Title: Overview of J2ME and PocketPC Support for both in the PDA, mobile phone market Securing J2ME/MIDP applications using Bouncy Castle Crypto APIs
1Overview of J2ME and PocketPC Support for both
in the PDA, mobile phone market Securing
J2ME/MIDP applications using Bouncy Castle Crypto
APIs
- Presented by Atul Shrivastava
- CSCI 5939
- Instructor Dr. Yang
- Date 27th March 2003
2What is J2ME?
- J2ME is a version of the Java programming
language and stands for Java 2 Micro Edition.''
- J2ME is designed with the memory and processor
limitations of small electronic devices, like
cell phones and personal digital assistants
(PDAs). - The JavaTM 2 Platform Micro Edition, (J2METM)
Wireless Toolkit are sets of tools that provide
application developers with the emulation
environments, documentation and examples needed
to develop Java technology applications targeted
at CLDC/MIDP compliant mobile phones and PDAs.
3MIDP
- Mobile Information Device Profile
- MIDP is also an open specification that adapts
existing technologies such as Java and the Web. - MIDP-based applications (also known as MIDlets)
is similar, but not identical, to developing Java
Applets in the sense they share a similar
programming model. - MIDP provides Java APIs using the
ConnectedLimited Device Configuration (CLDC) for
small, mobile information devices such as cell
phones and two-way pagers. - An applet is described in an HTML file, a MIDlet
or a group of MIDlets (known as a MIDlet Suite)
is described in a Java Descriptor (JAD) file.
4CVM
- C Virtual Machine
- CVM a JVM designed for higher-end, emerging, next
generation consumer electronic and embedded
devices(32-bit processor and 2Mb memory) - Devices using CVM are typically compact and
connected consumer-oriented devices. - The CVM virtual machine is a Java 2 virtual
machine designed for devices needing the
functionality of the Java 2 virtual machine
feature set, but with a smaller footprint.
5CDC
- Connected Device Configuration (CDC) includes the
CVM virtual machine and basic class libraries to
support Java language applications on pagers,
personal digital assistants (PDAs)
6POCKET PC
- Pocket versions of popular Microsoft applications
let you easily update and share the same data and
documents that you have on your desktop PC. - Mobile versions of familiar microsoft desktop
applications - Pocket Outlook -Mobile companion to Microsoft
Outlook. - Calendar keeps your Pocket PC "well-appointed."
- Tasks Tame your to-do list with Pocket PC tasks!
- Notes "electronic notepad."
- Pocket Word Pocket PC word.
- Pocket Excel Do the math.
- File Explorer
7MOBILE VERSIONS OF FAMILIAR MICROSOFT DESKTOP
APPLICATIONS
8NETWORK CONNECTION FOR POCKET PC
9POCKET OUTLOOK
10CHAT
11POCKET PC ENTERTAINMENT
12OTHER FEATURES
13WEB SURFING
14QUICK COMPARISON CHART POCKET PC AND PALM OS
-Yes xNo Optional (May be available as
Freeware)
15QUICK COMPARISON CHART POCKET PC AND PALM OS cont
16AVAILABLE PDAS SUPPORTING POCKET PC OPERATING
SYSTEM
17AVAILABLE PDAS SUPPORTING POCKET PC OPERATING
SYSTEM cont..
18J2ME - Java Enabled Devices Phones
19J2ME - Java Enabled Devices Phones cont..
20- SECURING J2ME/MIDP APPLICATIONS
- USING THE BOUNCY CASTLE CRYPTO APIS
21OVERVIEW
- XML digital signature technology can help
implement lightweight and flexible security
solutions for wireless Web services applications.
- Bouncy Castle cryptography package help securing
XML messaging. - Wireless communications are easy targets for air
wave interception wireless devices rarely have
the computing power to support strong encryption
of all communication data.
22THE ELEMENTS OF SECURE COMMUNICATION
- Authentication The digital signature on a public
key certificate can validate the authenticity of
the public key and therefore the party who holds
it. - Data integrity The parties must make sure that
the contents are not altered during transmission.
Digital signature is the most commonly used
technology to guarantee data integrity. - Data confidentiality Sometimes, the
communication data is sensitive and has to be
kept secret. Digital signature does not provide
data confidentiality. We have to use data
encryption. - Non-repudiation After a message is sent, the
sender should not be able deny it later. Digital
signature provides a partial solution. If the
message is digitally signed, the sender cannot
deny its responsibility because only he can
provide such signature.
23STEPS IN DIGITAL VERIFICATION
- The server generates a pair consisting of a
random public key and a private key using a set
of key model parameters. In real production
system, this step is usually not necessary
because the key pairs are usually pre-generated
and stored in server key stores. - When a JSP page is accessed, the server
calculates a digest for the response message. - The JSP page then invokes the signer in the
"sign" mode and generates a digital signature for
the digest using the private key. - The server embeds the signature information
including the digest, digital signature itself,
and public key parameters in the XML response
message.
24STEPS IN DIGITAL VERIFICATION
- The client receives the XML document and parses
the digest, digital signature, and public key
parameters into Java application data. - The client calculates a digest from the clear
text message and compares it with the digest from
the server. If the two digests do not match, the
document verification fails if they do match, go
to the next step. - The client reconstructs the public key using the
embedded key parameters. - The client invokes the signer in "verify" mode
and passes the digest, the signature, and the
public key to verify the signature.
25THE BOUNCY CASTLE CRYPTO APIS
- There are three Bouncy Castle's signers
- 1. DSA
- 2. ECC
- 3. RSA
-
26DSA
- 1. Creating an encoded digest
- 2. Generating key pairs using methods
DSASigUtil.generateKeys() - 3. Retrieving the model and key parameters by the
pubKey.getY() method. - 4. Using the generated private key, the utility
class DSASigUtil can get a two-part DSA
signature, R and S, from a digest - 5. The server encodes the digest, signature, and
key parameters into ASCII text form and embeds
the text in the XML digital signature format - 6. The verification MIDP application parses the
digest, key parameters, and signature out of the
XML document, reconstructs the public key
27ELLIPTICAL CURVE DSA SIGNATURE
- Defining the elliptical curve model
- Generating the random key pairs using the model
- ECDSAUtil methods for retrieving model and key
parameters - Retrieving the DSA signature
- Encoding and embedding in digital signature
format - Validating the signature
28RSA SIGNATURE
- Generating random key pairs using Exponent
- RSAUtil methods for retrieving model and key
parameters - Getting the byte array RSA signature
- Encoding and embedding in digital signature
format - Validating the signature
29PERFORMANCE COMPARISONS
- Bouncy Castle Crypto package slow JVM to perform
intensive big integer mathematical operations - Only the RSA algorithm gives an acceptable
performance - a minute on a 16MHz Palm VII device
- DSA and ECC algorithm performances are
unacceptable -take more than an hour to verify on
standard Palm VII MIDP - JVM must also take advantage of available special
hardware and underlying OS features to accelerate
security-related math operations.
30GLOSSARY
- The Intel StrongARM SA-1110 Microprocessor
(SA-1110) is a device optimized for meeting
portable and embedded application requirements.
In addition, the SA-1110 provides system support
logic, multiple serial communication channels, a
color/gray scale LCD controller, PCMCIA support
for up to two sockets, and general-purpose I/O
ports. - XScale Processor Designed to optimize low power
consumption and high performance processing for a
wide range of wireless and networking
applications and rich services. - CDMA works by converting speech into digital
information, which is then transmitted as a radio
signal over a wireless network. Using a unique
code to distinguish each different call, CDMA
enables many more people to share the airwaves at
the same time - without static, cross-talk or
interference. - JBlend The JBlend platform is the de facto
solution for deploying Java applications and
services in mobile phones. - GSM networks deliver high quality and secure
mobile voice and data services (such as SMS/Text
Messaging) with full roaming capabilities across
the world. - GPRS General Packet Radio Service (GPRS) enabled
networks offer 'always-on', higher capacity,
Internet-based content and packet-based data
services. This enables services such as colour
Internet browsing, e-mail on the move, powerful
visual communications, multimedia messages and
location-based services. - 3GSM is the latest addition to the GSM family.
3GSM is about having third generation mobile
multimedia services available globally. 3GSM
focuses on visionary communications, in more ways
than one. It's about the new visual ways in which
people will communicate and the unique vision of
the GSM community, which has always focused on
the future needs of our customers. - Bluetooth is the key to enabling wireless
personal area networks (WPAN) that connect
devices in close proximity
31REFERENCES
- http//www.microsoft.com/mobile/buyersguide/wheret
obuy/compare.asp - http//palmtops.about.com/library/blchart.htm
- http//www.microsoft.com/miserver/techinfo/adminis
tration/WAPgateway2002.asp - http//www.microsoft.com/mobile/default.asp
- http//java.sun.com/j2me/docs/
- http//java.sun.com/products/cdc/
- http//wireless.java.sun.com/midp/articles/midpwap
/ - http//www.microjava.com/developer/tools?content_i
d3893 - http//www.microsoft.com/mobile/pocketpc/hardware/
americas.asp - http//java.sun.com/products/midp/
- http//java.sun.com/products/midp/
- http//wireless.java.sun.com/midp/articles/wtoolki
t/ - http//www.streamlinemobile.com/DeviceSupport.jsp
- http//www.microjava.com/devices/
32Thank You !!!