anything will be able to be forged, you can always
>>> manipulate the connection speed, that's not a reliable indicator.
>>>
>>> kris
>>>
>>> On Fri, Oct 5, 2012 at 3:08 PM, Lucas Palma <palma.lu...@gmail.com>
>>> wrote:
>>> > Yes, right.
>>> >
>>> > I was thinking that any strategy on the client side could be forged, so
>>> > I
>>> > started thinking if there's a server-side action that could be used.
>>> >
>>> > I thought, for example, at the speed that the user sends information,
>>> > since
>>> > on desktop the information is typed and then sent faster than on a
>>> > mobile...
>>> > but this could also be faked on the client side.
>>> >
>>> > --
>>> > Lucas Palma
>>> >
>>> >
>>> >
>>> > "If you are patient in one moment of anger, you will escape a hundred
>>> > days
>>> > of sorrow."
>>> > - Chinese Proverb
>>> >
>>> >
>>> >
>>> > On Fri, Oct 5, 2012 at 4:04 PM, Kristopher Micinski
>>> > <krismicin...@gmail.com>
>>> > wrote:
>>> >>
>>> >> I would say that pretty much any strategy is going to be spoofable.
>>> >>
>>> >> You're talking from the perspective of the server, correct?
>>> >>
>>> >> kris
>>> >>
>>> >> On Fri, Oct 5, 2012 at 2:58 PM, Lucas Palma <palma.lu...@gmail.com>
>>> >> wrote:
>>> >> > Hi everybody,
>>> >> >
>>> >> > There's some way to identify that the user is using a mobile device,
>>> >> > not
>>> >> > a
>>> >> > desktop?
>>> >> > Like, I have an application, which communicates with a web service,
>>> >> > but
>>> >> > anyone could access it through a desktop, and simulates that is
>>> >> > using a
>>> >> > mobile device.
>>> >> >
>>> >> > I don't think that "user-agents", "css" and things like that will
>>> >> > help,
>>> >> > since they can be forged.
>>> >> > Someone know one or more ways to do the trick?
>>> >> > There's some way to do it without changing the application?
>>> >> >
>>> >> > Thanks in advance!
>>> >> >
>>> >> > --
>>> >> > Lucas Palma
>>> >> >
>>> >> >
>>> >> >
>>> >> > "If you are patient in one moment of anger, you will escape a
>>> >> > hundred
>>> >> > days
>>> >> > of sorrow."
>>> >> > - Chinese Proverb
>>> >> >
>>> >> > --
>>> >> > You received this message because you are subscribed to the Google
>>> >> > Groups
>>> >> > "Android Security Discussions" group.
>>> >> > To post to this group, send email to
>>> >> > android-security-discuss@googlegroups.com.
>>> >> > To unsubscribe from this group, send email to
>>> >> > android-security-discuss+unsubscribe@googlegroups.com.
>>> >> > For more options, visit this group at
>>> >> > http://groups.google.com/group/android-security-discuss?hl=en.
>>> >
>>> >
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Android Security Discussions" group.
>> To post to this group, send email to
>> android-security-discuss@googlegroups.com.
>> To unsubscribe from this group, send email to
>> android-security-discuss+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/android-security-discuss?hl=en.
>
>

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google