State of Security for SMS on Mobile Devices

Proceedings of SAICSIT, 2004

Short Message Service (SMS) has grown in popularity over the years and it has become a common way of communication. SMS is usually used to transport unclassified information, but with the rise of mobile commerce it has become a popular tool for transmitting sensitive information between the business and its clients. By default SMS does not guarantee confidentiality and integrity to the message content. Therefore SMS is not totally secure and reliable. This affects the Wireless Messaging API (WMA)-an optional package for Java 2 Micro Edition that enables SMS messaging on Java-enabled cellular phones. This paper proposes a protocol that can be used to secure a SMS connection between a WMA client and SMS-based server.

IAEME PUBLICATION, 2014

Short Message Service (SMS) has become common in many of our daily life applications. Sometimes SMS is used to send confidential information like password, passcode, banking details etc. But in traditional SMS service, information content is transmitted as plain text which is not at all secure. It’s because when SMS is transmitted as plain text without using any encryption mechanisms it is easily subjected to many attacks. In this paper, we propose a protocol called SecuredSMS which make use of the symmetric key shared between the end users thus providing secure and safe communication between two users. The analysis of this protocol shows that it is highly secure as it is able to prevent the information content from various attacks like replay attack, man-in-the-middle attack, over the air modification and impersonation attack. SecuredSMS can be activated in the phone using PIN number. It also provides a way for remote destruction and remote locking in the case if the phone is stolen or lost.

2010

Nowadays, Short Message Service (SMS) still represents the most used mobile messaging service. SMS messages are used in many different application fields, even in cases where security features, such as authentication and confidentiality between the communicators, must be ensured. Unfortunately, the SMS technology does not provide a built-in support for any security feature.

The Short Message Service (SMS) is one of the frequently used mobile services with universal availability in all GSM networks. The current SMS hasnít achieved secure transmission of plaintext between different mobile phone devices. SMS doesnít have its own build-in mechanism to secure the transmitted data because security isnít considered as a priority application for mobile devices. Many SMS security schemes have been proposed by the researchers. This survey presents the existing schemes used to secure SMS message communication. State of the art SMS security solutions for mobile devices is presented from the period 2006-2013. Literature research of those security schemes is conducted and presented in this survey. The effect of each security scheme on mobile device's performance is also observed. Finally, a general summary of all security schemes with their limitations is presented.

2015

This thesis analyzes the security of Short Message Service (SMS) which is a permanent service on mobile networks. Mobile networks have evolved from GSM Technology for more than 20 years. Security is a headline issue these days and use of SMS service has become an extension of our lives and plays a paramount role in daily chores since its inception with most immediate and efficient form of communication. Due to the available functionality of the mobile networks, SMS are exposed to different kinds of attacks. SMS is one of the fundamental features of the mobile phone and is considered to be a fascinating area for attackers. For the increasing demand for secure SMS, it is important to perform vulnerability analysis of SMS implementation and finding out additional security vulnerabilities within the network, and smart-phones. With the existence of the mobile phone over the years, SMS has been widely embraced as a standard for quick and easy communication. SMS has proceeded from normal message service to two-factor authentication (2FA) scheme for account login and registering. Ever since the growing mindshare and outsized new security valuations to the users for their accounts, SMS service provides best possible forms such as one-time password (OTP) and mobile-Transaction Authentication Number (mTAN) for 2FA. The most important and challenging part of mobile communication is SMS security as attackers illegally access the sensitive data through messages and sometimes compromising the device. If these themes are not addressed adequately, through security controls and measures, the underlying threats could compromise the confidentiality, integrity and availability of SMS service. A detailed study of the mobile networks, SMS protocol structure, and various attack methods were investigated to understand the different properties of authentication and encryption methods that can be applied to counteract the exploits for the applicability of SMS messages in near future. Security Analysis of SMS and Related Technologies iii Acknowledgement I am grateful to numerous local and global peers who have contributed towards shaping this thesis. At the outset, I would like to express my sincere thanks to Berry Schoenmakers for his advice during my thesis work. As my supervisor, he has constantly encouraged me to remain focused on achieving my goal. His observations and comments helped me to establish the overall direction of the research and to move forward with some detailed investigations. He has helped me greatly and been a source of knowledge to me. I wish to extend my gratitude to Benne de Weger and Jerry den Hartog for accepting to be in the evaluation committee of my final examination of thesis. My sincere thanks to everyone who has provided me with kind words, a welcome ear, new ideas, useful criticism, or their invaluable time, I am truly indebted. My gratitude also goes out to my younger brother Sanket Chaudhari , my family and friends in Eindhoven and India who helped me all the way during my Master's and during the thesis with any technical problems on the way. I must acknowledge the academic resources that I have got from Technical Univeristy of Eindhoven. Last, but not the least, I would like to dedicate this thesis to my family, for their love, patience, and understanding. Security Analysis of SMS and Related Technologies v Contents Contents vii List of Figures ix List of Tables xi

Scientific Research and Essays, 2011

The short message service (SMS) is one of the highly used and well-tried mobile services with global availability within all GSM networks. The existing SMS is limited to the transmission of secure plain text between different mobile phone subscribers. SMS does not have any built-in procedure to authenticate the text and offer security for the text transmitted as data, because most of the applications for mobile devices are designed and developed without taking security into consideration. This paper details an overview of the current SMS security aspects and concerns during the SMS transmission. It also chronologically presents the existing mechanisms used to protect the SMS with the goal to provide useful advices for further research. In addition, the security and efficiency of these mechanisms are analysed, considering the limitation on the mobile devices and the security requirements. Finally it suggests the SMS security future direction for generating extra research topics.

2009

The exponential growth of the Short Message Service �SMS) use has transformed this service in a widespread tool for social and commerce messaging. However, security concerns have been raised as applications become more critical and complex. Thus, this paper introduces an SMS security framework, which allows programmers and users to exchange confidential, non-repudiable and digitally signed text messages. This framework can fit in many development scenarios, such as commercial transactions or bureaucratic delegations. In addition, the proposed framework is highly flexible and efficient, since programmers can choose among several encryption algorithms according to the computational power and battery usage of each mobile device. Finally, this paper also analyzes the existing tradeoffs between security and performance in SMS applications running on mobile devices such as smart-phones and PDAs.

2014

Nowadays, the SMS is a very popular communication channel for numerous value added services (VAS), business and commercial applications. Hence, the security of SMS is the most important aspect in such applications. Recently, the researchers have proposed approaches to provide end-to-end security for SMS during its transmission over the network. Thus, in this direction, many SMS-based frameworks and protocols like Marko's SMS framework, Songyang's SMS framework, Alfredo's SMS framework, SSMS protocol, and, Marko and Konstantin's protocol have been proposed but these frameworks/protocols do not justify themselves in terms of security analysis, communication and computation overheads, prevention from various threats and attacks, and the bandwidth utilization of these protocols. The two protocols SMSSec and PK-SIM have also been proposed to provide end-to-end security and seem to be little better in terms of security analysis as compared to the protocols/framework mentioned above. In this paper, we propose a new secure and optimal protocol called SecureSMS, which generates less communication and computation overheads. We also discuss the possible threats and attacks in the paper and provide the justified prevention against them. The proposed protocol is also better than the above two protocols in terms of the bandwidth utilization. On an average the SecureSMS protocol reduces 71% and 59% of the total bandwidth used in the authentication process as compared to the SMSSec and PK-SIM protocols respectively. Apart from this, the paper also proposes a scheme to store and implement the cryptographic algorithms onto the SIM card. The proposed scheme provides end-to-end SMS security with authentication (by the SecureSMS protocol), confidentiality (by encryption AES/Blowfish; preferred AES-CTR), integrity (SHA1/MD5; preferred SHA1) and non-repudiation (ECDSA/DSA; preferred ECDSA).

This paper presents a security solution to ensure confidentiality and authentication of exchanged messages, the users of proposed system can communicate exclusively via web server and by using a dedicated android application. The exchanged messages are encrypted using stream cipher RC4 with a personalP2P dynamic encryption key.

2017

Nowadays, short message service (SMS) is being used in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. But when we send an SMS from one mobile phone to another, the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on. In this paper, presented an efficient and secure technique called secure SMS. The working of the protocol is presented by considering the asymmetric key cryptography . The analysis of the proposed technique shows that this protocol is able to prevent various attacks, including SMS disclosure, over the air modification, replay attack, man-in-the middle attack, and impersonation attack