Enterprise J2ME Developing Mobile Java Applications [Electronic resources] نسخه متنی

19.1 What Is Advanced Mobile Security?

The three most important aspects of mobile security are data confidentiality, access control and device security.

19.1.1 Content-Based Security

HTTP Authentication headers, HTTPS, SSL (Secure Socket Layer), and TLS (Transaction Layer Security) are connection-based security protocols. The basic idea is to secure communication channels and hence secure everything that passes through those channels. However, this approach has several problems:

Direct connection between the client and server must be established: If our application has multiple intermediaries to provide value-added services, multiple HTTPS connections must be piped together. That not only opens potential security holes at connecting nodes, but also creates a public key certificate management nightmare. Figure 19.1 illustrates a mobile transaction involving multiple intermediaries.

All content is encrypted: In some application scenarios, such as broadcasting stock quotes or getting multilevel approval of a transaction, parts of the communication should be open. Yet we still want to verify the authenticity of those quotes and approval signatures. Connection-based security is of no use here. Unnecessarily encrypting all content also introduces more processing overhead.

HTTPS is inflexible for applications that have special security and performance requirements: It lacks support for custom handshake or key exchange mechanisms. For example, HTTPS does not require clients to authenticate themselves. Another example is that any minor digital certificate-formatting problem causes the entire HTTPS handshake to fail. The developer has no way to specify what errors can be tolerated.

Other connection channel-based security technologies, such as Virtual Private Network (VPN), have similar problems. For future mobile commerce applications, we must secure content rather than channels.

19.1.2 Distributed Access Control

Mobile applications often interact with multiple backend servers, pull information from them as needed, and assemble personalized displays for users. Each information service provider might have its own user authentication and authorization system. It is a major inconvenience for mobile users to sign on to each backend server manually.

One way to combat this problem is through the use of single sign-on services. Single sign-on servers manage user profiles and provide time-stamped access tokens, such as Kerberos tickets, to authenticated users. The user presents the token when requesting services. Service providers use the single sign-on servers to validate tokens. Figure 19.2 illustrates that process. Being a one-to-one protocol, HTTPS is unfit in single sign-on schemes.

Single sign-on domains can form alliances and federations. Allied domains recognize tokens from each other. Important single sign-on alliances include Microsoft .Net Passport and Sun Microsystems' Liberty Alliance Project. Figure 19.3 illustrates the structure of federated single sign-on domains. To integrate into single sign-on service domains, smart mobile clients must be able to handle security tokens. Those tokens are often cryptographic hashes with attached digital signatures.

19.1.3 Device Security

Mobile devices are easy to steal or lose. We must prevent nonauthorized personnel from accessing a device's sensitive data. For example, your company's financial data or private keys should not be recovered from a stolen mobile device. On-device information security is one of the most important challenges we face today.

HTTPS does not support on-device information security. Mobile clients are responsible for protecting their own data. Strong password-based encryption protects on-device information.