Academia.eduAcademia.edu

Outline

Title
Abstract
Figures
Performance and Security Analysis
Security Analysis
References
All Topics
Computer Science
Cryptography

Secure End-to-End SMS Communication over GSM Networks

Profile image of Inam SattiInam Satti

Abstract

—In today's GSM networks, the security provided by the network operators is limited to the wireless links only. The information traveling over the wired links is insecure and weak encryption algorithms are used, therefore end-to-end security does not exist. The attacker is able to capture the traffic over the wireless link and decrypt it using specialized hardware. Short Message Service (SMS) is used widely all over the world which may contain sensitive and confidential information like banking systems. SMS spoofing applications are widely available through which any sender ID can be set. The objectives of this research includes, to provide end-to-end confidentiality, integrity and non-repudiation of SMS. The proposed scheme uses symmetric key and identity based techniques for encryption and key management. The overhead involved due to addition of control information may increase the message length but the computational delay due to cryptographic operation on the device is negligible on 1GHz+ processors. With the proposed scheme, any leakage either on the wireless or wired link will not result in any disclosure of the information or compromise of integrity.

Figures (12)
Fig. 1: Key Transport using Identity Based Encryption PKG and the private key generated as a result is sent to the requesting user over the secure channel. The receiver then executes the decrypt algorithm to unwrap the keying material using its private key. Following successful key transport, both sender and receiver can engage in secure SMS communication.
Fig. 1: Key Transport using Identity Based Encryption PKG and the private key generated as a result is sent to the requesting user over the secure channel. The receiver then executes the decrypt algorithm to unwrap the keying material using its private key. Following successful key transport, both sender and receiver can engage in secure SMS communication.
Fig. 3: C&A Model - Sender Side PMIV and four byte Message Code (MC) (?7EAM) are then concatenated with the encrypted message. Message Authenti- cation Code (MAC) of this concatenated value is calculated using HMAC-256 and 256-bit Symmetric Authentication Key (SAcK) from the SKDB. 32 Most Significant Bits (MSB) of MAC are also appended with the MC, PMIV and the encrypted SMS before transmitting to the GSM Network. The MAC value provides the origin authentication as well as message integrity. The original SMS text is also encrypted using Symmetric Authorization Key (SAzK) and the IV. SAzK is generated from the sender’s password and salt (MSISDN) value according to PKCS#5 [23]. The 128-bit IV is formed by zero padding the MSISDN which has a maximum length of 15 digits. The encrypted SMS is stored in the secure message database (SMDB) as a sent item to provide security at rest. The process flow at the sender side can be seen in Fig. 3.
Fig. 3: C&A Model - Sender Side PMIV and four byte Message Code (MC) (?7EAM) are then concatenated with the encrypted message. Message Authenti- cation Code (MAC) of this concatenated value is calculated using HMAC-256 and 256-bit Symmetric Authentication Key (SAcK) from the SKDB. 32 Most Significant Bits (MSB) of MAC are also appended with the MC, PMIV and the encrypted SMS before transmitting to the GSM Network. The MAC value provides the origin authentication as well as message integrity. The original SMS text is also encrypted using Symmetric Authorization Key (SAzK) and the IV. SAzK is generated from the sender’s password and salt (MSISDN) value according to PKCS#5 [23]. The 128-bit IV is formed by zero padding the MSISDN which has a maximum length of 15 digits. The encrypted SMS is stored in the secure message database (SMDB) as a sent item to provide security at rest. The process flow at the sender side can be seen in Fig. 3.
Fig. 4: C&A Model - Receiver Side
Fig. 4: C&A Model - Receiver Side
The decrypted text is again encrypted using SAzK of receiver and stored in SMDB as an inbox item. The flow at the receiver side is shown in Fig. 6.
The decrypted text is again encrypted using SAzK of receiver and stored in SMDB as an inbox item. The flow at the receiver side is shown in Fig. 6.
Fig. 6: CAN Model - Receiver Side Fig. 5: CAN Model - Sender Side
Fig. 6: CAN Model - Receiver Side Fig. 5: CAN Model - Sender Side
TABLE III: Secret Key Database (SKDB) 5) Key Zeroization: All the secret keys once used, must be zeroized. The variables holding the secret keys are overwritten with zeros to wipe the parameters temporarily stored in Ran- dom Access Memory (RAM). Zeroization of each key shall 4) Key Storage: The identity based public parameters and PbSKs are stored in plain. PrSK and PrKTK are wrapped according to [32]. SDEK and SAcK are stored in SKDB in encrypted form using SAzK. The structure of SKDB and PKDB is shown in Table III and IV.
TABLE III: Secret Key Database (SKDB) 5) Key Zeroization: All the secret keys once used, must be zeroized. The variables holding the secret keys are overwritten with zeros to wipe the parameters temporarily stored in Ran- dom Access Memory (RAM). Zeroization of each key shall 4) Key Storage: The identity based public parameters and PbSKs are stored in plain. PrSK and PrKTK are wrapped according to [32]. SDEK and SAcK are stored in SKDB in encrypted form using SAzK. The structure of SKDB and PKDB is shown in Table III and IV.
2) Key Generation: SDEKs and SAcKs are generated according to National Institute of Standards and Technology (NIST) Special Publication SP800- encryption, public key is calculated the public parameters taken from 33 [30].For identity based by the sender itself using the PKG whereas private key is acquired from the PKG over a secure channel [22]. For DSA, domain parameters and public private key pairs (2048,256) are generated according to Federal Information Processing Standards (FIPS) 186-4 [28]. It should be noted that the domain parameters are common for all mobile users where as public/private signature key pairs are generated by each user individually. The SAzKs are generated using the password provided by the user and salt(MSISDN) according to [23]. 1) Key Types: Five different types of keys are used for providing end-to-end security in SMS communication. All these key types are named according to [29]. A summary of which is shown in Table II.
2) Key Generation: SDEKs and SAcKs are generated according to National Institute of Standards and Technology (NIST) Special Publication SP800- encryption, public key is calculated the public parameters taken from 33 [30].For identity based by the sender itself using the PKG whereas private key is acquired from the PKG over a secure channel [22]. For DSA, domain parameters and public private key pairs (2048,256) are generated according to Federal Information Processing Standards (FIPS) 186-4 [28]. It should be noted that the domain parameters are common for all mobile users where as public/private signature key pairs are generated by each user individually. The SAzKs are generated using the password provided by the user and salt(MSISDN) according to [23]. 1) Key Types: Five different types of keys are used for providing end-to-end security in SMS communication. All these key types are named according to [29]. A summary of which is shown in Table II.
Fig. 7: Key Establishment
Fig. 7: Key Establishment
Fig. 8: Security Comparison of C&A and CAN Models
Fig. 8: Security Comparison of C&A and CAN Models
Fig. 9: Performance Comparison of C&A and CAN Models
Fig. 9: Performance Comparison of C&A and CAN Models

Related papers

A Secure End-To-End Protocol for Secure Transmission of SMS
Vaidehi Mantri

2018

Nowadays, short message service (SMS) is being used in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce etc. Short message service (SMS) is the text communication service component of mobile communication system by using standardized communication that allow to exchange of short text messages between mobile phone devices. Short message service (SMS) plays a vital role in various different fields such as in the medical field, mobile banking etc But the traditional SMS service offered by some of the network operator does not provide the encryption to the information before the SMS has been transmitted.The objective of this dissertation work is to implement an EasySMS protocol which is an efficient and secure protocol, which provides an end-to-end secure communication through SMS between end users.The main components in the Easy SMS protocol are two mobile station,authentication server (AS) which stores all the symmetric keys shared between...

View PDFchevron_right
A security mechanism for secure SMS communication
Hulisani Ratshinanga

Proceedings of SAICSIT, 2004

Short Message Service (SMS) has grown in popularity over the years and it has become a common way of communication. SMS is usually used to transport unclassified information, but with the rise of mobile commerce it has become a popular tool for transmitting sensitive information between the business and its clients. By default SMS does not guarantee confidentiality and integrity to the message content. Therefore SMS is not totally secure and reliable. This affects the Wireless Messaging API (WMA)-an optional package for Java 2 Micro Edition that enables SMS messaging on Java-enabled cellular phones. This paper proposes a protocol that can be used to secure a SMS connection between a WMA client and SMS-based server.

View PDFchevron_right
ECUREDSMS: A PROTOCOL FOR SMS SECURITY
IAEME Publication

IAEME PUBLICATION, 2014

Short Message Service (SMS) has become common in many of our daily life applications. Sometimes SMS is used to send confidential information like password, passcode, banking details etc. But in traditional SMS service, information content is transmitted as plain text which is not at all secure. It’s because when SMS is transmitted as plain text without using any encryption mechanisms it is easily subjected to many attacks. In this paper, we propose a protocol called SecuredSMS which make use of the symmetric key shared between the end users thus providing secure and safe communication between two users. The analysis of this protocol shows that it is highly secure as it is able to prevent the information content from various attacks like replay attack, man-in-the-middle attack, over the air modification and impersonation attack. SecuredSMS can be activated in the phone using PIN number. It also provides a way for remote destruction and remote locking in the case if the phone is stolen or lost.

View PDFchevron_right
An Extended Approach for SMS Security using Authentication Functions
Neetesh Saxena

2012

Nowadays, security of SMS is a crucial aspect because it plays an important role in value added services and mobile commerce. Asymmetric algorithm like Diffie-Hellman can be used to encrypt the SMS message in M-commerce or mobile banking system. We use authentication functions to maintain the integrity of data. Password key exchange protocol based on Diffie-Hellman algorithm generates a secret shared key which can be used in message encryption and in MAC function. MAC (message authentication code) or hash functions are used maintain the integrity of message and can be used with the encryption. These functions also act as an error detecting code or checksum. This paper discusses the comparative analysis of both the authentication functions separately for password key exchange protocol by analyzing some of the security issues. The discussion of this paper concludes that MAC functions are more secure than hash function, but having greater complexity and take more to execute. So, it's better to use hash function for maintaining the integrity of message over a network where the transmitted amount of message is very small (SMS). Here, digital signature is generated with RSA to show the functionality of MD5 and SHA1, which prevents SMS from message modification and non-repudiation attack.

View PDFchevron_right
END TO END TRANSMISSION OF SMS USING CRYPTOGRAPHY TECHNIQUE
IJESRT JOURNAL

Short message service (SMS) is a very popular and one of the easy to use communication technologies for mobile phone devices. Originally, this service was not designed to transmit secured data, so the security was not an important issue during its design. Short Message Service is normally used to transport unclassified data, but with the rise of mobile commerce it has become a fundamental tool for conducting business. However SMS does not guarantee confidentiality and integrity of the message. Now a days, short message service (SMS) is being us ed in many daily life applications, including mobile banking, mobile commerce, and so on. But when we send an SMS from one mobile device to another, the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on, and it is a major drawback to send such information through SMS while the traditional SMS service does not provide encryption to the information before its transmission. In this paper, we propos e an efficient and secure technique, which provides end - to - end secure communication through SMS between end users. This paper proposes encryption technique that can be used to secure a SMS communication, when SMS is transmitting form source to destination, it have to be reached up to the destination securely means SMS transmission have to be secure.

View PDFchevron_right
Proposed Terminal Device for End-to-End Secure SMS in Cellular Networks
Neetesh Saxena

10th Annual Symposium on Information Assurance (ASIA), 2015

Nowadays, SMS is very popular mobile service and even poor, illiterate, and rural areas living people use SMS service very efficiently. Although many mobile operators have already started 3G and 4G services but 2G services are still be used by the people in many countries. In 2G (GSM), only encryption provided is between the MS and the BTS, there is no end-to-end encryption available. Sometimes we all need to send some confidential message to other person containing bank account number, some password, financial details, etc. Normally, a message is sent in plain text only to the recipient and it’s not an acceptable standard for transmitting such important and confidential information. We propose an end-to-end encryption approach by designing a terminal for sending/receiving a secure message. An asymmetric key exchange algorithm is used in order to transmit secret shared key securely to the recipient. The proposed approach used in terminal device provides authentication, confidentiality, Integrity, and non-repudiation.

View PDFchevron_right
SecureSMS: A Secure SMS Protocol for VAS and Other Applications
Neetesh Saxena

2014

Nowadays, the SMS is a very popular communication channel for numerous value added services (VAS), business and commercial applications. Hence, the security of SMS is the most important aspect in such applications. Recently, the researchers have proposed approaches to provide end-to-end security for SMS during its transmission over the network. Thus, in this direction, many SMS-based frameworks and protocols like Marko's SMS framework, Songyang's SMS framework, Alfredo's SMS framework, SSMS protocol, and, Marko and Konstantin's protocol have been proposed but these frameworks/protocols do not justify themselves in terms of security analysis, communication and computation overheads, prevention from various threats and attacks, and the bandwidth utilization of these protocols. The two protocols SMSSec and PK-SIM have also been proposed to provide end-to-end security and seem to be little better in terms of security analysis as compared to the protocols/framework mentioned above. In this paper, we propose a new secure and optimal protocol called SecureSMS, which generates less communication and computation overheads. We also discuss the possible threats and attacks in the paper and provide the justified prevention against them. The proposed protocol is also better than the above two protocols in terms of the bandwidth utilization. On an average the SecureSMS protocol reduces 71% and 59% of the total bandwidth used in the authentication process as compared to the SMSSec and PK-SIM protocols respectively. Apart from this, the paper also proposes a scheme to store and implement the cryptographic algorithms onto the SIM card. The proposed scheme provides end-to-end SMS security with authentication (by the SecureSMS protocol), confidentiality (by encryption AES/Blowfish; preferred AES-CTR), integrity (SHA1/MD5; preferred SHA1) and non-repudiation (ECDSA/DSA; preferred ECDSA).

View PDFchevron_right
A Secure Protocol For End To End Security To SMS Banking
IRJET Journal

— Short Message Service (SMS) is a very popular and easy-to-use communication medium for mobile phone users. Using SMS mobile user send some confidential information such as password , account number , banking information in the form of text message from one mobile to another mobile,. The information send in plaintext format the hacker easily read this information and privacy will not be maintained. Nowadays SMS is used for many value added services as mobile banking and e-commerce but due to lack of security this application rarely used. For this purpose we provide a solution that provides end to end security of the message with authentication, confidentiality, integrity. Hence we present a secure model for SMS mobile banking services tailored to suit mobile cellular phone users.

View PDFchevron_right
A Secure Approach for SMS in GSM Network
Neetesh Saxena

2012

The Short Message Service (SMS) is one of very popular kind of superior and well-tried services with a global availability in GSM networks. This paper deals with an SMS security for mobile communication. The transmission of an SMS in GSM network is not secure; therefore it is desirable to secure SMS by additional encryption. A proposed approach, based on encryption and digital signature efficiently embeds the confidentiality, integrity, authentication, and non-repudiation in the SMS messages. In the next part, there is the description of design and implementation of the application, which encrypts SMS by DES, Triple DES, AES and Blowfish algorithms and finally signs SMS by DSA or RSA algorithm respectively. At the end, we described attacks on secured SMS and future extension of the application.

View PDFchevron_right
Secure Model for SMS Exchange over GSM
Mohammed B. ALSHAWKI, Loay E George

—Distributed systems use General Packet Radio Service (GPRS) to exchange information between different members of the system. The members of the system depend critically upon their ability to access internet connection in order to exchange data via GPRS and the system will shut down in case of unavailability of Internet connection. There is a strong need for developing another backup communication media. In this paper a data transaction method based on encoded Short Message Service (SMS) over Global System for Mobile Communication (GSM) is proposed. This new method guarantees the functionality of the system in case of inaccessibility to GPRS which may be not always available due to measures such as attacks that affect its availability. The proposed method is based on third party agent who can keep the address secrecy of both communicators besides keeping confidentiality, integrity and availability.

View PDFchevron_right

References (32)

  1. S. Magazines, "World to have more cell phone accounts than people by 2014," January 2013.
  2. E. Biham and O. Dunkelman, "Cryptanalysis of the a5/1 gsm stream cipher," in Progress in Cryptology INDOCRYPT 2000, ser. Lecture Notes in Computer Science, B. Roy and E. Okamoto, Eds. Springer Berlin Heidelberg, 2000, vol. 1977, pp. 43-51.
  3. A. Biryukov, A. Shamir, and D. Wagner, "Real time cryptanalysis of a5/1 on a pc," in Fast Software Encryption, ser. Lecture Notes in Computer Science, G. Goos, J. Hartmanis, J. van Leeuwen, and B. Schneier, Eds. Springer Berlin Heidelberg, 2001, vol. 1978, pp. 1-18.
  4. M. Briceno, I. Goldberg, and D. Wagner, "A pedagogical imple- mentation of the gsm a5/1 and a5/2 voice privacy encryption al- gorithms," Originally published at http://www. scard. org, mirror at http://cryptome. org/gsm-a512. htm, 1999.
  5. P. Ekdahl and T. Johansson, "Another attack on a5/1," Information Theory, IEEE Transactions on, vol. 49, no. 1, pp. 284-289, Jan 2003.
  6. T. Gendrullis, M. Novotn, and A. Rupp, "A real-world attack breaking a5/1 within hours," in Cryptographic Hardware and Embedded Systems CHES 2008, ser. Lecture Notes in Computer Science, E. Oswald and P. Rohatgi, Eds. Springer Berlin Heidelberg, 2008, vol. 5154, pp. 266-282.
  7. K. Specification, "Specification of the 3gpp confidentiality and integrity algorithms," Version, vol. 1, pp. 8-17.
  8. H. Ratshinanga, J. LO, and J. Bishop, "A security mechanism for secure sms communication," pp. 1-6, 2004.
  9. M. Hassinen and S. Markovski, "Secure sms messaging using quasi- group encryption and java sms api." in SPLST, P. Kilpelinen and N. Pivinen, Eds. University of Kuopio, Department of Computer Science, 2003, pp. 187-.
  10. K. Chikomo, M. K. Chong, A. Arnab, and A. Hutchison, "Security of mobile banking," University of Cape Town, South Africa, Tech. Rep., Nov, vol. 1, 2006.
  11. S. Zhao, A. Aggarwal, and S. Liu, "Building secure user-to-user mes- saging in mobile telecommunication networks," in Wireless Telecom- munications Symposium, 2008. WTS 2008, April 2008, pp. 151-157.
  12. J.-S. Hwu, S.-F. Hsu, Y.-B. Lin, and R.-J. Chen, "End-to-end security mechanisms for sms," International Journal of Security and Networks, vol. 1, no. 3, pp. 177-183, 2006.
  13. M. Agoyi and D. Seral, "Sms security: An asymmetric encryption approach," in Wireless and Mobile Communications (ICWMC), 2010 6th International Conference on, Sept 2010, pp. 448-452.
  14. D. Lisonek and M. Drahansky, "Sms encryption for mobile commu- nication," in Security Technology, 2008. SECTECH '08. International Conference on, Dec 2008, pp. 198-201.
  15. M. Toorani and A. Beheshti, "Ssms -a secure sms messaging protocol for the m-payment systems," in Computers and Communications, 2008. ISCC 2008. IEEE Symposium on, July 2008, pp. 700-705.
  16. A. De Santis, A. Castiglione, G. Cattaneo, M. Cembalo, F. Petagna, and U. Petrillo, "An extensible framework for efficient secure sms," in Complex, Intelligent and Software Intensive Systems (CISIS), 2010 International Conference on, Feb 2010, pp. 843-850.
  17. J. L.-C. Lo, J. Bishop, and J. H. P. Eloff, "Smssec: An end-to-end protocol for secure sms," Computers and Security, pp. 154-167, 2008.
  18. N. J. Croft and M. S. Olivier, "Using an approximated one-time pad to secure short messaging service (SMS)," in Southern African Telecom- munication Networks and Applications Conference 2005 (SATNAC 2005) Proceedings, D. Browne, Ed., vol. 1, Champagne Castle, South Africa, 9 2005, pp. 71-76.
  19. N. Saxena and N. Chaudhari, "Easysms: A protocol for end-to-end secure transmission of sms," Information Forensics and Security, IEEE Transactions on, vol. 9, no. 7, pp. 1157-1168, July 2014.
  20. S. Markovski, A. Kuzmanovska, and M. Simeonovski, "A protocol for secure sms communication for android os," in ICT Innovations 2011, ser. Advances in Intelligent and Soft Computing, L. Kocarev, Ed. Springer Berlin Heidelberg, 2012, vol. 150, pp. 171-178.
  21. G. Belvin, "A secure text messaging protocol," Cryptology ePrint Archive, Report 2014/036, 2014, http://eprint.iacr.org/.
  22. D. Boneh and M. Franklin, "Identity-based encryption from the weil pairing," in Advances in Cryptology CRYPTO 2001, ser. Lecture Notes in Computer Science, J. Kilian, Ed. Springer Berlin Heidelberg, 2001, vol. 2139, pp. 213-229.
  23. B. Kaliski, "Pkcs #5: Password-based cryptography specification ver- sion 2.0," United States, 2000.
  24. A. Shamir, "Identity-based cryptosystems and signature schemes," in Advances in Cryptology, ser. Lecture Notes in Computer Science, G. Blakley and D. Chaum, Eds. Springer Berlin Heidelberg, 1985, vol. 196, pp. 47-53.
  25. V. Gupta, S. Gupta, S. Chang, and D. Stebila, "Performance analysis of elliptic curve cryptography for ssl," in Proceedings of the 1st ACM Workshop on Wireless Security, ser. WiSE '02. New York, NY, USA: ACM, 2002, pp. 87-94. [Online]. Available: http://doi.acm.org/10.1145/570681.570691
  26. L. Martin, G. Appenzeller, and M. Schertler, "Identity-based encryption architecture and supporting data structures," Identity, 2009.
  27. M. Dworkin, "Sp 800-38a. recommendation for block cipher modes of operation," Gaithersburg, MD, United States, Tech. Rep., 2001.
  28. N. I. of Standards and C. Technology, "Building in big brother," L. J. Hoffman, Ed. New York, NY, USA: Springer- Verlag New York, Inc., 1995, ch. Federal Information Processing Standards Publication 186 (1994 May 19): Specifications for the Digital Signature Standard (DSS), pp. 84-86. [Online]. Available: http://dl.acm.org/citation.cfm?id=212412.212420
  29. E. B. Barker, W. C. Barker, W. E. Burr, W. T. Polk, and M. E. Smid, "Sp 800-57. recommendation for key management, part 1: General (revised)," Gaithersburg, MD, United States, Tech. Rep., 2007.
  30. E. Barker and A. Roginsky, "Sp 800-133. recommendation for crypto- graphic key generation," 2012.
  31. E. B. Barker, L. Chen, A. R. Regenscheid, and M. E. Smid, "Sp 800- 56b. recommendation for pair-wise key establishment schemes using integer factorization cryptography," Gaithersburg, MD, United States, Tech. Rep., 2009.
  32. M. Dworkin, "Sp 800-38f. recommendation for block cipher modes of operation: Methods for key wrapping," NIST Special Publication, vol. 800, p. 38F, 2012.

Related papers

Enhancing the Security for End to End SMS in GSM or UMTS Networks
IJAERS Journal

— Short message service (SMS) is most important communication medium in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. When a SMS send an from one mobile phone (MS) to another MS (Mobile subscriber), the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers ,passwords, license number ,PAN number and so on, and it is a major drawback to send such information through SMS while the traditional SMS service does not provide encryption to the information before its transmission, However telecom service providers are ensuring at server end some security provided as Using A3,A8 and Kc algorithms through Triplet Authentication system, but not providing during the message transformation .In this paper, we propose an efficient and secure protocol called User End secure SMS along with integrity key check and massage through Encrypted form as secure manner from source to destination across GSM or UMTS networks , which provides end-to-end secure communication through SMS between end users. The working of the protocol is presented by considering two different scenarios. The analysis of the proposed protocol shows that this protocol is able to prevent various attacks, including SMS disclosure, over the air modification, replay attack, man-in-the middle attack, and impersonation Attack. .The protocol completely based on the symmetric key cryptography and retains original architecture of cellular network. The simulation generated in C#.net for execution system. SMS protocol is successfully designed in order to provide end-to-end secure communication through SMS between mobile users. The analysis of the proposed protocol shows that the protocol is able to prevent various attacks. The transmission of symmetric key to the mobile users is efficiently managed by the protocol. We consider all the transmission among various Authentication Server AS (Either same location or different location) take place by encrypting the message with a symmetric key shared between each pair of AS. This protocol produces lesser communication and computation overheads, utilizes bandwidth efficiently, and reduces message exchanged ratio during authentication than AES overheads, utilizes bandwidth efficiently, and reduces message exchanged ratio during authentication than AES

View PDFchevron_right
A Survey on Secure SMS Transmission and authentication at user end
PRAGATI PATIL

2015

Short message service (SMS) is most important communication medium in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. when a SMS send an from one mobile phone(MS) to another MS (Mobile subscriber), the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on, and it is a major drawback to send such information through SMS while the traditional SMS service does not provide encryption to the information before its transmission, However telecom service providers are ensuring at server end some security provided as Using A3,A8 and Kc algorithms, but not providing during the message transformation .In this paper, we propose an efficient and secure protocol called User End secure SMS along with integrity key check, which provides end-to-end secure communication through SMS between end users. The working of the protocol is pre...

View PDFchevron_right
Secure SMS : Advanced Version of Cyber SMS
Abhishek Agwekar

2017

Nowadays, short message service (SMS) is being used in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. But when we send an SMS from one mobile phone to another, the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on. In this paper, presented an efficient and secure technique called secure SMS. The working of the protocol is presented by considering the asymmetric key cryptography . The analysis of the proposed technique shows that this protocol is able to prevent various attacks, including SMS disclosure, over the air modification, replay attack, man-in-the middle attack, and impersonation attack

View PDFchevron_right
Authenticated and Secure End-To-End Communication Channel Using SMS Messages
Mahdi Stoni

AL-Rafidain Journal of Computer Sciences and Mathematics, 2009

One of the key issues of modern cryptography is the problem of establishing a secure end-to-end communication over an insecure communication channel. Short Message Service (SMS) is a hugely popular and easily adopted communications technology for mobile devices. Users conduct business, disclose passwords and receive sensitive notification reports from systems using this communication technology. SMSs by default are sent in clear text form within the serving GSM (Global System for Mobile communications) network, Over The Air (OTA), and potentially over the public Internet in a predictable format. This allows anyone accessing the GSM system to read, and or modify the SMS content even on the fly. In this paper, we present an approach mainly consists of two steps, first, SHA-1 authentication is used to generate a message digest that is combined with previous message digest and a shared secret key to form an initial key stream. Secondly, this key will be used as input to a mathematical equation derived in prefix notation from randomly selected set of operators and functions supported by the software platform extracted from special table. The final key stream is the output of this equation which is a one time pad to encrypt the original message text. Lastly, encrypted SMS message will be sent and a randomized operation will be then applied to that table. A one-time pad, considered to be the only perfectly secure cryptosystem, secures an SMS message for transport over any medium between a mobile device and the serving GSM network and through it too.

View PDFchevron_right
EasySMS: A Protocol for End-to-End Secure Transmission of SMS
Neetesh Saxena

IEEE Transactions on Information Forensics and Security,, 2014

Nowadays, short message service (SMS) is being used in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. But when we send an SMS from one mobile phone to another, the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on, and it is a major drawback to send such information through SMS while the traditional SMS service does not provide encryption to the information before its transmission. In this paper, we propose an efficient and secure protocol called EasySMS, which provides end-to-end secure communication through SMS between end users. The working of the protocol is presented by considering two different scenarios. The analysis of the proposed protocol shows that this protocol is able to prevent various attacks, including SMS disclosure, over the air modification, replay attack, man-in-the-middle attack, and impersonation attack. The EasySMS protocol generates minimum communication and computation overheads as compared with existing SMSSec and PK-SIM protocols. On an average, the EasySMS protocol reduces 51% and 31% of the bandwidth consumption and reduces 62% and 45% of message exchanged during the authentication process in comparison to SMSSec and PK-SIM protocols respectively. Authors claim that EasySMS is the first protocol completely based on the symmetric key cryptography and retain original architecture of cellular network.

View PDFchevron_right

Related topics

  • Applied Cryptography
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved