An Extensible Framework for Efficient Secure SMS

2008 Electronics, Robotics and Automotive Mechanics Conference, 2008

Given the wide acceptance of SMS in mobile devices, it has been applied in unconventional applications beyond chating and exchanging short text messages. In this paper, we review a set of unconventional SMS-based applications. We review the basic operation modes in which they act and their needs for security services. Considering limitations on mobile devices, here we propose an architectural model for implementing security services on SMS-based applications. Some security service implementations reported in literature are discussed.

Proceedings of SAICSIT, 2004

Short Message Service (SMS) has grown in popularity over the years and it has become a common way of communication. SMS is usually used to transport unclassified information, but with the rise of mobile commerce it has become a popular tool for transmitting sensitive information between the business and its clients. By default SMS does not guarantee confidentiality and integrity to the message content. Therefore SMS is not totally secure and reliable. This affects the Wireless Messaging API (WMA)-an optional package for Java 2 Micro Edition that enables SMS messaging on Java-enabled cellular phones. This paper proposes a protocol that can be used to secure a SMS connection between a WMA client and SMS-based server.

IAEME PUBLICATION, 2014

Short Message Service (SMS) has become common in many of our daily life applications. Sometimes SMS is used to send confidential information like password, passcode, banking details etc. But in traditional SMS service, information content is transmitted as plain text which is not at all secure. It’s because when SMS is transmitted as plain text without using any encryption mechanisms it is easily subjected to many attacks. In this paper, we propose a protocol called SecuredSMS which make use of the symmetric key shared between the end users thus providing secure and safe communication between two users. The analysis of this protocol shows that it is highly secure as it is able to prevent the information content from various attacks like replay attack, man-in-the-middle attack, over the air modification and impersonation attack. SecuredSMS can be activated in the phone using PIN number. It also provides a way for remote destruction and remote locking in the case if the phone is stolen or lost.

Journal of Systems and Software, 2013

Despite the continuous growth in the number of smartphones around the globe, Short Message Service (SMS) still remains as one of the most popular, cheap and accessible ways of exchanging text messages using mobile phones. Nevertheless, the lack of security in SMS prevents its wide usage in sensitive contexts such as banking and health-related applications. Aiming to tackle this issue, this paper presents SMSCrypto, a framework for securing SMS-based communications in mobile phones. SMSCrypto encloses a tailored selection of lightweight cryptographic algorithms and protocols, providing encryption, authentication and signature services. The proposed framework is implemented both in Java (target at JVM-enabled platforms) and in C (for constrained SIM Card processors) languages, thus being suitable for a wide range of scenarios. In addition, the signature model adopted does not require an on-line infrastructure and the inherent overhead found in the Public Key Infrastructure (PKI) model, facilitating the development of secure SMS-based applications. We evaluate the proposed framework on a real phone and on SIM Card-comparable microcontroller.

2009

The exponential growth of the Short Message Service �SMS) use has transformed this service in a widespread tool for social and commerce messaging. However, security concerns have been raised as applications become more critical and complex. Thus, this paper introduces an SMS security framework, which allows programmers and users to exchange confidential, non-repudiable and digitally signed text messages. This framework can fit in many development scenarios, such as commercial transactions or bureaucratic delegations. In addition, the proposed framework is highly flexible and efficient, since programmers can choose among several encryption algorithms according to the computational power and battery usage of each mobile device. Finally, this paper also analyzes the existing tradeoffs between security and performance in SMS applications running on mobile devices such as smart-phones and PDAs.

IEEE Transactions on Information Forensics and Security,, 2014

Nowadays, short message service (SMS) is being used in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. But when we send an SMS from one mobile phone to another, the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on, and it is a major drawback to send such information through SMS while the traditional SMS service does not provide encryption to the information before its transmission. In this paper, we propose an efficient and secure protocol called EasySMS, which provides end-to-end secure communication through SMS between end users. The working of the protocol is presented by considering two different scenarios. The analysis of the proposed protocol shows that this protocol is able to prevent various attacks, including SMS disclosure, over the air modification, replay attack, man-in-the-middle attack, and impersonation attack. The EasySMS protocol generates minimum communication and computation overheads as compared with existing SMSSec and PK-SIM protocols. On an average, the EasySMS protocol reduces 51% and 31% of the bandwidth consumption and reduces 62% and 45% of message exchanged during the authentication process in comparison to SMSSec and PK-SIM protocols respectively. Authors claim that EasySMS is the first protocol completely based on the symmetric key cryptography and retain original architecture of cellular network.

The Short Message Service (SMS) is one of the frequently used mobile services with universal availability in all GSM networks. The current SMS hasnít achieved secure transmission of plaintext between different mobile phone devices. SMS doesnít have its own build-in mechanism to secure the transmitted data because security isnít considered as a priority application for mobile devices. Many SMS security schemes have been proposed by the researchers. This survey presents the existing schemes used to secure SMS message communication. State of the art SMS security solutions for mobile devices is presented from the period 2006-2013. Literature research of those security schemes is conducted and presented in this survey. The effect of each security scheme on mobile device's performance is also observed. Finally, a general summary of all security schemes with their limitations is presented.

2017

Nowadays, short message service (SMS) is being used in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. But when we send an SMS from one mobile phone to another, the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on. In this paper, presented an efficient and secure technique called secure SMS. The working of the protocol is presented by considering the asymmetric key cryptography . The analysis of the proposed technique shows that this protocol is able to prevent various attacks, including SMS disclosure, over the air modification, replay attack, man-in-the middle attack, and impersonation attack

Scientific Research and Essays, 2011

The short message service (SMS) is one of the highly used and well-tried mobile services with global availability within all GSM networks. The existing SMS is limited to the transmission of secure plain text between different mobile phone subscribers. SMS does not have any built-in procedure to authenticate the text and offer security for the text transmitted as data, because most of the applications for mobile devices are designed and developed without taking security into consideration. This paper details an overview of the current SMS security aspects and concerns during the SMS transmission. It also chronologically presents the existing mechanisms used to protect the SMS with the goal to provide useful advices for further research. In addition, the security and efficiency of these mechanisms are analysed, considering the limitation on the mobile devices and the security requirements. Finally it suggests the SMS security future direction for generating extra research topics.

2014

Nowadays, the SMS is a very popular communication channel for numerous value added services (VAS), business and commercial applications. Hence, the security of SMS is the most important aspect in such applications. Recently, the researchers have proposed approaches to provide end-to-end security for SMS during its transmission over the network. Thus, in this direction, many SMS-based frameworks and protocols like Marko's SMS framework, Songyang's SMS framework, Alfredo's SMS framework, SSMS protocol, and, Marko and Konstantin's protocol have been proposed but these frameworks/protocols do not justify themselves in terms of security analysis, communication and computation overheads, prevention from various threats and attacks, and the bandwidth utilization of these protocols. The two protocols SMSSec and PK-SIM have also been proposed to provide end-to-end security and seem to be little better in terms of security analysis as compared to the protocols/framework mentioned above. In this paper, we propose a new secure and optimal protocol called SecureSMS, which generates less communication and computation overheads. We also discuss the possible threats and attacks in the paper and provide the justified prevention against them. The proposed protocol is also better than the above two protocols in terms of the bandwidth utilization. On an average the SecureSMS protocol reduces 71% and 59% of the total bandwidth used in the authentication process as compared to the SMSSec and PK-SIM protocols respectively. Apart from this, the paper also proposes a scheme to store and implement the cryptographic algorithms onto the SIM card. The proposed scheme provides end-to-end SMS security with authentication (by the SecureSMS protocol), confidentiality (by encryption AES/Blowfish; preferred AES-CTR), integrity (SHA1/MD5; preferred SHA1) and non-repudiation (ECDSA/DSA; preferred ECDSA).