A Java Cryptography Service Provider Implementing One-Time Pad Timothy E. Lindquist, Mohamed Diarra, and Bruce R. Millard Electronics and Computer Engineering Technology Arizona State University East http://www.east.asu.edu/ctas/ecet mailto:Tim@asu.edu Abstract Security is a challenging aspect of communications today that touches many areas including memory space, processing speed, code development and maintenance issues. When it comes to dealing with lightweight com- puting devices, each of these problems is amplified. In an attempt to address some of these problems, SUN’s Java 2 Standard Edition version 1.4 includes the Java Cryptography Architecture (JCA). The JCA provides a single encryption API for application developers within a framework where multiple service providers may implement different algorithms. To the extent possible application developers have available multiple encryp- tion technologies through a framework of common classes, interfaces and methods. The One Time Pad encryption method is a simple and reliable cryptographic algorithm whose characteristics make it attractive for communication with limited com- puting devices. The major difficulty of the One-Time pad is key distribution.In this paper, we present an imple- mentation of One-Time Pad as a JCA service provider, and demonstrate its usefulness on Palm devices. 1. Problem Dependence on the communications infrastructure continues to grow as the size of computing devices decreases. The growing dependence on Internet accessi- bility to services that do not reside in a local machine brings with it the need for secure communications. The target of this work are relatively small devices and their related systems, such as Windows CE, Palm TE , Hand- spring and cell phones used to access Internet services. While several large computer service organizations have spent millions of dollars recovering from cyber attacks, the potential economic impact of insecure e-commerce communications on limited devices is huge[1], [3]. Java continues to enjoy dominance in server-side technologies, however, a small but growing number of limited device applications are developed in Java. Nev- ertheless, Sun Microsystems Inc., added Java Cryptogra- phy Extension (JCE) and JCA (to the Java TM 2 Development Kit Standard Edition v1.4 (J2SDK), and has created a substantial market for applications running on J2ME (Java 2 Micro Edition). Other vendors are offering Java runtimes for limited devices. These ver- sions bring Java to client application developers [9], [11], and raise the issue of appropriate Java-based secu- rity mechanisms. J2ME does not include JCE and JCA, however The Legion Of The Bouncy Castle has developed a light- weight Cryptography API and a Provider for JCE and JCA [14]. Neither provider offers implementation of the One-Time Pad cryptography service [14]. The simplicity of the One-Time Pad method and the fact that it does not require high processor speed, make it ideal for lightweight computing devices. 1.1 Context This paper focuses on integrating the JCA cryptogra- phy service provider, starting by defining the engine classes and then implementing the One-Time Pad method. We include simple evaluation programs to test the provider. The problem of pad distribution is one of the tasks taken-on in order to have successful deploy- ment. Implementations of the one-time pad encryption- 0.9.4 are readily available. For example, one product is available for Windows command line launching. The source code written in ANSI-C and DOS executable are available for download at http://www.vidwest.com/otp/ [1]. The Security documentation provided with J2SDK includes detailed information on the implementation of Proceedings of the 37th Hawaii International Conference on System Sciences - 2004 0-7695-2056-1/04 $17.00 (C) 2004 IEEE 1