| |
Mobile security development choices
|
Michael Juntao Yuan and Ju Long
EE Times
(09/12/2003 9:10 AM EDT)
As mobile commerce becomes less of a buzzword and more of a reality, transaction security is becoming an important concern for mobile users and wireless application developers alike. The overall security of a network is only as strong as its weakest link, and in a mobile-commerce network, the weakest link is the client-side device. The interceptable nature of wireless signals and the limited memory and computing power of most handheld devices leaves wireless systems dangerously vulnerable to data theft.
The choice of development platform and tools play a significant role in how effectively you can secure your wireless applications and the networks on which they will run. In this article, we'll focus on both the advantages and the compromises of developing on the Java 2 Platform, Micro Edition (J2ME).
The most notable benefit of using the Java platform for wireless device development is that you're able to produce portable code that can run on multiple platforms. Even with this advantage, wireless devices offer a vast range of capabilities in terms of memory, processing power, battery life, display size and network bandwidth. It would be impossible to port the complete functionalities of an application running on a sophisticated set-top box to a cell phone. Even for similar devices such as PDAs and advanced smart phones, establishing portability between the two often poses a strain to one device and underutilization of the other. Real portability is possible only among groups of similar devices. Recognizing that one size does not fit all, J2ME was designed to strike a balance between portability and usability.
J2ME developers divided it into several different configurations and profiles. Configurations contain Java language core libraries for a range of devices. Currently there are two configurations: Connected Device Configuration (CDC) is designed for relatively big and powerful devices such as high-end PDAs, set-top boxes and network appliances; Connected Limited Device Configuration (CLDC) is intended for small, resource-constrained devices such as cell phones and low-end PDAs. CDC has far more advanced security, mathematical and I/O functions than does CLDC.
On top of each configuration rest several profiles. Profiles define more advanced, device-specific API libraries, including GUI, networking, and persistent-storage APIs. Each profile has its own run-time environment and is suited for a range of similar devices. Java applications written for a specific profile can be ported across all the hardware/operating system platforms supported by that profile. The Mobile Information Device Profile (MIDP) and the PDA Profile are two of the more significant profiles for the CLDC. The Foundation Profile and the Personal Profile are two important profiles for the CDC.
The Personal Profile is built on top of the Foundation Profile to run on high-end PDAs. The Personal Profile is equipped with a complete Java 2-compatible virtual machine implementation. Personal Profile applications can leverage all the Java 2, Standard Edition (J2SE) domain-based security managers, as well as the extensive set of cryptography and security libraries available for J2SE applications. Overall, the Personal Profile offers mature security solutions that are similar to those for J2SE applications.
Implementing secure MIDP applications is much harder, due to the CLDC configuration's limited mathematical functionalities and the scant processing power of many of the underlying devices. MIDP devices are, however, the most widely used wireless devices, so enabling secure applications on those devices is important. In this article, we'll mainly focus on the security challenges and solutions currently available or in development for MIDP applications.
J2ME vs. WAP
Both native apps and J2ME apps have much more to offer than those built under the Wireless Application Protocol (WAP), in terms of both features and security. Whereas WAP is a thin-client development protocol, J2ME is a development platform specifically for smart applications. Regardless of whether the application uses J2ME or a native technology, smart applications offer the following security advantages over WAP applications:
In a WAP thin-client environment, communication security is provided by the encryption protocols built-in to the infrastructure. The communication parties cannot adjust the encryption level to suit their business needs. Smart clients can establish end-to-end secure communication channels (for example, SSL and HTTPS) directly to backend servers. The server and client have the freedom to decide the algorithms, keys and content to encrypt. In fact, HTTPS is mandatorily supported in all MIDP v2.0 devices.
Smart clients and end-to-end secure channels eliminate the single point of failure of the infrastructure. That is especially useful in the light of recent vulnerabilities in WAP gateways and WiFi access points.
In addition to connection-based security, J2ME smart clients also have direct access to cryptography algorithms via a number of commercial and Open Source lightweight cryptography libraries, such as Bouncy Castle, Phaos, IAIK and NTRU. This enables more flexible content-based security schemes. Content-based security is ideal in loosely coupled, messaging-based Web services environment, where there is no well-defined point-to-point connections and each message goes through multiple value-adding intermediaries.
Smart applications can store and process data locally, thereby reducing network traffic. Not only does this conserve precious wireless bandwidth and reduce latency, it reduces the likelihood that crucial information will be intercepted or interrupted, say, by denial-of-service attacks, for instance.
Smart applications use device processing power efficiently. Instead of encrypting everything with the same key strength regardless of needs, rich clients can establish a comprehensive differentiating security policy based on the content.
Because smart applications can do much more than WAP pages, running smart applications does increase the risk of software crashes and/or virus attacks. Next, we will discuss the processing and security advantages of J2ME applications over those of device-native applications.
J2ME vs. native clients
As we have mentioned, compared with the native platforms, the main strength of the Java platform is that it allows us to write portable applications. The Java platform's portability stems from its execution model. Specifically, it stems from the use of the JVM to process Java byte code into machine code at run-time, providing a compatibility layer on top of the hardware. The Java platform's execution model also introduces some important security benefits that device-native applications lack. These benefits include:
The JVM verifies all classes in class loaders and ensures that applications do not perform any dangerous operations. The byte code verification process guarantees that an application cannot access memory spaces or use resources outside of its domain. Byte code verification also prevents an application from overloading the Java language core libraries, a method that could be used to bypass other application-level security measures. Due to the high computational overhead of this operation, however, MIDP VMs do not perform complete byte code verification at run-time. Instead, the application developer must preverify the classes on a development platform or staging area before deploying the application into mobile devices. The preverification process optimizes the execution flows, creates stack maps containing catalogs of instructions in the application, and then adds the stack maps to the preverified class files. At run-time, the MIDP VM does a quick linear scan of the byte code, matching each valid instruction with a proper stack map entry.
The JVM has a monitoring mechanism to safeguard run-time application errors. A good example is the garbage collector. The JVM can clean up application memory heaps automatically at run time. This helps to avoid memory leaks, which are the major cause of crashes among native applications.
The JVM can provide a security manager or sandbox for applications. Viruses and other hostile code accidentally downloaded from the Web can pose serious security risks. On the Java platform, it's possible to digitally sign entire applications (for example, JAR files). The JVM security manager grants the signed application privileges to access specific APIs (domains) based on the trust level of the signer. Due to limited processing power and memory, however, a domain-based security manager is not yet available in the MIDP 1.0 specification. The current MIDP VMs can only provide a minimum-security sandbox. For example, a MIDlet suite (which is an application suite that conforms to the Mobile Information Device Profile), can only access persistent record stores created by itself. The upcoming MIDP 2.0 specification will require support for the domain security model, including a domain-based security manager, application code signing and digital certificate verification functionality. To better support secure mobile code provisioning, MIDP 2.0 will also formally include an over-the-air (OTA) provisioning specification. The MIDP 2.0 OTA specification describes who has the authority to install and delete wireless applications; what operations the user must confirm and which ones can be done automatically; what alerts must be presented to the user; and what data is shared when updating applications.
Smart, usability-focused design and the Java platform's built-in execution model give J2ME applications significant performance and security advantages over both WAP and native applications.
Although J2ME is the key to mobile application security, developing and testing J2ME device applications is not as straightforward as WAP or native C++ applications. WAP applications require ONLY server-side components; native C++ applications do not require the preverification, signing and OTA processes. So, easy-to-use development tools are essential for J2ME developers. The tool must integrate the coding, building and testing environments as well as emulators and device connection support from various mobile device vendors.
The Open Source Eclipse project provides the ideal platform for such tools. While many other IDEs focus on flashy "wizards" that are primarily good for prototype development, the core Eclipse IDE offers a set of code-centric tools that appeals to serious developers. The Eclipse editor supports syntax highlighting, code auto-completion and real-time syntax checking. Eclipse provides a large number of code refactoring and unit testing features to support agile development methodologies. Eclipse also integrates with other popular tools such as ANT for custom building tasks and CVS for source code revision management. However, the most important feature of Eclipse is its extensible architecture for plug-ins. Eclipse's flexible licensing scheme allows anyone to repackage it into a commercial product with proprietary plug-ins.
The IBM WebSphere Studio Device Developer (WSDD) is a commercial IDE based on Eclipse. It adds IBM's proprietary API libraries and J2ME-specific plug-ins to the core platform. Key features of the WSDD are as follows.
It supports the IBM WebSphere Micro Environment for MIDP and Personal Profile run-times and libraries. The IBM WebSphere Custom Environment is supported for nonstandard J2ME libraries. The Nokia J2ME SDK is also fully integrated and supported. You can add any third-party J2ME libraries (such as HTTPS support and generic cryptography libraries) to your project.
The IBM J2ME run-times work on a variety of devices including PocketPC, Palm OS, Embedded Linux and QNX.
It supports MIDP emulators from IBM and Nokia for application testing on PCs. Personal Profile applications can run directly on the PC since WebSphere Micro Environment supports the x86 platform.
It supports on-device debugging on PocketPC and Palm devices. This is a very important feature to help create secure and bug-free applications.
The Eclipse plug-ins handle the entire process of building, preverification, packaging and deployment. Application templates and wizards are also available.
All WSDD custom libraries, plug-ins and other tools are available for automatic update from an IBM Web site.
Like Eclipse itself, the WSDD is a cross-platform IDE. It runs on both Windows and Linux platforms.>
In summary, J2ME is the best platform for mobile applications due to its excellent security features and rich functionalities. The IBM WebSphere Studio Device Developer, an Eclipse-based Java IDE, supports a variety of mobile tools and libraries over the popular Eclipse core IDE. For both new and seasoned developers, the WSDD can help you build a better mobile application.
Michael Juntao Yuan writes the "Wireless Java" column for Java World magazine. Ju Long is a research associate at the Research Center for E-Commerce at the University of Texas at Austin where she specializes in new methodologies and the economic impacts of mobile commerce.
|
|
|
SEARCH JOBS
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
SRC Expands R&D Centers
The Semiconductor Research Corp has added a new center to its university R&D efforts.
For more great jobs, career related news, features and services, please visit EETimes' Career Center.
|
|
|
|
RSS
RSS| 
Digital| 
Mobile
