Overview of J2ME and PocketPC Support for both in the PDA, mobile phone market Securing J2ME/MIDP applications using Bouncy Castle Crypto APIs - PowerPoint PPT Presentation

1 / 32

About This Presentation

Title:

Overview of J2ME and PocketPC Support for both in the PDA, mobile phone market Securing J2ME/MIDP applications using Bouncy Castle Crypto APIs

Description:

... next generation consumer electronic and embedded ... Wireless communications are easy targets for air wave interception wireless devices rarely have the ... – PowerPoint PPT presentation

Number of Views:70

Avg rating:3.0/5.0

Slides: 33

Provided by: sceUhclE

Learn more at: http://sce.uhcl.edu

Category:

more less

Transcript and Presenter's Notes

Title: Overview of J2ME and PocketPC Support for both in the PDA, mobile phone market Securing J2ME/MIDP applications using Bouncy Castle Crypto APIs

1
Overview of J2ME and PocketPC Support for both
in the PDA, mobile phone market Securing
J2ME/MIDP applications using Bouncy Castle Crypto
APIs

Presented by Atul Shrivastava
CSCI 5939
Instructor Dr. Yang
Date 27th March 2003

2
What is J2ME?

J2ME is a version of the Java programming
language and stands for Java 2 Micro Edition.''
J2ME is designed with the memory and processor
limitations of small electronic devices, like
cell phones and personal digital assistants
(PDAs).
The JavaTM 2 Platform Micro Edition, (J2METM)
Wireless Toolkit are sets of tools that provide
application developers with the emulation
environments, documentation and examples needed
to develop Java technology applications targeted
at CLDC/MIDP compliant mobile phones and PDAs.

3
MIDP

Mobile Information Device Profile
MIDP is also an open specification that adapts
existing technologies such as Java and the Web.
MIDP-based applications (also known as MIDlets)
is similar, but not identical, to developing Java
Applets in the sense they share a similar
programming model.
MIDP provides Java APIs using the
ConnectedLimited Device Configuration (CLDC) for
small, mobile information devices such as cell
phones and two-way pagers.
An applet is described in an HTML file, a MIDlet
or a group of MIDlets (known as a MIDlet Suite)
is described in a Java Descriptor (JAD) file.

4
CVM

C Virtual Machine
CVM a JVM designed for higher-end, emerging, next
generation consumer electronic and embedded
devices(32-bit processor and 2Mb memory)
Devices using CVM are typically compact and
connected consumer-oriented devices.
The CVM virtual machine is a Java 2 virtual
machine designed for devices needing the
functionality of the Java 2 virtual machine
feature set, but with a smaller footprint.

5
CDC

Connected Device Configuration (CDC) includes the
CVM virtual machine and basic class libraries to
support Java language applications on pagers,
personal digital assistants (PDAs)

6
POCKET PC

Pocket versions of popular Microsoft applications
let you easily update and share the same data and
documents that you have on your desktop PC.
Mobile versions of familiar microsoft desktop
applications
Pocket Outlook -Mobile companion to Microsoft
Outlook.
Calendar keeps your Pocket PC "well-appointed."
Tasks Tame your to-do list with Pocket PC tasks!
Notes "electronic notepad."
Pocket Word Pocket PC word.
Pocket Excel Do the math.
File Explorer

7
MOBILE VERSIONS OF FAMILIAR MICROSOFT DESKTOP
APPLICATIONS
8
NETWORK CONNECTION FOR POCKET PC
9
POCKET OUTLOOK
10
CHAT
11
POCKET PC ENTERTAINMENT
12
OTHER FEATURES
13
WEB SURFING
14
QUICK COMPARISON CHART POCKET PC AND PALM OS
-Yes xNo Optional (May be available as
Freeware)

15
QUICK COMPARISON CHART POCKET PC AND PALM OS cont

16
AVAILABLE PDAS SUPPORTING POCKET PC OPERATING
SYSTEM
17
AVAILABLE PDAS SUPPORTING POCKET PC OPERATING
SYSTEM cont..
18
J2ME - Java Enabled Devices Phones
19
J2ME - Java Enabled Devices Phones cont..
20

SECURING J2ME/MIDP APPLICATIONS
USING THE BOUNCY CASTLE CRYPTO APIS

21
OVERVIEW

XML digital signature technology can help
implement lightweight and flexible security
solutions for wireless Web services applications.
Bouncy Castle cryptography package help securing
XML messaging.
Wireless communications are easy targets for air
wave interception wireless devices rarely have
the computing power to support strong encryption
of all communication data.

22
THE ELEMENTS OF SECURE COMMUNICATION

Authentication The digital signature on a public
key certificate can validate the authenticity of
the public key and therefore the party who holds
it.
Data integrity The parties must make sure that
the contents are not altered during transmission.
Digital signature is the most commonly used
technology to guarantee data integrity.
Data confidentiality Sometimes, the
communication data is sensitive and has to be
kept secret. Digital signature does not provide
data confidentiality. We have to use data
encryption.
Non-repudiation After a message is sent, the
sender should not be able deny it later. Digital
signature provides a partial solution. If the
message is digitally signed, the sender cannot
deny its responsibility because only he can
provide such signature.

23
STEPS IN DIGITAL VERIFICATION

The server generates a pair consisting of a
random public key and a private key using a set
of key model parameters. In real production
system, this step is usually not necessary
because the key pairs are usually pre-generated
and stored in server key stores.
When a JSP page is accessed, the server
calculates a digest for the response message.
The JSP page then invokes the signer in the
"sign" mode and generates a digital signature for
the digest using the private key.
The server embeds the signature information
including the digest, digital signature itself,
and public key parameters in the XML response
message.

24
STEPS IN DIGITAL VERIFICATION

The client receives the XML document and parses
the digest, digital signature, and public key
parameters into Java application data.
The client calculates a digest from the clear
text message and compares it with the digest from
the server. If the two digests do not match, the
document verification fails if they do match, go
to the next step.
The client reconstructs the public key using the
embedded key parameters.
The client invokes the signer in "verify" mode
and passes the digest, the signature, and the
public key to verify the signature.

25
THE BOUNCY CASTLE CRYPTO APIS

There are three Bouncy Castle's signers
1. DSA
2. ECC
3. RSA

26
DSA

1. Creating an encoded digest
2. Generating key pairs using methods
DSASigUtil.generateKeys()
3. Retrieving the model and key parameters by the
pubKey.getY() method.
4. Using the generated private key, the utility
class DSASigUtil can get a two-part DSA
signature, R and S, from a digest
5. The server encodes the digest, signature, and
key parameters into ASCII text form and embeds
the text in the XML digital signature format
6. The verification MIDP application parses the
digest, key parameters, and signature out of the
XML document, reconstructs the public key

27
ELLIPTICAL CURVE DSA SIGNATURE

Defining the elliptical curve model
Generating the random key pairs using the model
ECDSAUtil methods for retrieving model and key
parameters
Retrieving the DSA signature
Encoding and embedding in digital signature
format
Validating the signature

28
RSA SIGNATURE

Generating random key pairs using Exponent
RSAUtil methods for retrieving model and key
parameters
Getting the byte array RSA signature
Encoding and embedding in digital signature
format
Validating the signature

29
PERFORMANCE COMPARISONS

Bouncy Castle Crypto package slow JVM to perform
intensive big integer mathematical operations
Only the RSA algorithm gives an acceptable
performance - a minute on a 16MHz Palm VII device
DSA and ECC algorithm performances are
unacceptable -take more than an hour to verify on
standard Palm VII MIDP
JVM must also take advantage of available special
hardware and underlying OS features to accelerate
security-related math operations.

30
GLOSSARY

The Intel StrongARM SA-1110 Microprocessor
(SA-1110) is a device optimized for meeting
portable and embedded application requirements.
In addition, the SA-1110 provides system support
logic, multiple serial communication channels, a
color/gray scale LCD controller, PCMCIA support
for up to two sockets, and general-purpose I/O
ports.
XScale Processor Designed to optimize low power
consumption and high performance processing for a
wide range of wireless and networking
applications and rich services.
CDMA works by converting speech into digital
information, which is then transmitted as a radio
signal over a wireless network. Using a unique
code to distinguish each different call, CDMA
enables many more people to share the airwaves at
the same time - without static, cross-talk or
interference.
JBlend The JBlend platform is the de facto
solution for deploying Java applications and
services in mobile phones.
GSM networks deliver high quality and secure
mobile voice and data services (such as SMS/Text
Messaging) with full roaming capabilities across
the world.
GPRS General Packet Radio Service (GPRS) enabled
networks offer 'always-on', higher capacity,
Internet-based content and packet-based data
services. This enables services such as colour
Internet browsing, e-mail on the move, powerful
visual communications, multimedia messages and
location-based services.
3GSM is the latest addition to the GSM family.
3GSM is about having third generation mobile
multimedia services available globally. 3GSM
focuses on visionary communications, in more ways
than one. It's about the new visual ways in which
people will communicate and the unique vision of
the GSM community, which has always focused on
the future needs of our customers.
Bluetooth is the key to enabling wireless
personal area networks (WPAN) that connect
devices in close proximity