Challenges in securing networked J2ME applications
A.N. Klingsheim, V. Moen, K.J. Hole
An increasing number of smart phones support Java 2, Micro Edition. Mobile application developers must deal with J2ME's inherent security weaknesses as well as bugs in implementations on real devices.The new Security and Trust Services API for J2ME addresses some of these challenges, although it too has shortcomings. A smart phone combines a full-featured mobile phone with advanced data and multimedia functionality including PDA capabilities, Internet and e-mail access, and MP3 and video
... k. It typically includes a large color touch screen, a keyboard, Bluetooth technology to communicate with other devices, and substantially more memory and processing power than a regular mobile phone. Another key feature is the ability to install additional applications. The smart phone market is growing fast, 1 spurring development of new mobile software for everything from gaming to online banking to GPS navigation. For example, total global revenue in the mobile gaming market is expected to soar from $2.6 billion in 2005 to $11.2 billion by 2010, with online multiplayer games generating 20.5 percent of market share. 2 Many different development platforms exist for smart phones, categorized by phone manufacturers, mobile operating systems, and device capabilities. The most widespread is Java 2, Micro Edition (http:// java.sun.com/j2me), available on nearly 80 percent of currently marketed smart phones. Experience gained during a commercial development project demonstrates how J2ME technologies, particularly security-related functionality, are implemented on real devices and provides insights into the problems researchers encounter during the development process. J2ME TECHNOLOGIES The Java 2 platform has several editions, including Enterprise Edition (J2EE) for the server side and Standard Edition (J2SE) for desktop systems. J2ME is a highly optimized Java runtime environment aimed at mobile phones, PDAs, and other small devices. Configurations and profiles J2ME configurations are intended for devices with similar characteristics in terms of processors and memory. Profiles target devices that are similar in terms of screen type, input devices, and network connectivity; they complement the lowlevel functionality of configurations by adding support for user interaction and network connectivity.