|
Internet enabled wireless devices continue to proliferate and are expected
to surpass traditional Internet clients in the near future. This has opened
up exciting new opportunities in the mobile e-commerce market. However,
data security and privacy remain major concerns in the current generation
of "wireless web" offerings. All such offerings today use a
security architecture that lacks end-to-end security. This
unfortunate choice is driven by perceived inadequacies of standard Internet
security protocols like SSL (Secure Sockets Layer) on less capable CPUs and
low-bandwidth wireless links.
This report presents our experiences in implementing and using standard
security mechanisms and protocols on small wireless devices. We have
created new classes for the Java 2 Micro-Edition (J2ME[tm]) platform that
offer fundamental cryptographic operations such as message digests and
ciphers as well as higher level security protocols like SSL. Our results
show that SSL is a practical solution for ensuring end-to-end security of
wireless Internet transactions even within today s technological
constraints.
|
