Chapter 12: Protecting Network Data

Previous page
Table of content
Next page
Team-Fly

MIDlets are undeniably cool-Java code that runs on a small device, and HTTP network connectivity, as well. But once you start thinking about the possibilities, you realize that a lot of applications just aren't possible without some form of data security. What if you were going to buy something? You shouldn't send credit card numbers over the Internet without some kind of protection. You shouldn't be sending sensitive corporate information over the Internet to small devices. Many applications, then, need something else-something that keeps sensitive data from being stolen. The answer in the MIDP world is no different than the answer anywhere else: cryptography.

Cryptography Review

Cryptography is a branch of mathematics. It's based on the idea that certain kinds of mathematical problems are hard to solve. Using cryptography is a bit speculative; as research in mathematics continues, it's very possible that someone will discover a way to solve (or "break") most of the modern cryptographic algorithms. Nevertheless, for today at least, cryptography provides protection for sensitive data, and there aren't many acceptable alternatives in the everything-connects-to-everything modern world.

The Internet Is a Big Room

There are many aspects to the security of a system. We'll focus on the data your MIDlet sends and receives over the network. This data travels over some infrastructure we know nothing about (provided by your mobile carrier) and probably over the Internet, as well. The Internet is not a secure network, for sure, and your carrier's mobile infrastructure probably isn't either. If you're passing sensitive data around, it's very possible that eavesdroppers at various points in the network can listen in on the data. They may even be able to change parts of it. If your MIDP application involves passing around credit card numbers or sensitive corporate data, you should be concerned.

Think of the Internet as a big room. You can talk to anyone else in the room, but everyone else can listen in on the conversation. Furthermore, you may be talking to someone on the other side of the room through intermediaries, like the children's game of "telephone." Any one of the intermediaries might be changing the conversation, and they can all hear what you're saying.

Data Security Needs and Cryptographic Solutions

Your applications will have some or all of the following data security needs:

  • Integrity. At the simplest level, you'd like to be sure that the data you're sending is not getting changed or corrupted in any way. This is data integrity.

  • Authentication. It's often important to verify the identity of the machine or person on the other end of your network connection. Authentication is the process of proving identity.

  • Confidentiality. If you're sending sensitive data over the network, other people shouldn't be able to see that information. This is confidentiality.

Cryptography provides solutions for each of these needs:

  • Message digests. A message digest smushes a large piece of data into a small piece of data. You might, for example, run an entire file through a message digest to end up with a 160-bit digest value. If you change even 1 bit of the file and run it through the message digest again, you'll get an entirely different digest value. A message digest value is sometimes called a digital fingerprint.

  • Digital signatures. A digital signature is like a message digest except it is produced by a particular person, the signer. The signer must have a private key that is used to create the signature. A corresponding public key can be used by anyone to verify that the signature came from the signer. The private key and public key together are called a key pair. Keys are really just data-think of an array of bytes. Certificates are really just an extension of digital signatures. A certificate is a document, signed by some authority like the U.S. Postal Service, that proves your identity. It's like a driver's license, except it's based on digital signatures.

  • Ciphers. Ciphers can either encrypt data or decrypt it. An encrypting cipher accepts your data, called plaintext, and produces an unreadable mess, called ciphertext. A decrypting cipher takes ciphertext and converts it back to plaintext. Ciphers use keys; if you encrypt the same plaintext with two different keys, you'll get two different sets of ciphertext. A symmetric cipher uses the same key for encryption and decryption. An asymmetric cipher operates with a key pair-one key is used for encrypting, while the matching key is used for decrypting.

    Ciphers operate in different modes that determine how plaintext is encrypted into ciphertext. This, in turn, affects the use and security of the cipher.

Note 

For comprehensive coverage of cryptographic concepts and algorithms, see Bruce Schneier's Applied Cryptography (Wiley, 1995). To find out more about the JCA and JCE in J2SE, read Java Cryptography (O'Reilly, 1998).

Team-Fly

Previous page
Table of content
Next page
Wireless Java. Developing with J2ME
ColdFusion MX Professional Projects
ISBN: 1590590775
EAN: 2147483647
Year: 2000
Pages: 129
Authors: Rohit Kochar, Parag Rastogi
BUY ON AMAZON
Java for RPG Programmers, 2nd Edition
C++ GUI Programming with Qt 3
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
The Complete Cisco VPN Configuration Guide
File System Forensic Analysis
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy