Embed Size (px)
Citation preview
11
Overview of J2ME and PocketPC Overview of J2ME and PocketPC
Support for both in the PDA, mobile phone marketSupport for both in the PDA, mobile phone market
Securing J2ME/MIDP applications using BSecuring J2ME/MIDP applications using Bouncy Castle Crypto APIsouncy Castle Crypto APIs
Presented by: Atul ShrivastavaPresented by: Atul Shrivastava
CSCI 5939 CSCI 5939
Instructor: Dr. YangInstructor: Dr. Yang
Date: 27Date: 27thth March 2003 March 2003
22
What is J2ME?What is J2ME?
J2ME is a version of the Java programming language and J2ME is a version of the Java programming language and stands for ``Java 2 Micro Edition.'' stands for ``Java 2 Micro Edition.''
J2ME is designed with the memory and processor J2ME is designed with the memory and processor limitations of small electronic devices, like cell phones and limitations of small electronic devices, like cell phones and personal digital assistants (PDAs). personal digital assistants (PDAs).
The JavaTM 2 Platform Micro Edition, (J2METM) Wireless The JavaTM 2 Platform Micro Edition, (J2METM) Wireless Toolkit are sets of tools that provide application developers Toolkit are sets of tools that provide application developers with the emulation environments, documentation and with the emulation environments, documentation and examples needed to develop Java technology applications examples needed to develop Java technology applications targeted at CLDC/MIDP compliant mobile phones and PDAs.targeted at CLDC/MIDP compliant mobile phones and PDAs.
33
MIDPMIDP
Mobile Information Device Profile Mobile Information Device Profile
MIDP is also an open specification that adapts existing MIDP is also an open specification that adapts existing
technologies such as Java and the Web. technologies such as Java and the Web.
MIDP-based applications (also known as MIDlets) is similar, but MIDP-based applications (also known as MIDlets) is similar, but
not identical, to developing Java Applets in the sense they not identical, to developing Java Applets in the sense they
share a similar programming model.share a similar programming model.
MIDPMIDP provides Java APIs using the ConnectedLimited Device provides Java APIs using the ConnectedLimited Device
Configuration (CLDC) for small, mobile information devices such Configuration (CLDC) for small, mobile information devices such
as cell phones and two-way pagers.as cell phones and two-way pagers.
An applet is described in an HTML file, a MIDlet or a group of An applet is described in an HTML file, a MIDlet or a group of
MIDlets (known as a MIDlet Suite) is described in a Java MIDlets (known as a MIDlet Suite) is described in a Java
Descriptor (JAD) file. Descriptor (JAD) file.
44
CVMCVM
C Virtual MachineC Virtual Machine
CVM a JVM designed for higher-end, emerging, next CVM a JVM designed for higher-end, emerging, next
generation consumer electronic and embedded devices(32-generation consumer electronic and embedded devices(32-
bit processor and 2Mb+ memory)bit processor and 2Mb+ memory) Devices using CVM are typically compact and connected Devices using CVM are typically compact and connected
consumer-oriented devices.consumer-oriented devices. The CVM virtual machine is a Java 2 virtual machine The CVM virtual machine is a Java 2 virtual machine
designed for devices needing the functionality of the Java 2 designed for devices needing the functionality of the Java 2 virtual machine feature set, but with a smaller footprint. virtual machine feature set, but with a smaller footprint.
55
CDCCDC
Connected Device Configuration (CDC) includes the CVM Connected Device Configuration (CDC) includes the CVM virtual machine and basic class libraries to support Java virtual machine and basic class libraries to support Java language applications on pagers, personal digital assistants language applications on pagers, personal digital assistants (PDAs)(PDAs)
66
POCKET PCPOCKET PC Pocket versions of popular Microsoft applications Pocket versions of popular Microsoft applications
let you easily update and share the same data let you easily update and share the same data and documents that you have on your desktop and documents that you have on your desktop PC. PC.
Mobile versions of familiar microsoft desktop Mobile versions of familiar microsoft desktop applications applications
1.1. Pocket Outlook®Pocket Outlook® -Mobile companion to Microsoft -Mobile companion to Microsoft Outlook.Outlook.
2.2. CalendarCalendar keeps your Pocket PC "well-appointed." keeps your Pocket PC "well-appointed." 3.3. TasksTasks Tame your to-do list with Pocket PC tasks! Tame your to-do list with Pocket PC tasks! 4.4. NotesNotes "electronic notepad." "electronic notepad." 5.5. Pocket WordPocket Word Pocket PC word. Pocket PC word.6.6. Pocket ExcelPocket Excel Do the math. Do the math. 7.7. File ExplorerFile Explorer
77
MOBILE VERSIONS OF FAMILIAR MOBILE VERSIONS OF FAMILIAR MICROSOFT DESKTOP APPLICATIONSMICROSOFT DESKTOP APPLICATIONS
88
NETWORK CONNECTION FOR NETWORK CONNECTION FOR POCKET PCPOCKET PC
99
POCKET OUTLOOKPOCKET OUTLOOK
1010
CHAT CHAT
1111
POCKET PC ENTERTAINMENTPOCKET PC ENTERTAINMENT
1212
OTHER FEATURESOTHER FEATURES
1313
WEB SURFINGWEB SURFING
1414
QUICK COMPARISON CHART QUICK COMPARISON CHART POCKET PC AND PALM OSPOCKET PC AND PALM OS
Feature Pocket Pc 2002 Palm OS 4.1 Palm OS 5.0
Address Book Calendar NotePad Email Task List Calculator Onscreen Keyboard Handwriting Syncs with PC Syncs with Mac Desktop PIM Included
Syncs with Outlook $ Syncs with Lotus Notes $ $ $
-=Yes x=No $=Optional (May be available as Freeware)
1515
QUICK COMPARISON CHART QUICK COMPARISON CHART POCKET PC AND PALM OS cont…POCKET PC AND PALM OS cont…
Microsoft Word document support $ Microsoft Excel document support $ Microsoft PowerPoint support $ $
Adobe Acrobat Support $ $ $
Voice recorder $ HTML browser $ WAP browser $ $
Offline browsing $ $
Instant messenger client $ MP3 playback support Video playback $ E-book reader $ $
16-bit color support
1616
AVAILABLE PDA’S SUPPORTING AVAILABLE PDA’S SUPPORTING POCKET PC OPERATING SYSTEMPOCKET PC OPERATING SYSTEM
S.No PDA’s and estimates prices Description
11 Toshiba 2032 U.S.$799.99 Intel StrongARM 32-bit processor
22 Casio Cassiopeia E-200U.S.$599*
Intel StrongARM 32-bit processor
33 HP Jornada 560 series (565/568)U.S.$599*
Intel StrongARM 32-bit processor
44 Audiovox Maestro Pocket PC PDA-1032U.S.$549*
Intel StrongARM 32-bit Processor
55 iPAQ H3970U.S.$749*
Intel XScale Processor
66 T-Mobile Pocket PC Phone EditionU.S.$549.99*
Intel StrongARM Processor
77 Gradiente PartnerR$4.599,00
Strong ARM AS 1110
88 Toshiba e330$349*
Intel® PXA250
99 Dell Axim X5Starting at U.S. $199
Intel XScale
1010 Toshiba e740$599*
Intel XScale
1717
AVAILABLE PDA’S SUPPORTING AVAILABLE PDA’S SUPPORTING POCKET PC OPERATING SYSTEM cont..POCKET PC OPERATING SYSTEM cont..
1111 Compaq iPAQ Pocket PC H3870/H3835 U.S.$599*
Intel StrongARM 32-bit processor
1212 ViewSonic Pocket PC V35U.S. $299*
Intel XScale Processor
1313 Toshiba e310$399*
Intel StrongARM 32-bit processor
1414 Toshiba Pocket PC e570U.S.$569*
Intel StrongARM 32-bit processor
1515 Zayo A600 U.S. $599* Intel XScale
1616 Siemens / AT&T Wireless SX56 Pocket PC Phone U.S. $549*
Intel StrongARM Processor
1717 NEC MobilePro P300 (MC/PG5000A) U.S.$599*
Intel StrongARM 32-bit processor
1818 Alaska Cove MexmalU.S.$399* Intel StrongARM SA1110
1919 HP iPAQ Pocket PC H1910 U.S.$299*
Intel XScale
1818
J2ME - Java Enabled Devices & PhonesJ2ME - Java Enabled Devices & Phones
S.No Java Enabled Devices & Phones
Description
11 Casio C452CA Runs J2ME/MIDP, JBlend, EzplusVM: MIDP Platform: CdmaOne
22 Fujitsu F503iS VM: iAppli Platform: iMode (PDC)
33 Hitachi C451H, C3001H VM: MIDP Platform: EZ-Java
44 LG Electronics C-nain 2000 CX-300L Cyber-ez-X1 I-Book
CDMA 1XRTT Tri-Mode phone available from Sprint PCS.
VM: MIDP Platform: CDMA2000 1X
55 Mitsubishi J-D05,D503i, D503iS
VM: iAppli Platform: iMode (PDC)
66 Motorola i50sx i55sr i80s i85s i90c Accompli 008/6288
Available in the U.S. and Canada, the i85s was the first J2ME-enabled mobile phone available in North America.
VM: MIDP Platform: iDEN
1919
J2ME - Java Enabled Devices & Phones J2ME - Java Enabled Devices & Phones cont..cont..
77 Nokia 9210 Communicator
The first Nokia product with wireless Java support
VM: PersonalJava Platform: Symbian
88 Panasonic P503i P503iS P2101V
VM: CLDC Platform: PDC
99 Sharp J-SH07 VM: MIDP Platform: JBlend
1010 Siemens S56 256-color display and integrated Bluetooth technology.
VM: MIDP Platform: GSM
1111 Toshiba C5001T VM: MIDP Platform: CDMA
1212 Sanyo SCP-4900
This dual-band Sprint, "Vision-enabled" phone was released by Sprint PCS, August 2002 in the U.S.
VM: MIDP Platform: CDMA2000 1X
2020
SECURING J2ME/MIDP SECURING J2ME/MIDP
APPLICATIONSAPPLICATIONS
USING THE BOUNCY CASTLE USING THE BOUNCY CASTLE
CRYPTO APISCRYPTO APIS
2121
OVERVIEWOVERVIEW XML digital signature technology can help implement XML digital signature technology can help implement
lightweight and flexible security solutions for wireless Web lightweight and flexible security solutions for wireless Web services applications. services applications.
Bouncy Castle cryptography package help securing XML Bouncy Castle cryptography package help securing XML messaging.messaging.
Wireless communications are easy targets for air wave Wireless communications are easy targets for air wave interception wireless devices rarely have the computing interception wireless devices rarely have the computing power to support strong encryption of all communication power to support strong encryption of all communication data. data.
2222
THE ELEMENTS OF SECURE THE ELEMENTS OF SECURE COMMUNICATIONCOMMUNICATION
AuthenticationAuthentication: The digital signature on a public key certificate : The digital signature on a public key certificate can validate the authenticity of the public key and therefore the can validate the authenticity of the public key and therefore the party who holds it. party who holds it.
Data integrityData integrity: The parties must make sure that the contents are : The parties must make sure that the contents are not altered during transmission. Digital signature is the most not altered during transmission. Digital signature is the most commonly used technology to guarantee data integrity. commonly used technology to guarantee data integrity.
Data confidentialityData confidentiality: Sometimes, the communication data is : Sometimes, the communication data is sensitive and has to be kept secret. Digital signature does not sensitive and has to be kept secret. Digital signature does not provide data confidentiality. We have to use data encryption. provide data confidentiality. We have to use data encryption.
Non-repudiationNon-repudiation: After a message is sent, the sender should not : After a message is sent, the sender should not be able deny it later. Digital signature provides a partial solution. be able deny it later. Digital signature provides a partial solution. If the message is digitally signed, the sender cannot deny its If the message is digitally signed, the sender cannot deny its responsibility because only he can provide such signature. responsibility because only he can provide such signature.
2323
STEPS IN DIGITAL VERIFICATIONSTEPS IN DIGITAL VERIFICATION
The server generates a pair consisting of a random public key and The server generates a pair consisting of a random public key and a private key using a set of key model parameters. In real a private key using a set of key model parameters. In real production system, this step is usually not necessary because the production system, this step is usually not necessary because the key pairs are usually pre-generated and stored in server key key pairs are usually pre-generated and stored in server key stores.stores.
When a JSP page is accessed, the server calculates a digest for the When a JSP page is accessed, the server calculates a digest for the response message.response message.
The JSP page then invokes the signer in the "sign" mode and The JSP page then invokes the signer in the "sign" mode and generates a digital signature for the digest using the private key.generates a digital signature for the digest using the private key.
The server embeds the signature information including the digest, The server embeds the signature information including the digest, digital signature itself, and public key parameters in the XML digital signature itself, and public key parameters in the XML response message.response message.
2424
STEPS IN DIGITAL VERIFICATIONSTEPS IN DIGITAL VERIFICATION
The client receives the XML document and parses the digest, The client receives the XML document and parses the digest, digital signature, and public key parameters into Java application digital signature, and public key parameters into Java application data.data.
The client calculates a digest from the clear text message and The client calculates a digest from the clear text message and compares it with the digest from the server. If the two digests do compares it with the digest from the server. If the two digests do not match, the document verification fails; if they do match, go to not match, the document verification fails; if they do match, go to the next step.the next step.
The client reconstructs the public key using the embedded key The client reconstructs the public key using the embedded key parameters.parameters.
The client invokes the signer in "verify" mode and passes the The client invokes the signer in "verify" mode and passes the digest, the signature, and the public key to verify the signature.digest, the signature, and the public key to verify the signature.
2525
THE BOUNCY CASTLE CRYPTO APISTHE BOUNCY CASTLE CRYPTO APIS
There are three Bouncy Castle's signersThere are three Bouncy Castle's signers
1. DSA1. DSA2. ECC2. ECC3. RSA3. RSA
2626
DSADSA
1. Creating an encoded digest 1. Creating an encoded digest
2. Generating key pairs using methods DSASigUtil.generateKeys() 2. Generating key pairs using methods DSASigUtil.generateKeys()
3. Retrieving the model and key parameters by the pubKey.getY() 3. Retrieving the model and key parameters by the pubKey.getY()
method. method.
4. Using the generated private key, the utility class DSASigUtil can 4. Using the generated private key, the utility class DSASigUtil can
get a two-part DSA signature, R and S, from a digestget a two-part DSA signature, R and S, from a digest
5. The server encodes the digest, signature, and key parameters into 5. The server encodes the digest, signature, and key parameters into
ASCII text form and embeds the text in the XML digital signature ASCII text form and embeds the text in the XML digital signature
format format
6. The verification MIDP application parses the digest, key 6. The verification MIDP application parses the digest, key
parameters, and signature out of the XML document, parameters, and signature out of the XML document,
reconstructs the public key reconstructs the public key
2727
ELLIPTICAL CURVE DSA ELLIPTICAL CURVE DSA SIGNATURESIGNATURE
1.1. Defining the elliptical curve model Defining the elliptical curve model
2.2. Generating the random key pairs using the model Generating the random key pairs using the model
3.3. ECDSAUtil methods for retrieving model and key ECDSAUtil methods for retrieving model and key
parameters parameters
4.4. Retrieving the DSA signature Retrieving the DSA signature
5.5. Encoding and embedding in digital signature format Encoding and embedding in digital signature format
6.6. Validating the signatureValidating the signature
2828
RSA SIGNATURERSA SIGNATURE
1.1. Generating random key pairs using Exponent Generating random key pairs using Exponent
2.2. RSAUtil methods for retrieving model and key parameters RSAUtil methods for retrieving model and key parameters
3.3. Getting the byte array RSA signature Getting the byte array RSA signature
4.4. Encoding and embedding in digital signature format Encoding and embedding in digital signature format
5.5. Validating the signature Validating the signature
2929
PERFORMANCE COMPARISONSPERFORMANCE COMPARISONS
Bouncy Castle Crypto package slow JVM to perform Bouncy Castle Crypto package slow JVM to perform
intensive big integer mathematical operationsintensive big integer mathematical operations
Only the RSA algorithm gives an acceptable performance - Only the RSA algorithm gives an acceptable performance -
a minute on a 16MHz Palm VII device a minute on a 16MHz Palm VII device
DSA and ECC algorithm performances are unacceptable -DSA and ECC algorithm performances are unacceptable -
take more than an hour to verify on standard Palm VII MIDP take more than an hour to verify on standard Palm VII MIDP
JVM must also take advantage of available special hardware JVM must also take advantage of available special hardware
and underlying OS features to accelerate security-related and underlying OS features to accelerate security-related
math operations. math operations.
3030
GLOSSARYGLOSSARY The Intel® StrongARM*The Intel® StrongARM* SA-1110 Microprocessor (SA-1110) is a device optimized for SA-1110 Microprocessor (SA-1110) is a device optimized for
meeting portable and embedded application requirements. In addition, the SA-1110 meeting portable and embedded application requirements. In addition, the SA-1110 provides system support logic, multiple serial communication channels, a color/gray scale provides system support logic, multiple serial communication channels, a color/gray scale LCD controller, PCMCIA support for up to two sockets, and general-purpose I/O ports.LCD controller, PCMCIA support for up to two sockets, and general-purpose I/O ports.
XScaleXScale Processor Designed to optimize low power consumption and high performance Processor Designed to optimize low power consumption and high performance processing for a wide range of wireless and networking applications and rich services. processing for a wide range of wireless and networking applications and rich services.
CDMACDMA works by converting speech into digital information, which is then transmitted as a works by converting speech into digital information, which is then transmitted as a radio signal over a wireless network. Using a unique code to distinguish each different call, radio signal over a wireless network. Using a unique code to distinguish each different call, CDMA enables many more people to share the airwaves at the same time - without static, CDMA enables many more people to share the airwaves at the same time - without static, cross-talk or interference.cross-talk or interference.
JBlendJBlend The JBlend platform is the de facto solution for deploying Java applications and The JBlend platform is the de facto solution for deploying Java applications and services in mobile phones. services in mobile phones.
GSMGSM networks deliver high quality and secure mobile voice and data services (such as networks deliver high quality and secure mobile voice and data services (such as SMS/Text Messaging) with full roaming capabilities across the world.SMS/Text Messaging) with full roaming capabilities across the world.
GPRSGPRS General Packet Radio Service (GPRS) enabled networks offer 'always-on', higher General Packet Radio Service (GPRS) enabled networks offer 'always-on', higher capacity, Internet-based content and packet-based data services. This enables services capacity, Internet-based content and packet-based data services. This enables services such as colour Internet browsing, e-mail on the move, powerful visual communications, such as colour Internet browsing, e-mail on the move, powerful visual communications, multimedia messages and location-based services.multimedia messages and location-based services.
3GSM*3GSM* is the latest addition to the GSM family. 3GSM* is about having third generation is the latest addition to the GSM family. 3GSM* is about having third generation mobile multimedia services available globally. 3GSM* focuses on visionary mobile multimedia services available globally. 3GSM* focuses on visionary communications, in more ways than one. It's about the new visual ways in which people communications, in more ways than one. It's about the new visual ways in which people will communicate and the unique vision of the GSM community, which has always focused will communicate and the unique vision of the GSM community, which has always focused on the future needs of our customers.on the future needs of our customers.
BluetoothBluetooth is the key to enabling wireless personal area networks (WPAN) that connect is the key to enabling wireless personal area networks (WPAN) that connect devices in close proximitydevices in close proximity
3131
REFERENCESREFERENCES
http://www.microsoft.com/mobile/buyersguide/wheretobuy/compare.asphttp://www.microsoft.com/mobile/buyersguide/wheretobuy/compare.asp
http://http://palmtops.about.com/library/blchart.htmpalmtops.about.com/library/blchart.htm
http://www.microsoft.com/miserver/techinfo/administration/WAPgateway2002.asphttp://www.microsoft.com/miserver/techinfo/administration/WAPgateway2002.asp
http://www.microsoft.com/mobile/default.asphttp://www.microsoft.com/mobile/default.asp
http://java.sun.com/j2me/docs/http://java.sun.com/j2me/docs/
http://java.sun.com/products/cdc/http://java.sun.com/products/cdc/
http://wireless.java.sun.com/midp/articles/midpwap/http://wireless.java.sun.com/midp/articles/midpwap/
http://www.microjava.com/developer/tools?content_id=3893http://www.microjava.com/developer/tools?content_id=3893
http://www.microsoft.com/mobile/pocketpc/hardware/americas.asphttp://www.microsoft.com/mobile/pocketpc/hardware/americas.asp
http://java.sun.com/products/midp/http://java.sun.com/products/midp/
http://java.sun.com/products/midp/http://java.sun.com/products/midp/
http://wireless.java.sun.com/midp/articles/wtoolkit/http://wireless.java.sun.com/midp/articles/wtoolkit/
http://www.streamlinemobile.com/DeviceSupport.jsphttp://www.streamlinemobile.com/DeviceSupport.jsp
http://www.microjava.com/devices/http://www.microjava.com/devices/
3232
Thank You !!!Thank You !!!
Questions???Questions???
