2-IJAEST-Vol-No.4-Issue-No.1-A-software-framework-for-authentication-of-interacting-data-between-dif by ISERP ISERP

Ashlesha Mahawadiwar et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 4, Issue No. 1, 010 - 014

A software framework for authentication of interacting data between different mobile applications. .Ashlesha Mahawadiwar

Dr. N.G Bawane Professor, Computer Science & Engineering G.H.Raisoni.College of Engineering. Nagpur, India narenbawane@rediffmail.com

Abstract

aily benefit. These applications may range from simple email systems to complex applications, such as intelligent Personal Digital Assistants, interactive multiplayer games, ecommerce, location-sensitive transactions systems, and so on.

IJ A

The security of mobile communication has become increasingly important with the development of devices that features more and more versatile communication functionality. Third party software in mobile phones has expanded into areas where the user expects security in forms of confidentiality and integrity of data. At the same time this development has lead into a situation where mobile communication is used in areas such as mobile commerce and mobile payments. Persistence and distribution of data is crucial for these systems, as the small handheld devices are not as powerful as that of the desktop computers. In this paper , the proposed work is targeted to overcome the problem in data sharing in distributed applications through the concept of Multi-Agent Systems by providing a shared storage. And also, to provide explicit access to authenticated & authorized MIDlets. With this mechanism, it is possible to share the data among specific MIDlets safely.

M.E IVsem(Embedded system & Computing) G.H.Raisoni.College of Engineering. Nagpur, India ashlesha37@yahoo.com

Keywords:J2ME, MIDP,CLDC

Mobile

business,

MIDlets,

RMS,

I.INTRODUCTION

The integration of novel handheld devicesâ&#x20AC;&#x2122; capabilities, such as location, storage, processing and communication, has opened a myriad of applications from which users can

ISSN: 2230-7818

Some of these applications require the intelligent behavior typically provided by agents, since they must exhibit capabilities such as autonomy, goal-driven reasoning ,reactivity, adaptation, as well as communication, coordination and cooperation with other software entities. Different m-commerce applications are being deployed on small handheld devices, to facilitate the transactions and data processing in wireless environment [3] In a wireless environment, there is a need for a secure exchange of information between different wireless devices. Often it is required to have distribution and sharing of data among various clients. But enabling distributed applications opens the data to be accessible for all MIDlets (small applications running on mobile devices) present on the device, hence creating a number of vulnerabilities to the confidential information that is intended to be shared with specific MIDlets. Hence a MIDlet needs to have a secure storage system.[1] The information can be susceptible to an attack from a malicious user i.e. it can be accessed and manipulated by other MIDlets(from the same device or from a different device). Sharing the data among different MIDlets creates a lot of vulnerabilities to the confidential information ,

Page 10

Ashlesha Mahawadiwar et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 4, Issue No. 1, 010 - 014

The proposed plan for implementing the multi agent systems approach consists of implementing the following things : 1.To overcome the problem in data sharing through the concept of multi-agent systems by providing shared storage among specific MIDlets 2..To restrict the actions (save, delete, search etc) that can be performed on the data by invoking the services of agents along with limited access of data to specific MIDLETs. 3. To enable the record stores of a MIDLET to be shared not only on local device but also across remote devices. 4. To authorize the shared storage of data for a particular MIDLET. 5. The multi agent system should provide features such as context awareness, object persistence and scalability.

J2ME has a Record Management System (RMS), an Application Programming Interface (API) that provides persistent storage on local device. RMS (kind of a database) is the only feature in J2ME for local data storage and is essential to writing any application that relies on local persistent data . RMS stores all the records in a file with extension “.db” called record store. The application developed in J2ME for mobile devices is called a MIDLET and each MIDLET suit (group of related MIDLETs) can own one or more record stores. Due to the limitations of J2ME Record Management System (RMS), when the data of record store is set to shared mode then it can be accessed by all the MIDLETs present on the device and hence creating a number of vulnerabilities to the confidential information. Also, there is no restricted access for intended users.

II TECHNOLOGY CONSIDERATION

A Java virtual machine together with core libraries, classes and Application Programming Interfaces (API) forms a “J2ME configuration”. “Profiles” define J2ME environment furthermore, specifying Java platform suited for “specific” devices . The MIDP profile is the core profile for the CLDC configuration. See fig.1.

therefore some mechanism is needed to overcome this problem and to prevent unintended access of the stored data.

IJ A

J2ME is targeted to developers of intelligent wireless devices and small computing devices who need incorporate cross-platform functionality into their products. The consumers of these small devices have high performance expectations. They expect the same software and capabilities fond on their desktop and laptop computers to be available on their cellphones and PDAs.[20] J2ME slims down the Java Standard Edition (J2SE) by removing or rewriting key parts of the core runtime environment in order to fit it into small devices. As an outcome of a consortium involving Sun Microsystems Inc. and the major telecommunication devices manufactures (e.g. Motorola, Nokia, Sony, Samsung and Ericsson), J2ME broadens application perspectives in this area. In fact, it allows the developers to write their own software for handheld devices, which was unfeasible before since the software and platforms for these devices were proprietary. . One of the J2ME features is that it provides built in caching mechanisms for locally storing data on a mobile device. The Mobile Information Device Profile (MIDP) adds APIs (Application Programming Interface) for user interaction, network connectivity, and persistent storage. Java 2 Micro Edition (J2ME) is a runtime environment for resource-constrained environments. J2ME includes specific virtual machines, configurations and profiles for various environments and needs. With an appropriate configuration and profile, J2ME applications could be executed within pagers, mobile phones, PDAs, set-top boxes and automobile navigation systems.

ISSN: 2230-7818

Fig 1. Java2 platforms

To achieve the desired target, the methodologies which are already implemented are given as: - JavaSpaces implements the concept of tuple space through Java programming language. It is a service of Jini , which forms a distributed network of clients and services. JavaSpaces provide an easy way for communications facility in mobile distributed applications. Due to the fact that Jini technology is dependent on Remote Method Invocation

Page 11

Ashlesha Mahawadiwar et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 4, Issue No. 1, 010 - 014

-applications developed using MobileSpaces capture events through notify() method which resulted in demand of more resources.[1] -lightweight storage system based on serialization framework allows MIDP enabled J2ME devices to store data on local as well as remote storage spaces requiring similar semantics., so this framework does not support heterogeneous environment. -Existing multi agent system frameworks (JADE-LEAP, Grasshopper, Micro FIPA-OS etc.) do not provide robustness, context awareness and persistence.

III.EXAMPLE

The Record Management System (RMS) is a simple recordoriented database that allows a MIDlet to persistently store information and retrieve it later. Different MIDlets can also use the RMS to share data. Each record store can be visualized as a collection of records, which will remain persistent across multiple invocations of the MIDlet. The device platform is responsible for making its best effort to maintain the integrity of the MIDlet's record stores throughout the normal use of the platform, including reboots, battery changes, etc. A record store is created in platform-dependent locations, like nonvolatile device memory, which are not directly exposed to the MIDlets. The RMS classes call into the platform-specific native code that uses the standard OS data manager functions to perform the actual database operations.

The problem can be illustrated by giving an example.

MIDlets are packaged together in suites inside a .jar file with a Manifest file indicating which classes implement which MIDlet. As well as the Java classes, the .jar file can contain other resources such as images or sound files. A .jad file contains the location of the .jar as well as the list of MIDlets in the suite and other attributes.

(RMI), which is not supported by number of handheld devices,so JavaSpaces is not suitable for distributed mobile applications. Moreover, JavaSpaces requires a resource rich environment.

A person arrives at an airport. He wants to book hotel , book a taxi ,and also book the ticket for his return journey all from his mobile phone. He wants to do this thru the agent.

The person after arriving , makes a call to the agent. The agent ,in order to seek info. about the hotel contacts the hotel manager . The manager asks about the authentication of the agent. The agent provides the user name and password and confirms his identity. The manager after authenticating the agent, provides him with the latest availability. The agent then makes a booking and provides it to the customer. This is repeated for booking the taxi and for the return ticket also.

When a MIDlet uses multiple threads to access a record store, it is the MIDlet's responsibility to coordinate this access; if it fails to do so, unintended consequences may result. Similarly, if a platform(ex. like a multi-agent system) performs a synchronization of a record store with multiple threads trying to access the record store simultaneously, it is the platform's responsibility to enforce exclusive access to the record store between the MIDlet and its synchronization engine. Each record in a record store is an array of bytes and has a unique integer identifier.

Hence, the manager will send the information to the registered users only (agent in this case ) but not to any other persons as the malicious user can damage or change the data . Hence ,protection to the information is provided.

B. Developing an agent management system

IJ A

The information about hotel is present on the database of the mobile of the hotel manager. Also, taxi booking office owner contains details about the taxis in the database of his mobile.

Record store implementations ensure that all individual record store operations are atomic, synchronous, and serialized, so no corruption of data will occur with multiple accesses. The record store is timestamped to denote the last time it was modified. The record store also maintains a version, which is an integer that is incremented for each operation that modifies the contents of the record store. Versions and timestamps are useful for synchronization purposes.

IV.SYSTEM MODULE ANALYSIS A. Design of RMS and design the query parser

ISSN: 2230-7818

An agent is an intelligent system which has certain set of goals that act on the environment. This agent system will be above the RMS for giving specific access. Its a kind of wrapper layer which will guard all the actions related to record database. C. Developing message transport service

Page 12

Ashlesha Mahawadiwar et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 4, Issue No. 1, 010 - 014

-Bluetooth. connectivity

customer

Developing the protocol for Bluetooth connectivity has following steps: - Locating device

System flow

Shop owner

Raise a query

-Establish connection

Accepts Asks for auth. ,needs auth.info.

-Make data transfer between client & server phones D. Implement authorization & authentication It will make the agent system do the work of authentication and authorization in the following way:

Usernm,pwd

-based on that , take a decision to grant the access . -provide authorization by giving privileges to access certain services.

The test bed we are planning to use is Nokia series of phones.

Process, valid confirmation user

- check for the validity of the user

The flow of the system will be as given in fig.2

IJ A

Response to Collect info from query others

ISSN: 2230-7818

Fig.2:secure client-server interaction

V. CONCLUSION Software security will become a more important concern in mobile business applications because more and more data will be stored or can be accessed with a mobile device. Also, more services will be provided by the system through different data connections, like Bluetooth. This requires Confidentiality, Integrity and Authenticity. The proposed solution implements these concepts using the Bluetooth protocol and the Java ME platform. As the security level is increased, so the growing processing volume of the application becomes an overhead for the mobile device processor and battery lifetime. Because performance and quality are important software characteristics mainly for users and the security has same

Page 13

Ashlesha Mahawadiwar et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 4, Issue No. 1, 010 - 014

important for system owners, developers must find a balance between them.

[9] D. Gelernter, "Generative Communication in Linda", ACM Transactions Programming Languages and Systems.

The system is an innovation with the practical value, and provides thought and solutions for the application of future mobile business.

[10] Xia Shixiong, Chang Zheng. Constructing mobile business with the IPv6 method[J]. Computer Engineering,

[1]Wu Yueliang,” Mobile Business Application based on J2ME and web services”, Eighth International Conference on Mobile Business,2009 [2] Muhammad Ainan Sadiq, Syed Muhammad Ali Shah,”Shared storage in J2ME:A multi agent system approach”, Annual IEEE International Computer Software and Applications Conference,2008 security for m-commerce” IEEE,2003

[4 ] A. Chander, J. Mitchell, and I. Shin, “Mobile code security by Java bytecode instrumentation,” in Proc. of DARPA Information Survivability Conference & Exposition II 2001. USA: IEEE, 2001.

[5]S. Jun-Zhao, D. Howie, A. Koivisto, and J. Sauvola, “A hierarchical framework model of mobile security,” in Personal, Indoor and Mobile Radio Communications, 2001. IEEE, 2001.

IJ A

[6] P. Ashley, H. Hinton, and M. Vandenwauver, “Wired versus Wireless Security: The Internet, WAP and iMode for E-Commerce,” in Proc. Of Computer Security Applications Conference 2001, USA, 2001.

[7] A. Biryukov, A. Shamir, and D. Wagner, “Real time cryptanalysis of A5/1 on a PC,” Lecture Notes in Computer Science, vol. 1978, 2001. [8] Hafiz Farooq et. al: “Persistent Architecture for Context Aware Lightweight Multi Agent System”. The Fifth International Joint Conference on Autonomous Agents & Multi-Agent Systems, Japan, 2006.

ISSN: 2230-7818

[14] Philipp Bolliger; Marc Langheinrich; “Distributed Persistence for Limited Devices”; Inst. for Pervasive Computing ETH Zurich, Switzerland. [15] Karun Bakshi, “Oracle Database Lite 10gR2 Feature Overview”, June 2006, Oracle Corporation, World Headquarters, 500 Oracle Parkway, Redwood Shores, CA 94065, U.S.A.

[3] Wassim Itani and Ayman I. Kayssi “J2ME end to end

[13] T. Rybicki; J. Domaszewicz; “MobileSpaces – JavaSpaces for Mobile Devices”; Computer as a Tool, 2005. EUROCON 2005.The International Conference on Volume 2, Issue, 2005 Page(s):1076 – 1079

REFERENCES

[11] Guo Shaoyou. Discusses of the Web service and dynamic ecommerce . Information magazine. 2003(2) . [12] A. Kaminsky, "JiniME: JiniTM Connection Technology for Mobile Devices", Information Technology Laboratory Rochester Institute of Technology, August 2000.

[16] Yannis Labrou and Tim Finin, “Agent Communication Language: the current landscape”, IEEE Intelligent systems, Language: the current landscape”, IEEE Intelligent systems, March/April, 1999. [17] Weiss, G. Multiagent Systems: A Modern Approach to Distributed Artificial Intelligence, The MIT Press, Cambridge, Massachussets, London, England, 1999. [18] “Applications for mobile Information Devices: White Paper”, Sun Microsystems, Inc., 2000 [19] MIDP 2.0 Style Guide [20] J2ME complete reference [21] JAVA2 complete reference

Page 14