Académique Documents
Professionnel Documents
Culture Documents
Abstract— Short message service (SMS) will play a very vital role In this paper, the security of SMS in GSM network has
in the future business areas whose are popularly known as m- been discussed especially for the use of SMS as such business
Commerce, mobile banking etc. For this future commerce, SMS tool. Here, we have introduced the complete security solution.
could make a mobile device in a business tool as it has the Both the encryption and digital signature has been
availability and the effectiveness. The existing SMS is not free
incorporated with the transmission of SMS. Encryption can be
from the eavesdropping, but security is the main concern for any
business company such as banks who will provide these mobile done with the existing GSM encryption algorithm, A8. Then
banking. Presently there is no such scheme which can give the the encrypted message will create hash and finally it will be
complete SMS security. In this paper, we have proposed a digitally signed. This signed encrypted will be transmitted.
security scheme for improving the SMS security. At first Encryption will provide us the privacy of the message, while
plaintext of SMS would be made as cipher text with the help of digital signature will give the services of authentication, data
existing GSM encryption technology, then this cipher text would integrity and non-repudiation. These are main security
be digitally signed with the help of public key signature. These measures that will be achieved by our proposed scheme.
have to be made compatible to existing infrastructure of GSM In this paper, the section 2 discusses about the existing
security. The proposed scheme will give total authenticity, data
SMS architecture in GSM network. SMS security concern
integrity, confidentiality, authorization and non-repudiation
which are the most essential issues in m-commerce or mobile related to m-commerce will be discussed then. After that
banking and in secure messaging. various kinds of threats on SMS have been discussed. Section
5 deals with the proposed scheme. Then the overview of
Keywords-component; SMS, mobile banking, ciphering, digital various algorithms used for our proposal has been given. The
signature, public key algorithm, public key signature, data integrity, following section will give the analysis of our proposal. Then
authenticity etc. in section 8 we have included the conclusion and finally the
discussion about our future work in this field.
7. The MSC returns to the MS the outcome of the MO-SM 3. Forward SMS
operation. 4a. send
info for
Fig. 2 depicts the successful MO–SM scenario, utilizing MT-SM
the GSM method. page
Terminating
MS
(Bank/ 4b. send authentication
Commercial info for
Originating MSC HLR SMS-C VLR
company) MT-SM
MS
(ack)
5. Message transfer
1. Access request and authentication 6. Delivery
7. Status
2. SMS
4. Forward SMS
SMS is a store and forward service. Every case, it has to
5a. Submit SMS be passed through the SMS-C. As mention earlier, this SMS is
not encrypted and not signed. It is just a plaintext [2].
5b. Acknowledgement (optional)
1. SMS can be sent to or received from a mobile station
6. Delivery report irrespective of the state or condition of the MS.
7. Status report Assuming the MS is switched on and connected to a
network. Two states can be distinguished:
by using SMS.
Money can be debited or credited from the bank through the
SMS by using the GSM network. But some security related Figure. 4: Proposed Security Scheme for SMS
services of SMS should be available when we go for such m-
commerce or m-banking. The service includes[3-5]:
1. Confidentiality: only the valid communicating parties can A. SMS Ciphering
view the SMS. The security methods standardized for the GSM System
make it the most secure cellular telecommunications standard
2. Integrity: the SMS can not be tampered by the intruders. currently available. The confidentiality of the communication
The system should be able to find out such alteration. itself on the radio link is performed by the application of
encryption algorithms and frequency hopping which could
3. Non-repudiation: no party can deny the receiving or only be realized using digital systems and signaling. But
transmitting the data communicating between them. unfortunately, there is no such system for encrypting SMS.
The security mechanisms (for voice and data communication)
4. Authentication: each party has to have the ability to of GSM are implemented in three different system elements;
authenticate the other party. the Subscriber Identity Module (SIM), the GSM handset or
MS, and the GSM network. The SIM contains the ciphering
5. Authorization: it has to be ensured that, a party
key generating algorithm A8 which is used to produce the 64-
performing the transaction is entitled to perform that
bit ciphering key (Kc). The ciphering key is computed by
transaction or not.
applying the same random number (RAND) used in the
Our security proposals ensure all of these services. No authentication process to the ciphering key generating
such work ever done which can provide all of these. algorithm A8 with the individual subscriber authentication key
(Ki). The ciphering key (Kc) is used to encrypt and decrypt the
data between the MS and BS by the use of the encryption
algorithm A5 [7, 8]. In our proposal, the first initiate is to make
IV. VARIOUS THREATS ON SMS IN GSM
the SMS encrypted by using these existing A8 and A5
There many threats can come to account for m-commerce via algorithm. So no additional algorithm is needed for such
SMS. Sometimes the passwords for a bank account need to be encryption. We want to treat the SMS as the voice or data in
sent. If any intruder read the SMS, he or she can gain the GSM network.
password as it is in plaintext. Encryption technique would be
A5
required to solve this attack. The SMS can also be altered or Plain text Algorithm Cipher text
modified. Another problem is repudiation. Any sender can SMS SMS
1. Interception
2. Interruption
3. Modification
4. Fabrication Figure. 5: Ciphering Mechanism for SMS
It is assumed that all the parameters required for this Ka Signed
160 bit hash
encryption will be provided as per GSM specification. The of E
encrypted
SMS
additional job has to be done by MS. SHA-1
Encrypted RSA
This ciphered SMS will be sent and at the receiver (if we SMS (E) Algorithm
H
Algorithm
DA(H)
Result
Ki, Ka