Memoirs

A secure wireless mobile-to-server link

Description
Modern mobile devices are some of the most technologically advanced devices that people use on a daily basis and the current trends indicate continuous growth in mobile phone applications. Nowadays phones are equipped with cameras that can capture
Categories
Published
of 14
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
    A Secure Wireless Mobile-to-Server Link Abhinav Kumar  *a , David Akopian *a , Sos Agaian a , Reiner Creutzburg  b   a The University of Texas at San Antonio, San Antonio, TX, USA  b Fachhochschule Brandenburg, Germany ABSTRACT Modern mobile devices are some of the most technologically advanced devices that people use on a daily basis and the current trends indicate continuous growth in mobile phone applications. Nowadays phones are equipped with cameras that can capture still images and video, they are equipped with software that can read, convert, manipulate, communicate and save multimedia in multiple formats. This tremendous progress increased the volumes of communicated sensitive information which should be protected against unauthorized access. This paper discusses two general approaches for data protection, steganography and cryptography, and demonstrates how to integrate such algorithms with a mobile-to-server link being used by many applications. Keywords:  cryptography, steganography, mobile, server, security, communication 1.   INTRODUCTION Wireless communication is the fastest growing field in the communications industry. It has captured the attention of the media and the imagination of the public and sparked great interest in the scientific community and amongst researchers for decades. Today mobile phones have become the most widely used wireless devices and as a result cellular systems have experienced exponential growth over the last decade and there are currently about two billion users worldwide. The mobile phone has become an integral part of people’s lifestyles and has an extensive and fast growing developer community designing applications that are bringing business, entertainment and communication to hand-held devices on demand the world over. In addition, wireless local area networks currently supplement or replace wired networks in many homes, businesses, and campuses. Through the assistance of miniaturized hardware, mobile devices now offer PC-like hardware and software features. Some phones have a sophisticated software suite that includes PC based applications such as a Microsoft Word™, Excel™ and PowerPoint™. Modern mobile phones are also equipped with various communication technologies such as the Internet, Bluetooth, Wi-Fi, etc. For a wide category of mobile devices known as smartphones [Table 1] external third party applications can be developed and embedded by the users. The emergence of smartphones has been a revolutionary development providing superior features, integrating technologies and better multimedia experience for people using hand-held devices. Surveys have shown that out of the billion phones that will be shipped, sales of smart phones will represent about one-fifth (more than 200 million) of all mobile handset sales by 2009. This emergence has also resulted in great excitement on behalf of service providers and software developers. Smart-phones today are empowered by operating systems and platforms that enable software developers and content providers to deploy PC-like applications. Tables 1 and 2 illustrate recent evolution in smartphone market 2 . One can observe that several competing OS are available [Table 2], and the share of dominating OS (Symbian TM ) has been recently reduced due to success of iPhone TM  (Apple) and Blackberry TM  (RIM) smartphones. The competition is extended to 3 rd  party software developers as the vendors recognized that the success of their  platforms will be also defined by the loyal software developer base to enrich their devices with exciting new applications. This competition resulted in a new development – the vendors open their platforms to attract more developers. For example, Symbian TM17   has been a dominating OS for many years. Currently Nokia acquired Symbian TM  and made it open source to extend 3 rd  party developer base 17 . Similarly Google developed an open source Android OS for smartphones in an attempt to enter this market 18 . Apple provides kits and application sales channel for developers 19 . *xpa172@my.utsa.edu; 210-355-9133; david.akopian@utsa.edu; 210-458-7718 Invited Paper     Table 1 Worldwide Smartphone Market shares Q3 3008, Q3 2007 2   Vendor Q3 2008 % share Total 100% Q3 2007 % share Total 100%  Nokia 38.9 51.4 Apple 17.3 3.6 RIM 15.2 10.6 Motorola 5.8 6.6 Others 17 25.1 Table 2 Worldwide Smartphone Operating System Market shares Q3 3008, Q3 2007 2   OS Vendor Q3 2008 % Share Total 100% Q3 2007 % Share Total 100% Symbian 46.6 68.1 Apple 17.3 3.6 RIM 15.2 10.6 Microsoft 13.6 12.2 Linux 5.1 4.4 While the development of applications in native operating system environments is more optimal and fully utilizes their capabilities, developers are often interested to make their applications portable across many platforms for wider reach. Java Platform, Micro Edition (Java ME)  provides such a flexible environment, applications based on Java ME are  portable across many devices, yet leverage each device's native capabilities 20 . Java ME includes flexible user interfaces, robust security, built-in network protocols, and support for networked and offline applications that can be downloaded dynamically. This paper overviews aspects of Java ME application development and discusses two general approaches for secure data communication, steganography and cryptography. While cryptographic protection is a built-in feature of most of the smartphones, wireless steganography has been recently introduced by authors in "Wireless Steganography" 1 . Steganography is the science of hiding data in innocuous cover media such as images, audio and video. The information intended to be unseen by intermediate parties is considered as the steganographic content. Some possible media are to include audio files, video files, text files, and images. For example, in “Wireless Steganography” 1  we discussed scenarios of hiding an image within an image and textual information in audio files. Cryptography is the discipline concerned with communication of secret information by transforming clear, meaningful information into an enciphered, unintelligible form using a predetermined algorithm and a key. This paper demonstrates how to integrate such algorithms with a HTTP mobile-to-server link in case developers seek  protection of communicated data in addition to built-in security mechanisms. The implementation peculiarities are discussed along with extraction and decryption. 2.   MOBILE APPLICATION DEVELOPMENT USING JAVA ME Java Platform, Micro Edition or Java ME 3 , formerly known as Java 2 Micro Edition (J2ME) is a collection of technologies and specifications to create a platform that fits the requirements for mobile devices such as consumer  products, embedded devices, and advanced mobile devices 3 . It is a collection of technologies and specifications that can  be combined to create a complete Java runtime environment specifically to fit the requirements of a particular device. Before we get into the details of this specific platform, let us review the Java 2 platform in general. The Java 2 Platform comprises three basic elements: •   All coding is done in the object-oriented Java programming language. Syntactically, it is similar to C++, but the two languages have fundamental differences. One of the biggest differences lies in their management of objects and object  Profil ame rofil DC PDA' Profile CDC: Connected Device ConfigurationCLDC: Connected Limited Device ConfigurationMIDP: Mobile Information Device ProfileRMI: Remote Method Invocation PI*fnrm Micro Editio.,.va ME) I   references. The Java language allocates and de-allocates memory automatically as the program creates and destroys objects. C++ programmers must allocate and free memory explicitly. The Java platform features virtual machine architecture. This is advantageous in several respects: the virtual machine can be implemented to run atop a variety of operating systems and hardware, with binary-compatible programs operating consistently across many implementations. In addition, the virtual machine provides tight control of executed binaries, enabling safe execution of untrusted code. The Java platform includes and extensive set of standard class libraries called application programming interfaces or APIs. Taken together, the Java language, Java Virtual Machine (JVM)  21  and Java APIs compose the Java platform. Moreover, the Java platform is designed to encompass a wide range of computer hardware, everything from smart cards through enterprise servers. Therefore, the Java platform comes in three flavors: Java 2, Standard Edition J2SE) is designed for desktop computers. Java 2, Enterprise Edition J2EE)  is a comprehensive platform for multi-user, enterprise-wide applications. Java 2, Micro Edition J2ME)  is a set of technologies and specifications developed for small devices like smart cards, pagers, mobile phones, and set-top boxes. J2ME uses subsets of J2SE components, such as smaller virtual machines and leaner APIs since the processing capabilities and memory resources on such small devices are limited. 2.1   Range and Scope of Java ME As mentioned earlier, Java ME is a collection of technologies and specifications that are designed for different parts of the small device market. Because Java ME spans such a variety of devices, we cannot to create a one-size-fits-all solution using this platform. Java ME, therefore, is divided into configurations and profiles. Configurations can be defined as specifications that detail a virtual machine and a base set of APIs 3  that can be used with a certain class of device. A profile builds on a configuration but adds more specific APIs to make a complete environment for building applications. While a configuration describes a JVM 21  and a basic set of APIs, it does not by itself specify enough detail to enable you to build complete applications. Profiles usually include APIs for application life cycle, user interface, and persistent storage. Fig.1 Java ME Architecture 3   As shown in Figure 1, the Java ME tree has two main branches. The first is based on the Connected Limited Device Configuration (CLDC). This configuration is for small wireless devices with intermittent network connections, like pagers, mobile phones, and Personal Digital Assistants (PDAs). The Mobile Information Device Profile (MIDP), which is based on CLDC, is the first finished profile and thus the first finished Java ME application environment. MIDP-compliant devices are already available. The other major branch of the Java ME tree is based on the Connected Device Configuration (CDC). This configuration is for larger devices (in terms of memory and processing power) with robust network connections. Set-top boxes and internet appliances are good examples of CDC devices. Devices implement a complete software stack (Fig. 2), which usually consists of a configuration, a profile, and optional APIs.    (a) (b) Fig. 2 (a) Current Java ME Stack (b) Future Java ME Stack featuring the multimedia API (MMAPI) 2.2   Advantages of Using the Java ME Platform Major advantages of using the Java ME platform for mobile application development are summarized below: •   The Java platform is safe i.e. Java code always executes within the confines of the Java Virtual Machine, which  provides a safe environment for executing any downloaded code. In general, a binary application could freeze a device or crash. By contrast, at worst a Java application can bring down only the Java Virtual Machine, not the device itself. •   The Java language encourages robust programming. The garbage collector saves programmers countless hours of hunting down memory leaks. Likewise, the Java language's exception mechanisms encourage programmers to create robust applications. •   Portability is a big win for wireless Java technology. A single executable can run on multiple devices. For example, a MIDlet (a MIDP application) will run on any device that implements the same MIDP specification. Given the dizzying  profusion of wireless devices, not having to maintain a plethora of implementations is a big advantage. Even if a Java application makes use of vendor specific APIs, applications written using the Java programming language are inherently easier to modify for another device than applications written in C or C++. Another benefit of portability is the ease of delivering applications to a device over the wireless network (sometimes called Over-the-air, or OTA,  provisioning). Binary applications can be moved from a server onto a device, too, but not safely. Because Java code runs inside the Java Virtual Machine, code that is downloaded from the network can be run safely. Binary code cannot  be contained at execution time and is much less safe. 2.3   Creating a MIDlet MIDP development tools are available for Linux, Solaris, and Windows operating environments. The development environment consists of three components which are described next: •   Java 2 Standard Edition (J2SE) SDK version 1.3 or higher. •   J2ME Wireless Toolkit (J2MEWTK). This is a package of tools for building and testing MIDlets. •   Code editor. This can be something as rudimentary as Notepad (on Windows) or something more elaborate like the Net Beans IDE depending on the developer’s choice. Fig. 3 J2ME Wireless Toolkit The first step to writing a MIDlet is to download and install the J2SE SDK. It provides the Java platform upon which the J2ME Wireless Toolkit runs. Second, it includes a Java compiler and other tools that the J2MEWTK uses to build your  projects. The next step is to download the J2ME Wireless Toolkit from http://java.sun.com/products/j2mewtoolkit/ and install it onto the workstation or PC. On Launching the WTK, the opening screen looks like in Fig. 3. MIDP 1.0   CLDC 1.0 MIDP 2.0CLDC 1.1 MMAPI    MiDlet Help tT aEF 'i G ava   The J2MEWTK helps the developer create projects, where the end result of each project is one MIDlet suite which can be deployed onto the actual Java enabled mobile phone. The toolkit works with one project at a time. You can change properties of the current project, build the project, and run the project in a device emulator (Fig.4) in order to test its look and feel before deployment. Several example projects come installed with the toolkit for reference purposes. The toolkit is available for free download and its console is easy to use, thus helping the developer to concentrate fully on the task without having to worry about testing and deployment. 3.   A MOBILE-TO-SERVER COMMUNICATION LINK A mobile-to-server communication can be established through various means, for e.g;  SMS Short Messaging Service)  allows the communication of short text messages between mobile phones or e.g. from a PC to a mobile phone. We know that the control channel between base station and phone is used for call setup. This control channel also provides the passage for the text messages. All text messages pass through a centralized SMS control center (SMSC) in the core network which stores and forwards the messages to the appropriate user in the network. MMS Multimedia Messaging Service)  is a standard for sending messages which include multimedia objects like audio, video or images. This standard was introduced and developed by the Open Mobile Alliance (OMA). MMS messages are delivered using both the SMS and WAP technologies. When a mobile phone receives an MMS message, it receives an MMS notification message over SMS (WAP Push) which contains header information about the MMS message and an URL pointer that the recipient must fetch in order to retrieve the content of the MMS message. WAP Wireless Application Protocol) is a standard for allowing internet content to be made available onto mobile phones equipped with a micro-browser. It involves an intermediate WAP gateway which translates the HTML pages commonly used on the internet into WML pages compatible with the micro-browser. Hypertext Transfer Protocol HTTP)  is a communication protocol commonly used in the client-server communication over the Internet. HTTP is a request/response  standard between a client and a server. A client is the end-user; the server is the web site. Typically, an HTTP client initiates a request. It establishes a Transmission Control Protocol (TCP) connection to a particular port on a host (port 80 by default). An HTTP server listening on that port waits for the client to send a request message. Upon receiving the request, the server sends back a status line, such as HTTP/1.1 200 OK , and a message of its own, the body of which is perhaps the requested resource, an error message, or some other information. In today’s world of data communication with hand-held devices, interaction between a mobile phone and a web-server is a very effective scenario for a vast range of applications. This can happen using the phone’s in-built micro-browser to access websites built for mobile phones (WAP sites) or by having a client-server based request/respond model. Let us discuss the latter case. Building this client-server HTTP communication link would involve three basic components (Fig.5): A MIDlet running on the client mobile phone (to send data) A Java servlet  running on a server (e.g. the Apache Tomcat Server) to receive data A database (e.g. MS SQL) on the server (to sort and store data) The MIDlet is written using the Java ME platform and deployed as a MIDlet suite onto the client phone. The corresponding Java servlet is housed inside the Apache Tomcat Server. Servlet works with client based on request-response model. This is done by the java.servlet javax.servlet . ; and javax.servlet.http. ; packages. The first step is to open a connection to the server using the Connector class. Fig. 4 WTK Emulator
Search
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks