|
Academic Open Internet Journal ISSN 1311-4360 |
Volume 18, 2006 |
Secure Service Management using mobile Devices
Gayatri Mohankrishna , N.Ch.S.N.Iyengar & A. Kannammal
School of Computing Sciences
Vellore-632014,
nchsniyr@yahoo.com
Abstract: The wireless link is sensitive from a security point of view because, unlike wired connections, wireless signals can propagate to places well beyond the intended coverage area. A lost or stolen device may not only expose much sensitive and private information stored on the device, but the connectivity options on the mobile may allow unrestricted access to the corporate network. Hence there is a need for a clear and strictly enforced security policy. This paper is a new emerging application in mobiles, which provides information about Next Service request, Encryption and Decryption System on move on their mobile.
Key words: Secure service Management, Mobile Device, Encryption
Introduction: Devices are getting networked at a very fast space. Information appliances like cell phones, two-way pagers, PDA’s, screen phones are becoming important in our lives. These devices are diverse in features, forms and function - they typically tend to be special-purpose and limited-function oriented. The need to connect information appliances to the Internet is increasing rapidly. Users will soon want to access information - web content, enterprise data, and personal data – from anywhere, anytime, and from a variety of devices. There’s a need to enable the seamless integration of information from intelligent devices containing valuable business information.
Mobile appliances and wireless communication are key enablers of pervasive computer systems. In the present day information technology environment, networking and security of data flow plays a vital role. Mobile operators bring new services into the mobile environment for customers and moves mobile phone towards a portable databank, which can help user when he is looking for something. The main drawback in mobile environment is the unrestricted access of useful information. The user has to be protected even more from the possible security challenges that lure in a dynamic and uncontrolled environment. A system improves its security level only when the user wants and applies the security procedures.
Secure Service management
This paper illustrates the security in case of service administrator and service engineer operation concept i.e.: In any organization it takes time for the service engineers to know the next task that is allotted to them by the administrator. Also persons who are not intended for that information may access the information that is provided by the administrator. Hence to solve the above problem the service engineers will be able to know their respective tasks through their mobile device. And the information provided by the administrator is encrypted, which is later, decrypted when the engineer receives the information on his mobile.
Mobile Solutions
Inspire of dramatic developments in the mobile technologies, the mobile devices and networks still have some limitations such as the bandwidth of wireless networks is low, the screen size is very small, the CPU and memory capacity are both limited and also they have limited input facilities. Therefore in order to deliver the services wirelessly to mobile devices, it is essential to choose a wireless development platform that supports these devices.
The prototype in this paper is constructed using J2ME, which has limited processing power and memory. J2ME technology specifically addresses the vast consumer space, which covers the range of extremely tiny commodities such as smart cards or a pager all the way up to the set-top box, an appliance almost as powerful as a computer. J2ME technology enables device manufacturers, service providers, and content creators to gain a competitive advantage and capitalize on new revenue streams by rapidly and cost-effectively developing and deploying compelling new applications and services to their customers worldwide.
The Java™ 2 Platform, Micro Edition (J2ME™) is the Java platform for consumer and embedded devices such as mobile phones, PDA's, TV set-top boxes, and a broad range of embedded devices. Like its enterprise (J2EE™), desktop (J2SE™) and smart card (Java Card™) counterparts, the J2ME platform is a set of standard Java APIs defined through the Java Community Processes program by expert groups that include leading device manufacturers, software vendors and service providers. The J2ME platform delivers the power and benefits of Java technology tailored for consumer and embedded devices — including a flexible user interface, robust security model, broad range of built-in network protocols, and support for networked and disconnected applications.
System Architecture
The mobile client sends the request through the Java enabled mobile device. The request is converted as Http request and given to the web server. The Web Server accesses the database for the relevant information in the form of query. The query results are given back to the Web Server as encrypted data. The Http response from the Web Server is given to the mobile device in the form of encrypted data. The user gets the encrypted data, which can be later decrypted by the user.
The first step is to determine as to what is involved and determining the components and data flow between them. Our core objective is to design and build a program to run on mobile devices that will act as a local attractions & route finder, displaying details of attractions. Clearly, the user interface will be contained on the wireless device, and it must obtain its data from some source. From this point, we have two options. We can either store the data within the program contained on the wireless device, in which case the user will not require connecting to any network. The data will always be present, and will be fast to receive. However, if the data is to be updated, then the user must reinstall the program on the wireless device. Furthermore, the amount of data to be contained, depending on the size of area covered, will be large in comparison to the standard amount of storage space available on such small devices.
The other option would be to place the data on a web server, which can be accessed at any time. The data will be generated dynamically depending on the user’s input. In this case, the user would enter the requirements into the program; these requirements are then sent to a web server, which searches for appropriate results and returns them to the user. Although obtaining the information in this manner is relatively slower, updating the data is easier and less memory is required to store the program on the device.
The paper is divided into four Modules:
·
· Application server / web server
· Database design & connectivity
· User Input
Mobile Interface:
· A Java application developed in Java ™ 2 Platform, Micro Edition (J2ME) is installed in the Java enabled mobile devices to provide menu driven architecture.
· It has three functions: interface with user, connection to web server and decrypt the data.
· Using J2ME, this MIDlet can have the capability to send user input to a web server.
· The result from the web server will be in Encrypted HTML format and MIDlet will trim and decrypt it into a list (omitting the HTML tags).
Application server / web server:
· Waits for any request from any client through mobile device.
· Whenever any client posts a request to the server it extracts command & Parameters and arranges it as a SQL query approximately.
· Based on the command and parameters the appropriate class function is invoked to perform the requested operation.
· Sometimes the class method accesses the databases and retrieves the information from the database; this is based on the request made by the client mobile device.
· The Result obtained must be returned and structured into HTML code.
Database design & connectivity
The MIDlet sends a query to the web server, which executes this query based on the data held in the database. Database server or backend will manage the database tables optimally among multiple clients who currently request server for same data.
User Input
The System
administrator enters the input as
Module Flow
Figure2: Module flow
Security The Java Cryptography Extension (JCE) is now a core part of Java SDK 1.4. Basically, it's a set of packages that provide a framework and implementations for encryption, key generation and agreement, and Message Authentication Code (MAC) algorithms. Algorithm independence and extensibility, implementation independence and interoperability are the main advantages of Java Cryptography Architecture.
The RSA encryption algorithm has been implemented using the Java Cryptography Extension. The algorithm developed by R.L. Rivest, A. Shamir, and L. Adleman. Makes use of an expression with exponentials. Plaintext is encrypted in blocks, with each block having a binary value less than some number n. Encryption and Decryption are of the following form, for some plaintext block M and cipher text block C:
C = Me mod n; M = Cd mod n
Both sender and receiver must know the value of n. the sender knows the value of e, and only the receiver knows the value of d. Thus this is a public-key encryption algorithm.
Functions of the system The system is designed for the engineers who need to know their tasks, which is allocated to them by the system administrator. There are altogether two main modules Next Request module and Customer information with each having independent sub modules.
Ø Next Request
This module provides the task details to the
respective engineers. First the engineer has to enter his username and password
for authentication. If he enters the correct username and password the list of
engineer code is being displayed where he selects his respective code.
If the engineer enters wrong username and password, the system displays a message saying invalid username and password and asks the user to enter correct user name and password.
Ø When the engineer selects his respective engineer code the task schedule dates for that respective engineer is displayed. The engineer selects the corresponding date.
Ø
Corresponding
to the engineer code and the task schedule date the encrypted task details is
displayed.
Ø
|
|
|
|
|
|
Ø The decrypted task details including the code of the customer who gave the complaint is displayed when the engineer presses the details key.
