/* jquery */ /* jquery accordion style*/ /* jquery init */

Perfect Forward Security

Material surrounding the NSA's PRISM and MUSCULAR programmes, exposed in the Edward Snowdon documents, have generated much consternation in the IT industry. And the public aren't at all happy with the alleged capture, storage and analysis of their communications either.

Major technology organisations felt compelled to conduct a top to bottom review of existing security systems. Many have decided to significantly enhance and extend data security.

High on the list is the introduction of an encryption strategy called 'Perfect Forward Security'.

Enhanced Encryption

So, what exactly is Perfect Forward Security (PFS)? And how does it help secure our data?

At its core PFS is based on the highly regarded and well proven public-key encryption system. A system that relies on a pair of mathematically related keys. If you'd like to understand the nitty gritty technical details of key exchange they are expertly explained in this Wiki entry.

Despite widespread adoption the key-exchange scenario does have a flaw. If a private key is compromised all data - past, present or future - encrypted with this key can be viewed in plain text. For example Microsoft's outlook.com email service has historically relied on a single master key.

But it doesn't have be like this. PFS is specifically designed to address this problem. Originally introduced way back in 1992 by Whitfield Diffie (the key-exchange co-inventor), Paul von Ooschot and Michael Weiner, PFS describes a session-based station-to-station protocol.

This protocol mandates that both ends of the network channel work together to generate a new key set for each separate communication session. This means that owning a compromised key only allows an attacker to access information for one specific communication session. The next session will be encrypted using a different key set. So, adopting PFS greatly enhances data security.

Unfortunately there is small additional processing cost to generating new keys. While this isn't welcome the PFS configuration can be adjusted based on circumstances. For example the sensitivity of the information being transmitted or the security policies of various organisations involved.

Work In Progress

Google was one of the first major players to adopt forward security technology. As far back as 2011 Google switched on PFS for secure socket layer (SSL) encryption on its secure Search, Google+, Gmail, Calendar, Docs and other web services. Now it's using PFS for all its data centre internal network traffic to counteract further surreptitious data collection.

Microsoft has started a multi-phase plan to securely encrypt all stored user content and associated data transfers at every global data centre by the end of 2014. Key targets for enhanced encryption are the Outlook.com email facility, Office365, SkyDrive cloud-based storage and the Windows Azure suite of online services.

Yahoo CEO Marissa Mayer responded to the NSA surveillance allegations with a blog post to assure customers that, "Yahoo has never given access to our data centres to the NSA or to any other government agency. Ever." Mayer went on to confirm that Yahoo will enhance it's SSL security with 2048-bit level keys by January 2014 and all worldwide Yahoo data flows by the end of Q1 2014.

Twitter's announcement appeared in late November confirming it had implemented PFS on its main website, mobile site and API feeds. The configuration ensures new encryption keys are generated every time the user log in.

More To Do

As you might expect from a defender of digital rights and freedoms the Electronic Frontier Foundation (EFF) is keen to push for even wider PFS adoption. In a post on the EFF website it suggests all technology companies should seriously consider going down the same forward security route.

Yet there's still a long way to go. At the time of this post some big technology names are only just starting to think about how they address this area. Yet by mid-2014 any major services not supporting PFS are likely to attract plenty of negative media coverage.

Read more analysis posts.

Appcelerator Titanium: Mobile App Testing

The majority of your mobile app testing can be performed on your PC using Titanium's virtual device emulator window.

This tool offers a pretty good imitation of a real mobile device (iOS, Android, Blackberry, etc), including a complete graphical interface, complete with familiar features such as icons, menus and device unlocking.

However, it's not perfect.

Depending on the PC your using for development, you're probably missing out that all-important touch-interface experience.

And if your app interacts with the built-in camera, accelerometer, various other sensors or GPS positioning system can only be fully tested by using a real handset.

The steps necessary to deploy your app onto a real smartphone or tablet varies depending on the device brand and type.

For Android, with it's USB interface, it's a fairly straightforward procedure. But when it comes to Apple devices you'll discover connectivity restrictions make iOS app deployment a rather more complex process.

Appcelerator Titanium: Kitchen Sink

So, you've spent some time playing with the IDE and tried your hand at a 'Hello World' app.

What Next?

You could study the documentation? But a more interactive way to explore the API is to load the Kitchen Sink project.

Appcelerator provide both a Desktop and Mobile versions of a Kitchen Sink app on the popular GitHib site. Just download the zip, extract the contents contents and Import the project file into your IDE.

Inside you'll find host of useful code examples that exercise different part of the API. These can be copied to other projects as is, or modified in any way you wish to customise the app behaviour.

Although it's an excellent starting point, it only covers a small fragment of the complete API. So, you'll have to dive into the online documentation from time to time.

Appcelerator Titanium: API

This API is split into numerous modules, each with its own collection of classes, properties and methods. Functionality to cover all aspects of app development.

The modules include Android, App, Calendar, Cloud, Contacts, Database, Facebook, Filesystem, Geolocation, Map, Media, Network, Platform, UI, XML and Miscellaneous.

Some, like the UI module, contain a huge amount of functionality, while other have just a few classes. The full Titanium API documentation is posted online, along with plenty of code examples.

In addition to this documentation there's loads of tutorial material. This includes an impressive list of videos suitable for all levels, from beginner to expert.

Appcelerator Titanium: Mobile SDKs

As I mentioned previously there's a few additional installation steps for developing mobile apps.

Although Titanium enables you to create software for iOS, Android, Blackberry and ether mobile platforms, you'll also need the associated development environments to build native apps.

If it's Apple's iPhone and iPad devices you're interested in then you will need an Apple Mac. This is because Apple's Xcode development environment is used by the Titanium toolset to build native iOS apps.

Apps for Google's Android platform are built using the Java-based Android development kit, So, this needs to be installed on your PC first. However, this time it's a cross-platform SDK, meaning you can use a Windows, Linux or OS X.

In a similar way building Blackberry apps requires another SDK installation. Once again it's a cross-platform kit for Windows, Linux or OS X.

Titanium's tight bindings to these platform-specific SDKs extends to the selection of specific OS profiles (or versions). This is important as not all users of your app will have the latest and greatest iOS, Android or Blackberry OS version.

Appcelerator Titanium: Getting Started

According to the online documentation Titanium officially supports these operating systems: Windows 7, Mac OS X 10.6 or later and Ubuntu 9.10 (both 32bit and 64 bit versions).

However, the relatively low resource requirements and cross-platform nature of the tools and development kits means, in practice, you can use Windows Vista and (probably) XP and a variety of Linux platforms.

Go to the product downloads page to obtain a Titanium Developer Tool installation file for your platform, which invokes a sign-up step to add yourself to the Appcelerator Community. The installation process includes accepting the Apache 2.0 licence agreement.

An investigation of the target installation folder reveals a collection of executable and web page script resources. And a quick look at the desktop confirms we have a new Titanium Desktop icon.

Appcelerator provide the Eclipse-based Aptana Studio. This excellent IDE has all the functionality you'll need to create, edit, build and debug your apps. It's also perfect for general web development activities.

The Titanium toolset is the only software you will need to create desktop applications. However, mobile apps require some additional steps, something I'll discuss later.

Appcelerator Titanium: WebKit Engine

Titanium achieves all this flexibility through a design rather similar to Adobe's AIR product, but with a standards-based open source pedigree.

The key component is a platform-specific, WebKit derived runtime engine to render and execute the web pages and scripts as a native application.

WebKit technology is not only very popular – it's found in Adobe AIR's runtime and many browsers like Google's Chrome and Apple's Safari - but it allows developers to use the latest HTML5 and CSS3 standards, plus the powerful functionality offered by Javascript frameworks such as JQuery, Prototype, Dojo and MooTools.

Importantly, JavaScript behaviour and HTML/CSS rendering is consistent across all platforms, while still exhibiting an OS-specific look-and-feel. This is critical to achieving the best possible user experience on each platform - an important factor in gaining a high rating in the various mobile App stores and marketplaces.

Appcelerator Titanium: The Platform

Appcelerator is a development company, previously known for their SDK - a hybrid of client-side JavaScript library based on a custom Web Expression Language - and server-side web services supporting numerous application frameworks: Ruby on Rails, Google App Engine, Spring, Merb, Grails, and Pylons.

Titanium from Appcelerator is an open source platform for building Rich Internet Applications (RIAs) with web technology. As a concept it's nothing new, there are numerous commercial and open source competitors, including Adobe's AIR product. But two important differences set Titanium apart from the crowd.

Firstly, it enables developers to create native look-and-feel desktop and mobile applications using only open standard web languages. This means web-savvy developers can start creating applications immediately - without having to learn additional languages such as Java and Objective C, along with their extensive language-specific libraries and APIs.

Other than basic web scripting skills, the only additional requirement is some familiarity with Titanium's JavaScript Desktop and Mobile APIs. Titanium tools transform the web source into native windows and controls appropriate to the target platform.

Secondly, Titanium can take a single development project and build executable packages for any supported desktop or mobile platform. Application package targets already include Windows, Mac OS X and Linux desktops, together with Android smartphones/tablets and Apple's iOS iPhone/iPad devices and Blackberry devices.

The flexibility of a cross-platform solution, where you write the code only once, then deploy it to multiple platforms is very attractive.