SSMS - A secure SMS messaging protocol for the m-payment systems
Beheshti Shirazi2008, Proceedings International Symposium on Computers and Communications
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
The GSM network with the greatest worldwide number of users, succumbs to several security vulnerabilities. The short message service (SMS) is one of its superior and well-tried services with a global availability in the GSM networks. The main contribution of this paper is to introduce a new secure application layer protocol, called SSMS, to efficiently embed the desired security attributes in the SMS messages to be used as a secure bearer in the m-payment systems. SSMS efficiently embeds the confidentiality, integrity, authentication, and non-repudiation in the SMS messages. It provides an elliptic curve-based public key solution that uses public keys for the secret key establishment of a symmetric encryption. It also provides the attributes of public verification and forward secrecy. It efficiently makes the SMS messaging suitable for the m-payment applications where the security is the great concern.
Related papers
Enhancing Security System of Short Message Service for M-Commerce in GSM
IJCSET, 2011
Global System for Mobile (GSM) is a second generation cellular standard developed to cater voice services and data delivery using digital modulation. Short Message Service (SMS) is the text communication service component of mobile communication systems, using standardized communications protocols that allow the exchange of short text messages between mobile phone devices. SMS will play a very vital role in the future business areas whose are popularly known as m-Commerce, mobile banking etc. For this future commerce, SMS could make a mobile device in a business tool as it has the availability and the effectiveness. The existing SMS is not free from the eavesdropping, but security is the main concern for any business company such as banks who will provide these mobile banking. Presently there is no such scheme which can give the complete SMS security. Now, a new security scheme for improving the SMS security is proposed here. At first plaintext of SMS would be made as cipher text with the help of existing GSM encryption technology, then this cipher text would be digitally signed with the help of public key signature. These will be made compatible to existing infrastructure of GSM security. The proposed scheme will give total authenticity, data integrity, confidentiality, authorization and non-repudiation which are the most essential issues in m-commerce or mobile banking and in secure messaging.
ECUREDSMS: A PROTOCOL FOR SMS SECURITY
IAEME PUBLICATION, 2014
Short Message Service (SMS) has become common in many of our daily life applications. Sometimes SMS is used to send confidential information like password, passcode, banking details etc. But in traditional SMS service, information content is transmitted as plain text which is not at all secure. It’s because when SMS is transmitted as plain text without using any encryption mechanisms it is easily subjected to many attacks. In this paper, we propose a protocol called SecuredSMS which make use of the symmetric key shared between the end users thus providing secure and safe communication between two users. The analysis of this protocol shows that it is highly secure as it is able to prevent the information content from various attacks like replay attack, man-in-the-middle attack, over the air modification and impersonation attack. SecuredSMS can be activated in the phone using PIN number. It also provides a way for remote destruction and remote locking in the case if the phone is stolen or lost.
GSM mobile SMS/MMS using public key infrastructure: m-PKI
WSEAS Transactions …, 2008
Presently, mobile handheld device has successfully replaced traditional telephone to become the most popular wireless communication tools. Mobile Short Message Service (SMS) and Multimedia Message Service (MMS) fulfill almost all the user requirements as an effective communication and information delivering service. Since SMS/MMS become so popular on daily communication, there is a demand to communicate or exchange confidential information in a secure environment. Public Key Infrastructure (PKI) is a proven solution, which using pairing of key, for secure communication encryption. In this paper, m-PKI is introduced to provide PKI encryption to the mobile SMS and MMS. This new approach allows the end-user to send private and classified message via SMS. The key pair generation and distribution are performed by the Certificate Authority (CA). The size of the key pair are studied and decided by the tradeoff between performance and security.
A security mechanism for secure SMS communication
Proceedings of SAICSIT, 2004
Short Message Service (SMS) has grown in popularity over the years and it has become a common way of communication. SMS is usually used to transport unclassified information, but with the rise of mobile commerce it has become a popular tool for transmitting sensitive information between the business and its clients. By default SMS does not guarantee confidentiality and integrity to the message content. Therefore SMS is not totally secure and reliable. This affects the Wireless Messaging API (WMA)-an optional package for Java 2 Micro Edition that enables SMS messaging on Java-enabled cellular phones. This paper proposes a protocol that can be used to secure a SMS connection between a WMA client and SMS-based server.
A Survey on Secure SMS Transmission and authentication at user end
2015
Short message service (SMS) is most important communication medium in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. when a SMS send an from one mobile phone(MS) to another MS (Mobile subscriber), the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on, and it is a major drawback to send such information through SMS while the traditional SMS service does not provide encryption to the information before its transmission, However telecom service providers are ensuring at server end some security provided as Using A3,A8 and Kc algorithms, but not providing during the message transformation .In this paper, we propose an efficient and secure protocol called User End secure SMS along with integrity key check, which provides end-to-end secure communication through SMS between end users. The working of the protocol is pre...
SecureSMS: A Secure SMS Protocol for VAS and Other Applications
2014
Nowadays, the SMS is a very popular communication channel for numerous value added services (VAS), business and commercial applications. Hence, the security of SMS is the most important aspect in such applications. Recently, the researchers have proposed approaches to provide end-to-end security for SMS during its transmission over the network. Thus, in this direction, many SMS-based frameworks and protocols like Marko's SMS framework, Songyang's SMS framework, Alfredo's SMS framework, SSMS protocol, and, Marko and Konstantin's protocol have been proposed but these frameworks/protocols do not justify themselves in terms of security analysis, communication and computation overheads, prevention from various threats and attacks, and the bandwidth utilization of these protocols. The two protocols SMSSec and PK-SIM have also been proposed to provide end-to-end security and seem to be little better in terms of security analysis as compared to the protocols/framework mentioned above. In this paper, we propose a new secure and optimal protocol called SecureSMS, which generates less communication and computation overheads. We also discuss the possible threats and attacks in the paper and provide the justified prevention against them. The proposed protocol is also better than the above two protocols in terms of the bandwidth utilization. On an average the SecureSMS protocol reduces 71% and 59% of the total bandwidth used in the authentication process as compared to the SMSSec and PK-SIM protocols respectively. Apart from this, the paper also proposes a scheme to store and implement the cryptographic algorithms onto the SIM card. The proposed scheme provides end-to-end SMS security with authentication (by the SecureSMS protocol), confidentiality (by encryption AES/Blowfish; preferred AES-CTR), integrity (SHA1/MD5; preferred SHA1) and non-repudiation (ECDSA/DSA; preferred ECDSA).
Secure SMS : Advanced Version of Cyber SMS
2017
Nowadays, short message service (SMS) is being used in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. But when we send an SMS from one mobile phone to another, the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on. In this paper, presented an efficient and secure technique called secure SMS. The working of the protocol is presented by considering the asymmetric key cryptography . The analysis of the proposed technique shows that this protocol is able to prevent various attacks, including SMS disclosure, over the air modification, replay attack, man-in-the middle attack, and impersonation attack
SMSCrypto: A lightweight cryptographic framework for secure SMS transmission
Journal of Systems and Software, 2013
Despite the continuous growth in the number of smartphones around the globe, Short Message Service (SMS) still remains as one of the most popular, cheap and accessible ways of exchanging text messages using mobile phones. Nevertheless, the lack of security in SMS prevents its wide usage in sensitive contexts such as banking and health-related applications. Aiming to tackle this issue, this paper presents SMSCrypto, a framework for securing SMS-based communications in mobile phones. SMSCrypto encloses a tailored selection of lightweight cryptographic algorithms and protocols, providing encryption, authentication and signature services. The proposed framework is implemented both in Java (target at JVM-enabled platforms) and in C (for constrained SIM Card processors) languages, thus being suitable for a wide range of scenarios. In addition, the signature model adopted does not require an on-line infrastructure and the inherent overhead found in the Public Key Infrastructure (PKI) model, facilitating the development of secure SMS-based applications. We evaluate the proposed framework on a real phone and on SIM Card-comparable microcontroller.
A Secure Digital Signature Approach for SMS Security
Special issues on IP Multimedia …, 2011
Global System for Mobile (GSM) is a second generation cellular standard developed to cater voice services and data delivery using digital modulation. Short Message Service (SMS) is the text communication service component of mobile communication systems, using standardized communications protocols that allow the exchange of short text messages between mobile phone devices. SMS framework allows two peers to exchange encrypted and digitally signed SMS messages. The communication between peers is secured by using public key cryptography. The identity validation of the contacts involved in the communication is implemented through ECDSA signature scheme. In the next part, there is the description of ECDSA approach and a modified approach based on ECDSA for mobile phones, which signs SMS. At the end, there is described attack on ECDSA for secured SMS and future extension of the application.
An Extensible Framework for Efficient Secure SMS
2010
Nowadays, Short Message Service (SMS) still represents the most used mobile messaging service. SMS messages are used in many different application fields, even in cases where security features, such as authentication and confidentiality between the communicators, must be ensured. Unfortunately, the SMS technology does not provide a built-in support for any security feature.
Related papers
A secure approach for SMS in GSM network
Proceedings of the CUBE International Information Technology Conference on - CUBE '12, 2012
The Short Message Service (SMS) is one of very popular kind of superior and well-tried services with a global availability in GSM networks. This paper deals with an SMS security for mobile communication. The transmission of an SMS in GSM network is not secure; therefore it is desirable to secure SMS by additional encryption. A proposed approach, based on encryption and digital signature efficiently embeds the confidentiality, integrity, authentication, and non-repudiation in the SMS messages. In the next part, there is the description of design and implementation of the application, which encrypts SMS by DES, Triple DES, AES and Blowfish algorithms and finally signs SMS by DSA or RSA algorithm respectively. At the end, we described attacks on secured SMS and future extension of the application.
Enhancing the Security for End to End SMS in GSM or UMTS Networks
— Short message service (SMS) is most important communication medium in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. When a SMS send an from one mobile phone (MS) to another MS (Mobile subscriber), the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers ,passwords, license number ,PAN number and so on, and it is a major drawback to send such information through SMS while the traditional SMS service does not provide encryption to the information before its transmission, However telecom service providers are ensuring at server end some security provided as Using A3,A8 and Kc algorithms through Triplet Authentication system, but not providing during the message transformation .In this paper, we propose an efficient and secure protocol called User End secure SMS along with integrity key check and massage through Encrypted form as secure manner from source to destination across GSM or UMTS networks , which provides end-to-end secure communication through SMS between end users. The working of the protocol is presented by considering two different scenarios. The analysis of the proposed protocol shows that this protocol is able to prevent various attacks, including SMS disclosure, over the air modification, replay attack, man-in-the middle attack, and impersonation Attack. .The protocol completely based on the symmetric key cryptography and retains original architecture of cellular network. The simulation generated in C#.net for execution system. SMS protocol is successfully designed in order to provide end-to-end secure communication through SMS between mobile users. The analysis of the proposed protocol shows that the protocol is able to prevent various attacks. The transmission of symmetric key to the mobile users is efficiently managed by the protocol. We consider all the transmission among various Authentication Server AS (Either same location or different location) take place by encrypting the message with a symmetric key shared between each pair of AS. This protocol produces lesser communication and computation overheads, utilizes bandwidth efficiently, and reduces message exchanged ratio during authentication than AES overheads, utilizes bandwidth efficiently, and reduces message exchanged ratio during authentication than AES
EasySMS: A Protocol for End-to-End Secure Transmission of SMS
IEEE Transactions on Information Forensics and Security,, 2014
Nowadays, short message service (SMS) is being used in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. But when we send an SMS from one mobile phone to another, the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on, and it is a major drawback to send such information through SMS while the traditional SMS service does not provide encryption to the information before its transmission. In this paper, we propose an efficient and secure protocol called EasySMS, which provides end-to-end secure communication through SMS between end users. The working of the protocol is presented by considering two different scenarios. The analysis of the proposed protocol shows that this protocol is able to prevent various attacks, including SMS disclosure, over the air modification, replay attack, man-in-the-middle attack, and impersonation attack. The EasySMS protocol generates minimum communication and computation overheads as compared with existing SMSSec and PK-SIM protocols. On an average, the EasySMS protocol reduces 51% and 31% of the bandwidth consumption and reduces 62% and 45% of message exchanged during the authentication process in comparison to SMSSec and PK-SIM protocols respectively. Authors claim that EasySMS is the first protocol completely based on the symmetric key cryptography and retain original architecture of cellular network.
A Secure End-To-End Protocol for Secure Transmission of SMS
2018
Nowadays, short message service (SMS) is being used in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce etc. Short message service (SMS) is the text communication service component of mobile communication system by using standardized communication that allow to exchange of short text messages between mobile phone devices. Short message service (SMS) plays a vital role in various different fields such as in the medical field, mobile banking etc But the traditional SMS service offered by some of the network operator does not provide the encryption to the information before the SMS has been transmitted.The objective of this dissertation work is to implement an EasySMS protocol which is an efficient and secure protocol, which provides an end-to-end secure communication through SMS between end users.The main components in the Easy SMS protocol are two mobile station,authentication server (AS) which stores all the symmetric keys shared between...
A Secure Protocol For End To End Security To SMS Banking
— Short Message Service (SMS) is a very popular and easy-to-use communication medium for mobile phone users. Using SMS mobile user send some confidential information such as password , account number , banking information in the form of text message from one mobile to another mobile,. The information send in plaintext format the hacker easily read this information and privacy will not be maintained. Nowadays SMS is used for many value added services as mobile banking and e-commerce but due to lack of security this application rarely used. For this purpose we provide a solution that provides end to end security of the message with authentication, confidentiality, integrity. Hence we present a secure model for SMS mobile banking services tailored to suit mobile cellular phone users.
Usability and Performance of Secure Mobile Messaging using Public Key Infrastructure
Human life style change substantially when the cellular technology goes commercial. Short Messaging Service (SMS) and Multimedia Message Service (MMS) play important roles in our daily life. The recent report carried out by Mobile Data Association (MDA) [1] shows that the yearly growth of SMS and MMS achieves 30 percent from year 2007 to 2008. Conventional SMS/MMS does not provide any protection on the text message sent. It causes the security threats such as privacy and message integrity. Mobile users seek for the solution to allow them to exchange confidential information in a safe environment. This leads to the implementation of M-PKI, which is an application that secures the mobile messaging service by using public key infrastructure (PKI). This new approach allows the end-user to send private and classified message via SMS. Besides, M-PKI offers message classification. This feature is specially designed to meet various user requirements on the level of security and performance....
Secure End-to-End SMS Communication over GSM Networks
—In today's GSM networks, the security provided by the network operators is limited to the wireless links only. The information traveling over the wired links is insecure and weak encryption algorithms are used, therefore end-to-end security does not exist. The attacker is able to capture the traffic over the wireless link and decrypt it using specialized hardware. Short Message Service (SMS) is used widely all over the world which may contain sensitive and confidential information like banking systems. SMS spoofing applications are widely available through which any sender ID can be set. The objectives of this research includes, to provide end-to-end confidentiality, integrity and non-repudiation of SMS. The proposed scheme uses symmetric key and identity based techniques for encryption and key management. The overhead involved due to addition of control information may increase the message length but the computational delay due to cryptographic operation on the device is negligible on 1GHz+ processors. With the proposed scheme, any leakage either on the wireless or wired link will not result in any disclosure of the information or compromise of integrity.
Mobile messaging using public key infrastructure: m-PKI
2008
Presently, mobile handheld device has successfully replaced traditional telephone to become the most popular wireless communication tools. Mobile Short Message Service (SMS) and Multimedia Message Service (MMS) fulfill almost all the user requirements as an effective communication and information delivering service. Since SMS/MMS become so popular on daily communication, there is a demand to communicate or exchange confidential information in a secure environment. Public Key Infrastructure (PKI) is a proven solution, which using pairing of key, for secure communication encryption. In this paper, M-PKI is introduced to provide PKI encryption to the mobile SMS and MMS.
Secure Model for SMS Exchange over GSM
—Distributed systems use General Packet Radio Service (GPRS) to exchange information between different members of the system. The members of the system depend critically upon their ability to access internet connection in order to exchange data via GPRS and the system will shut down in case of unavailability of Internet connection. There is a strong need for developing another backup communication media. In this paper a data transaction method based on encoded Short Message Service (SMS) over Global System for Mobile Communication (GSM) is proposed. This new method guarantees the functionality of the system in case of inaccessibility to GPRS which may be not always available due to measures such as attacks that affect its availability. The proposed method is based on third party agent who can keep the address secrecy of both communicators besides keeping confidentiality, integrity and availability.
Public Key Cryptography for Mobile Payment
Ubiquitous Computing and Communication Journal, 2010
Since the mobile systems are growing quickly, the e-commerce will change gently to m-commerce. As a result, mobile security will become the one of the most important part of mobile system and will become the hottest area facing the mobile payment due to mobile networks directness. However, the appropriate encryption scheme for mobile communication must have small amount of data calculating and quick operation as of its inherent restrictions of small quantity and low calculating ability. The objectives of this paper are to look at mobile payment and its security. Also, to explain elliptic curve with public key encryption, authentication of security wireless milieu. Compare with the RSA scheme, an elliptic curve has shorter key size, smaller signature length, low calculating, fast operations and high security working.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.