Engineering a secure mobile messaging framework
Umberto Ferraro Petrillo
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
It is quite usual in the world of scientific software development to use, as black boxes, algorithmic software libraries without any prior assessment of their efficiency. This approach relies on the assumption that the experimental performance of these libraries, although correct, will match the theoretical expectation of their algorithmic counterparts. In this paper we discuss the case of SEESMS (Secure Extensible and Efficient SMS). It is a software framework that allows two peers to exchange encrypted and digitally signed SMS messages. The cryptographic part of SEESMS is implemented on top of the Java BC library (The Legion of Bouncy Castle, 2010), a widely used open-source library. The preliminary experimentations conducted on SEESMS, discussed in Castiglione et al. (2010), revealed some unexpected phenomena like the ECDSA-based cryptosystem being generally and significantly slower than the RSA-based equivalent. In this paper, we analyze these phenomena by profiling the code of SEESMS and expose the issues causing its bad performance. Then, we apply some algorithmic and programming optimizations techniques. The resulting code exhibits a significant performance boost with respect to the original implementation, and requires less memory in order to be run.
Related papers
SMSCrypto: A lightweight cryptographic framework for secure SMS transmission
Journal of Systems and Software, 2013
Despite the continuous growth in the number of smartphones around the globe, Short Message Service (SMS) still remains as one of the most popular, cheap and accessible ways of exchanging text messages using mobile phones. Nevertheless, the lack of security in SMS prevents its wide usage in sensitive contexts such as banking and health-related applications. Aiming to tackle this issue, this paper presents SMSCrypto, a framework for securing SMS-based communications in mobile phones. SMSCrypto encloses a tailored selection of lightweight cryptographic algorithms and protocols, providing encryption, authentication and signature services. The proposed framework is implemented both in Java (target at JVM-enabled platforms) and in C (for constrained SIM Card processors) languages, thus being suitable for a wide range of scenarios. In addition, the signature model adopted does not require an on-line infrastructure and the inherent overhead found in the Public Key Infrastructure (PKI) model, facilitating the development of secure SMS-based applications. We evaluate the proposed framework on a real phone and on SIM Card-comparable microcontroller.
Rsa Algorithm Performance in Short Messaging System Exchange Environment
Short Message Service (SMS) is a widely service for brief communication. With the rise of mobile usage it has become a popular tool for transmitting sensitive information. This sensitive information should be totally secure and reliable to exchange. This urgent need for secure SMS, led to drive for RSA implementation, which is considered one of the strongest algorithms in security since we are going to bring big security into small device. Our main goal in this project is to design an experimental testbed application in order to use this application in evaluating the performance of RSA. This report explains and documents the process of implementing an RSA in Experimental SMS Exchange Environment using J2ME language which is available in several mobile devices on the market today.
PEARL: A PErformance evaluAtor of cRyptographic aLgorithms for Mobile Devices
Lecture Notes in Computer Science, 2004
Limited computational power imposes new challenges during the implementation of security and privacy solutions for mobile devices. The choice for the most appropriate cryptographic algorithm for each mobile device has become a critical factor. In this paper, we present an approach for performance evaluation of cryptographic algorithms for mobile devices. To validate the approach, a tool called PEARL (PErformance evaluAtor of cryptogRaphic aLgorithms for mobile devices) is introduced. This tool collects and analyzes information related to the executions of the cryptographic algorithms in the mobile devices. PEARL also allows evaluating the performance of symmetrical and asymmetrical cryptographic algorithms and hashing functions for the J2ME platform.
L1 - Faster Development and Benchmarking of Cryptographic Protocols
2009
Secure Multi-party Computation (SMC) enables secure distributed computation of arbitrary functions of private inputs. Multiple techniques for SMC have been well studied and can be applied within cryptographic protocols, leading to large and complex protocols. Their implementation is difficult for an average programmer to understand, time consuming and potentially prone to errors. We introduce a new programming language dedicated to cryptographic protocols, which speeds up their implementation, the deployment of the running software, and furthermore provides integrated support for benchmarking.
Memory performance of public-key cryptography methods in mobile environments
ACM SIGARCH Workshop on MEmory …, 2003
As an increasing number of Internet hosts are wireless, handheld devices with small memory and strict CPU-latency constraints, the performance of cryptography methods has become critical for high transaction throughput. Elliptic Curve Cryptography (ECC) is emerging as an attractive public-key system for constrained environments, because of the small key sizes and computational efficiency, while preserving the same security level as the standard methods. The memory performance of ECC algorithms was scarcely investigated. We have developed a set of kernel benchmarks to examine performance of standard and corresponding elliptic curve public-key methods. In this paper, we characterize the operations and their memory impact on performance in Diffie-Hellman key exchange, digital signature algorithm, ElGamal, and RSA publickey cryptosystem, as well as elliptic curve Diffie-Hellman key exchange, elliptic curve digital signature algorithm and elliptic curve El-Gamal algorithm. We modeled a typical mobile device based on the Intel XScale architecture, which utilizes an ARM processor core and studied the benchmark set on that target. Different possible variations for the memory hierarchy of such basic architecture were considered. We compared our benchmarks with MiBench/Security, another widely accepted benchmark set, in order to provide a reference for our evaluation.
Implementation of Rsa Encryption Algorithm on Instant Messaging Application
Journal of Data Science and Software Engineering, 2020
At this time the use of instant messaging applications is increasingly used compared to the use of SMS or other media because of its use which is more practical and faster. From the other side, the message information sent certainly requires confidentiality so that the message is not spread and known by others. For this reason mechanisms are needed, one of which is encryption to maintain message security. This research will implement the RSA (Rivest Shamir Adleman) encryption algorithm in the instant messaging application. This study uses a key length scenario of RSA 1024, 2048, 4096, and 6144 bits and a message length of 125, 250, 500, and 1000 characters implemented on 3 different devices. The results of testing on time and speed are the shorter the key used, the process will be shorter and faster.
An Extensible Framework for Efficient Secure SMS
2010
Nowadays, Short Message Service (SMS) still represents the most used mobile messaging service. SMS messages are used in many different application fields, even in cases where security features, such as authentication and confidentiality between the communicators, must be ensured. Unfortunately, the SMS technology does not provide a built-in support for any security feature.
A Novel Architecture for Secure Communications in Mobile Systems
Explosive growth in the number of mobile communication devices necessitates the need for more secure and energy-efficient schemes. They also pose additional constraints like limited battery-life and computational power, which add new dimensions to the conventional secure communication problem. In such a scenario, the need for newer paradigms and schemes cannot be overestimated. This paper discusses one such approach, in the form of a secure & mobile-platform-conducive architecture design, which is a thoughtful application of existing algorithms like RSA and the Elliptic Curve Cryptography (ECC). The core of this architecture lies in the fact that RSA public key operations are computationally much less intensive than the corresponding private key operations, while it is the other way around in ECC. Tests have been conducted to verify the claims. Results have shown that this architecture works better than the other architectures which can be employed in mobile communications.
A Comprehensive and Reproducible Comparison of Cryptographic Primitives Execution on Android Devices
IEEE Access
With technology evolving rapidly and proliferating, it is imperative to pay attention to mobile devices' security being currently responsible for various sensitive data processing. This phase is essential as an intermediate before the cloud or distributed ledger storage delivery and should be considered additional care due to its inevitability. This paper analyzes the security mechanisms applied for internal use in the Android OS and the communication between the Android OS and the remote server. Presented work aims to examine these mechanisms and evaluate which cryptographic methods and procedures are most advantageous in terms of energy efficiency derived from execution time. Nonetheless, the dataset with the measurements collected from 17 mobile devices and the code for reproducibility is also provided. After analyzing the collected data, specific cryptographic algorithms are recommended to implement an application that utilizes native cryptographic operations on modern Android devices. In particular, selected algorithms for symmetric encryption are AES256 / GCM / No Padding; for digital signature-SHA512 with RSA2048 / PSS, and for asymmetric encryption-RSA3072 / OAEP with SHA512 and MGF1 Padding.
Usability and Performance of Secure Mobile Messaging using Public Key Infrastructure
Human life style change substantially when the cellular technology goes commercial. Short Messaging Service (SMS) and Multimedia Message Service (MMS) play important roles in our daily life. The recent report carried out by Mobile Data Association (MDA) [1] shows that the yearly growth of SMS and MMS achieves 30 percent from year 2007 to 2008. Conventional SMS/MMS does not provide any protection on the text message sent. It causes the security threats such as privacy and message integrity. Mobile users seek for the solution to allow them to exchange confidential information in a safe environment. This leads to the implementation of M-PKI, which is an application that secures the mobile messaging service by using public key infrastructure (PKI). This new approach allows the end-user to send private and classified message via SMS. Besides, M-PKI offers message classification. This feature is specially designed to meet various user requirements on the level of security and performance....
Performance Analysis of RSA and Elliptic Curve Cryptography
2018
This paper presents a performance study and analysis of two popular public-key cryptosystems: RSA with its two variants, and ECC (Elliptic Curve Cryptography). RSA is considered as the first generation public-key cryptography, which is very popular since its inception while ECC is gaining its popularity recently. Besides studying and analyzing the paper also suggests the supremacy among these cryptosystems based on the experimentation. The paper shows the result of the experimentation performed using these cryptosystems with the different modulus/key sizes recommended by the NIST. The modulus/key sizes are used such as 1024/2048/3072-bit for RSA and 160/224/256-bit for ECC. After experimentation and execution of these cryptosystems, the paper concludes that an ECC-based cryptosystem is better than an RSA or its variants-based cryptosystem, and an ECC based cryptosystem best suits for memory-constrained devices, as an ECC-based cryptosystem requires fewer resources than an RSA-based ...
Elliptic curve cryptography: Java implementation issues
Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology, 2005
The commercial use of small mobile computer devices by enterprise and government organizations is on the rise as wireless networking is becoming very popular and evolving very fast. Elliptic Curve Cryptography (ECC) seems very useful for providing a high level of security on these devices with small key sizes compared to the traditional public-key cryptographic systems. In this work we implement the National Institute of Standards and Technology (NIST) recommended ECC algorithms on Pocket PCs. The programs are written in Java since a vast array of Internet applications service infrastructure is designed around Java technology. We show that Elliptic Curve Digital Signature Algorithm (ECDSA) can run in a suitable time with sufficient level of security.
A Performance Analysis of DES and RSA Cryptography
2013
Security is playing a vital role in the field of communication system and Internet. Data encryption standard (DES) and the Rivest-Shamir-Adleman (RSA) algorithms are the two popular encryption algorithms that vouch confidentiality and authenticity over an insecure communication network and Internet. There has been paltry cryptanalytic progress against these two algorithms since their advent. This paper presents the comparison between the DES private key based Algorithm and RSA public key based algorithm. The main feature that specifies and differentiate one algorithm from another are the ability to the speed of encryption and decryption of the input plain text. It also includes several computational issues as well as the analysis of DES algorithm and RSA algorithm like the encryption throughput and decryption throughput. The recipe of finding the encryption throughput and decryption throughput is discovered.
Performance analysis of cryptographic protocols on handheld devices
Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings.
The past few years have witnessed an explosive growth in the use of wireless mobile handheld devices as the enabling technology for accessing Internetbased services, as well as for personal communication needs in ad hoc networking environments. Most studies indicate that it is impossible to utilize strong cryptographic functions for implementing security protocols on handheld devices. Our work refutes this. Specifically, we present a performance analysis focused on three of the most commonly used security protocols for networking applications, namely SSL, S/MIME and IPsec. Our results show that the time taken to perform cryptographic functions is small enough not to significantly impact real-time mobile transactions and that there is no obstacle to the use of quite sophisticated cryptographic protocols on handheld mobile devices.
Comparative Analysis of Software Libraries for Public Key Cryptography
Software implementations of public key cryptosystems require efficient realization of operations on large integers and elements of the Galois Field. Multiple libraries implementing such operations exist both commercially and in the public domain, in this paper, we perform comparison of eight libraries: CLN, CryptoPP, GNU MP, LiDIA, MIR-ACL, NTL, OpenSSL and PIOLOGIE, using performance and support of public key primitive operations. The performance of all libraries is ranked based on the measurements performed according to a methodology that takes into account the performance and relative use of primitive cryptographic operations. The performance results shows that GNU MP has the best performance for operations on large integers, OpenSSL has the best performance for operations on elliptic curves over prime fields and LiDIA and MIRACL have the best performance for operations on elliptic curves over binary fields. CryptoPP leads in terms of support for cryptographic primitives and schemes, but is the slowest of all investigated libraries.
Evaluation of Cryptographic Capabilities for the Android Platform
Communications in Computer and Information Science, 2015
Future networks will be formed by millions of devices, many of them mobile, sharing information and running applications. Android is currently the most widely used operating system in smartphones, and it is becoming more and more popular in other devices. Providing security to these mobile devices and applications is a must for the proper deployment of future networks. For this reason, this paper studies the cryptographic structure and built-in tools in Android, and shows that the operating system has been specially designed for plugging-in external cryptographic modules. We conclude that the best option for providing cryptographic capabilities is using these external modules. We show the existent options and compare some features, like licensing, source code availability and price. We define some requirements, evaluate each module, and provide guidelines for developers who want to use properly security primitives.
Securing MMS with High Performance Elliptic Curve Cryptography
International Journal of Computer Applications, 2010
Multimedia Messaging Service (MMS) is a new standard in mobile messaging. Like SMS, MMS is a way to send a message from one mobile to another. MMS can include not just text, but also sound, images and video. For making MMS secure, steganography can be used with it. Without having privacy of data there is no meaning of doing communication using extremely high end technologies like SMS or MMS. This can be achieved by using steganography, which is the process of hiding secret information inside some carrier. SMS and MMS are can be used as carrier for hiding information on mobile devices. For insisting more security, encrypted data will be hidden inside MMS. As mobile devices have less memory and less processing power, we cannot use computation intensive encryption algorithms like AES, DES, and RSA. Elliptic Curve Cryptography (ECC) is emerging as an attractive alternative to traditional public-key cryptosystems. ECC offers equivalent security with smaller key sizes resulting in faster computations, lower power consumption, as well as memory and bandwidth savings. In my paper, I have proposed a method of encrypting text with ECC and then hiding encrypted text in MMS. SMS are limited to 160 character messages while MMS has no size limit. Biggest use of MMS is likely to be for companies for sending MMS messages to subscribers, enquirers or customers or for banks for sending secret information like PINS/Passwords etc. The computational burden of ECC can be minimized by executing ECC with multiple threads.
ELLIPTIC CURVE BASED SECURE MESSAGING SYSTEM
In this paper, an implementation of a secure messaging system based on Elliptic Curve Cryptography (ECC) is presented. Elliptic curve cryptography provides a methodology for obtaining high-speed, efficient, and scalable implementations of a messaging system. In this paper, we describe in detail the working and implementation of elliptic curve cryptographic techniques, and the results of our implementation of the elliptic curve cryptography and finally we will compare our results with the rival of ECC i.e., RSA [2]. Elliptic Curve cryptography is an emerging public key cryptosystem which provides the same degree of security as systems used in Secure Socket Layers (SSL) today with approximately one-eighth the key size [4]. This results in bandwidth savings, efficient implementation and compactness in silicon without any effect on security as compared to its rival, RSA [2]. We have used ECC for key exchange and Advance Encryption Standard (AES) for encryption. The implementation of ECC is based on polynomial representation of National Institute of Standards and Technology (NIST) approved curves over binary field. The system is developed using a host of available tools and libraries, meeting the prime requirements of ease of use. The developed system can easily be adapted to meet the need of any organization. With such attributes, the technology becomes especially useful for mobile devices and other small devices that are limited in the power, CPU performance, memory or bandwidth.
Charm: A Framework for Rapidly Prototyping Cryptosystems
We describe Charm, an extensible framework designed for rapid prototyping of cryptographic systems that utilize the latest advances in cryptography, such as identity and attribute-based encryption, as well as the traditional cryptographic functions. Charm is designed to minimize code complexity, promote code re-use, and to automate interoperability, while not compromising on efficiency.
Trusted SMS communication on mobile devices
2009
The exponential growth of the Short Message Service �SMS) use has transformed this service in a widespread tool for social and commerce messaging. However, security concerns have been raised as applications become more critical and complex. Thus, this paper introduces an SMS security framework, which allows programmers and users to exchange confidential, non-repudiable and digitally signed text messages. This framework can fit in many development scenarios, such as commercial transactions or bureaucratic delegations. In addition, the proposed framework is highly flexible and efficient, since programmers can choose among several encryption algorithms according to the computational power and battery usage of each mobile device. Finally, this paper also analyzes the existing tradeoffs between security and performance in SMS applications running on mobile devices such as smart-phones and PDAs.
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.