MIDP 2.0 security enhancements

Java 2 Micro Edition (J2ME) is a runtime environment for resource-constrained environments. There are already millions of J2ME enabled mobile devices that support the first version of the Mobile Information Device Profile (MIDP) in J2ME. Many security threats exist in MIDP 1.0 environment since the specification addresses only a limited number of security issues. It is supposed that the next version of the MIDP will have more secure environment for mobile business and personal applications and solve the important security problems in MIDP 1.0. In this paper, we give short introduction to the J2ME and MIDP environment. Based on existing literature, we explain the threats and security needs in mobile environment for MIDP 1.0 applications. We cover the new security mechanisms and features in MIDP 2.0 and analyze against presented threats, how these address the existing security problems in MIDP 1.0. In this paper, we conclude that MIDP 2.0 improves several different issues in MIDP security. Especially the secure network protocols and signed applications are major improvements. We also conclude that there still exist problems in MIDP 2.0 security, mainly related to the PKI that is part of trusted applications and new secure protocols.

[1]  Jaakko J. Sauvola,et al.  A hierarchical framework model of mobile security , 2001, 12th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications. PIMRC 2001. Proceedings (Cat. No.01TH8598).

[2]  Henk Sol,et al.  Proceedings of the 54th Hawaii International Conference on System Sciences , 1997, HICSS 2015.

[3]  姚一永,et al.  基于Bouncy Castle Crypto API的无线Web Services应用安全 , 2004 .

[4]  Anup K. Ghosh,et al.  Software security and privacy risks in mobile e-commerce , 2001, CACM.

[5]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[6]  Lauri Tarkkala Tik-110 . 551 : Attacks against A 5 , 2000 .

[7]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[8]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[9]  Insik Shin,et al.  Mobile code security by Java bytecode instrumentation , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[10]  D. Pinto Secrets and Lies: Digital Security in a Networked World , 2003 .

[11]  Microsystems Sun,et al.  Java 2 Platform Micro Edition Connected Limited Device Configuration (J2ME CLDC) Specification , 2003 .

[12]  Paul Ashley,et al.  Wired versus wireless security: the Internet, WAP and iMode for E-commerce , 2001, Seventeenth Annual Computer Security Applications Conference.