One of the most useful features in any per-sonal digital assistant (PDA) is that it can ac-cumulate information

needed including easy-to-forget de-tails. Some of the information stored is likely to be very sensitive including credit card numbers, personal iden-tification, and passwords. To protect this sensitive data, most PDAs offer password protection as a basic authentication. However, to rely on this type of protec-tion alone is not enough. As the writing of secret message cryptography, also known as science and mathematical lock and key (Schafer, 2003), evolved people rely on the encryp-tion process to increase their level of data protection.

The PDA has existed in the market since the 1970s but the VirtualPDA has only experienced average usage and is not very popular. In the 2000s, there are few commercial organizations developing the VirtualPDA, such as Mini Opera, which pos-sesses features like a regular PDA but which operates on a mobile phone. VirtualPDA is also developed to be published on the Internet so it can easily be accessed.

Today, the security of the VirtualP-DA is quite strong since developers use a lot of encryption algorithms (Melnick, 2003). As the encryp-tion algorithms rise, so do the number of hackers who want to crack these entire algo-rithms. On 26 November 2001, it was announced that the Rijndael algo-rithm had been selected as the Advanced Encryp-tion Standard (AES) and since that time no one has been able to crack or hack it (Wright, 2001). It can be said that the AES is the most secure encryption algorithm today due to its highly complicated process.

AES is a combination of security, performance, efficiency, ease of imple-mentation, and flexibility that makes it an appropriate selection for any system. Specifically, AES appears to be a consistently good performer in both hardware and software across a wide range of computing environments, regardless of its use in feedback or non-feedback

modes. Its key setup time is excellent and its key agility is good. AES’ very low memory requirements make it well suited for restricted-space environ-ments, in which it also demonstrates excellent performance.

AES’s operations are among the easiest to defend against power and timing attacks. Additionally, it appears that some defense can be provided

against such attacks without significantly impacting AES’s per-formance. AES is designed with some flexibility where it can accommodate alterations in the number of rounds and supports a wide range of key sizes, mainly 128 b, 192 b, and 256 b.

Due to this secured algorithm, we at InfoSec research group decided to design and develop a prototype known as Virtual

Digital Object Identifier 10.1109/MPOT.2008.931161

Secured MyVirtualPDA using Advanced Encryption Standard

40 IEEE POTENTIALS0278-6648/09/$25.00 © 2009 IEEE

© S

TO

ck

by

TE

& b

rA

Nd

X P

IcT

ur

ES

Nik Shahidah afifi Md TaujuddiN, Zaleha MohaMad Noor,

ZariNa TukiraN,Mohd helMy abd wahab,aNd ariffiN abdul MuTalib

Personal Digital Assistant that is able to encrypt any data using AES. The system is named MyVirtualPDA.

Why VirtualPDA?The main purpose of implementing

this project is to make the data in MyVir-tualPDA more secure. The security sys-tem implemented in existing VirtualPDA is not truly effective because people can easily hack the system. The security fea-tures in PDA handheld devices are dif-ferent than those embedded in the Vir-tualPDA. However, the security system in VirtualPDA can be implemented in PDA handheld.

This VirtualPDA will use the AES al-gorithm, which fixes block length to 128 b and support key lengths of 128 b, 192 b, and 256 b only. The features in the MyVir-tualPDA include notes, diary, reminder,

and an address book in which the in-teraction flow has been designed as de-picted in Fig. 1.

This article will elaborate on MyVir-tualPDA and its specialties and features.

Security checkWe developed the prototype with

graphical user interfaces. In MyVir-tualPDA, as is similar with all protected systems, the login page mechanism is a must, functioning as a basic security feature. It serves as the main interface of MyVirtualPDA to indicate that only au-thenticated users are allowed access into the system. Registered users are given an account and are allowed to access the system after entering the username and password at the Login Page (see Fig. 3).

When users enter the correct combi-nation of username and password, the

main menu will appear and the button is automatically placed to ensure it is work-ing to trigger its function for provided features. There are five application for users in MyVirtualPDA: 1) My Address Book—a personal directory to store contact information, 2) My Diary—al-lows users to write specific or important events, 3) My Notes—good for personal journal writing, 4) My Reminder—a fea-ture to remind users regarding specific events or tasks as well as deadlines, and 5) MyPDA Security—a feature to encrypt the entire user’s data. Also, an option to log out from the system is provided. Fig. 4 illustrates the main menu for My-VirtualPDA.

Among all the provided features, this article focuses on describing the security mechanism in MyVirtualP-DA. A set of procedures has been

jANuAry/fEbruAry 2009 41

Begin

New User?

Login success?

My Address Book

My Diary My Notes My Reminder

My PDA Security

Done?

Logout

Finish

RegisterYes

Yes

Yes

Begin

No

No

No

SessionFinish?

Yes

Fig. 1 The interaction flow of the MyVirtualPDA system.

Begin

Securing your data,DataSec

Reminder Message,user resp

Encryption type (eT):FE: File EncryptionTE: Text encryption

Perform File encryption

Perform File encryption

Finish

Yes

Yes

No

No

No

YesDataSec==Y ?

eT== FE

user resp==Y

Fig. 2 My PDA Security interaction flow.

carried out to test the reliability of the security feature. The aim of the test was to investigate whether the data was securely coded. In the test, before users log out of the system, they must make sure that the data was kept fully secured. If they for-get to perform the MyPDA Security procedure, an alert box (as in Fig. 5) will appear to remind them. There are two buttons to click; if they click “Yes,” then they can log out success-fully; but if they click “No,” then the MyPDA Security window will auto-matically appear.

As the users insert the appropriate keys, a percentage indicating the key quality will change in real time. To have a higher quality key, a user must make sure the key is constructed by combin-ing numbers, symbols, and letters. When a longer key is inserted, the percentage indicating quality key will get higher. The keys for encryption and decryption processes must be identical.

There are two ways users can choose to make their data secured. The first way is to perform file encryp-tion where the data is secured in an encrypted database. A user can also choose to perform text encryption manually and copy the cipher text to any feature. This text encryption is performed to encrypt only characters. A user may choose this encryption type to save their private data. These options are available in a single pop-up window as depicted in Fig. 6.

MyVirtualPDA is secured by imple-menting AES algorithm as the security mechanism. In short, this approach promotes that privacy, authentication, integrity, availability, access control, and no repudiation of a system can be achieved.

Read more about itD. Melnick, M. Dinman, and A. Mu-

ratov, PDA Security. New York: McGraw-Hill, 2003.

G. Schafer, Security in Fixed and Wire-less Networks. England: Wiley, 2003.

M.A. Wright, “The Advanced Encryp-tion Standard,” Journal Network Security, vol. 2001, no. 10, pp. 11–13, 2001.

About the authorsNik Shahidah Afifi Md Taujuddin

(shahidah@uthm.edu.my) is a lecturer with the Department of Com-puter Engineering, Faculty of Electrical and Electronic En-gineering, Universiti Tun Hus-sein Onn Malaysia. She holds a bachelor’s degree in electrical engineering (computer engi-neering) and a master’s degree in computer science, both from Universiti Teknologi Malaysia.

Zaleha Mohamad Noor (zaleha.mohamad.noor@nxp.com) is an engineer at NXP Semiconductor Malaysia Sdn Bhd (formally known as Philips Semiconductor).

Zarina Tukiran (zarin@uthm.edu.my) is a lecturer

at the Department of Computer En-gineering, Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia.

Mohd Helmy Abd Wahab (helmy@uthm.edu.my) is a lecturer from the Department of Computer Engineering, Universiti Tun Hussein Onn Malaysia. He holds a bachelor’s of information technology with honors and a master’s degree in intelligent systems from Uni-versiti Utara Malaysia.

Ariffin Abdul Mutalib (am.arif-fin@uum.edu.my) is a senior lecturer in the Applied Sciences Department, College of Arts and Sciences, Universiti Utara Malaysia.

42 IEEE POTENTIALS

Fig. 3 The login page.

Fig. 4 Main menu interface

Fig. 5 An alert box to remind about securing data.

Fig. 6 Options to encrypt a file and text.