Discussion Board

Results 1 to 4 of 4
  1. #1
    Registered User
    Join Date
    Aug 2009
    Posts
    2

    Sources of Entropy for RNG in Java ME

    Hi,

    I had a couple of questions relating to secure random number generation on Nokia devices. I would greatly appreciate some insights into these questions as I haven't had much success tracking the answers on the web.

    Are there any sources of entropy available to a Java MIDlet from the Java VM on Nokia Devices? Any information on this relating to devices from other manufacturers would also be appreciated.

    Also, is the Java VM on Nokia devices susceptible to the SSL RNG vulnerability that was discovered in Sun's Reference implementation? If not, how is the threat mitigated?


    Thanks.

  2. #2
    Super Contributor
    Join Date
    Jun 2003
    Location
    Cheshire, UK
    Posts
    7,395

    Re: Sources of Entropy for RNG in Java ME

    That's a complex, and very specific question. I'll tell you up front, I'm not qualified to answer it in full. However, I'll tell you what I can, just in case it's helpful.

    The chief source of random numbers for a Java MIDlet is the class java.util.Random. The behaviour of this class is specified very precisely in the API documentation. This generates pseudo-random numbers, using Lehmer's congruential method.

    (That said, I believe the Siemens C65 does not implement the algorithm correctly. This is the only device I am aware of with such a problem.)

    With specific reference to secure network connections, this is usually handled by the underlying platform, and not the Java implementation. It may also, in part, be handled by the mobile network. The latter is the case where a WAP-based connection is used, and the operator's WAP gateway makes a conversion from WTLS (Wireless Transport Layer Security) to SSL. This page might be interesting to you.

    The term "Nokia device" describes two distinctly different things. Devices using the Series 40 platform, and those using Series 60 (Symbian). If you want to know more about SSL on Symbian, I'd suggest you post in the Symbian board here on Forum Nokia, or the Symbian Foundation website.

    I think that's about all I can tell you. Hope that's of some help.

    Graham.

  3. #3
    Registered User
    Join Date
    Aug 2009
    Posts
    2

    Re: Sources of Entropy for RNG in Java ME

    Hi Graham,

    Thank you for the quick response.

    Yes, using java.util.Random is one way of generating Random numbers but these are not cryptographically secure random numbers and when a secure external seed is not provided (which is more often the case when the default constructor Random() is called) then Random takes its seed from current time.

    I was wondering if there was some other API for generating crpyographically secure random numbers like SecureRandom available that would draw entropy from some source like the trackball or microphone or from a file like "/dev/random" or "/dev/urandom" which collects entropy from the underlying system.

    The SSL vulnerability I was referring to earlier is from this paper "Attack on Sun's MIDP Reference Implementation of SSL" where the authors claim that the MIDP implementation of SSL takes its seed from current time which leads to an attacker being able to guess the pre-master and session keys.

    If there is no good source of entropy for generating secure random numbers in Nokia's implementation of MIDP2.0 for Symbian then the SSL implementation would be vulnerable to the same type of attack described above.

    I hope this clarifies my second question a bit.

    Thanks again.

  4. #4
    Super Contributor
    Join Date
    Jun 2003
    Location
    Cheshire, UK
    Posts
    7,395

    Re: Sources of Entropy for RNG in Java ME

    No, there is no SecureRandom class. The encryption library BouncyCastle requires such a class, and provides an implementation. Of course, this will be pure Java. You may want to investigate this.

    I just had a quick look over the paper you mention. It says:

    The MIDlet first ran on a Nokia 6600 and a SonyEricsson P900 over
    GPRS. However, we were unable to recover the time from the client nonce,
    which led to the conclusion that these phones do not use the same implementation
    of the PRNG as Sun’s reference implementation.
    This confirms what I said earlier. SSL is not handled in the Java environment, and so the security weakness is not present.

    Also, as I wrote previously, secure connections like HTTPS are often handled as SSL from the network gateway, not the device.

    Graham.

Similar Threads

  1. -- Java development for S80 with Eclipse --
    By Kalypso in forum Mobile Java Tools & SDKs
    Replies: 3
    Last Post: 2011-03-17, 11:35
  2. GUI Libraries for Java ME
    By erik.hellman in forum Mobile Java Media (Graphics & Sounds)
    Replies: 5
    Last Post: 2008-04-11, 11:56
  3. Why is Java the Language of Choice of Most Mobile Game Developers and Not C++?
    By lightninglord2000 in forum General Development Questions
    Replies: 3
    Last Post: 2008-02-19, 19:00
  4. j2ME, java enabled, and the 3410
    By davidkangaroo in forum Mobile Java General
    Replies: 2
    Last Post: 2002-07-05, 22:30

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×