A Proposal for Enhancing The Security System of
Short Message Service in GSM
Md. Asif Hossain1, Sarwar Jahan, M. M. Hussain,
M.R. Amin
Department of Electronics & Communications Engineering
East West University
Dhaka-1212, Bangladesh
1
masifhr@yahoo.com
Abstract— Short message service (SMS) will play a very vital role
in the future business areas whose are popularly known as m-
Commerce, mobile banking etc. For this future commerce, SMS
could make a mobile device in a business tool as it has the
availability and the effectiveness. The existing SMS is not free
from the eavesdropping, but security is the main concern for any
business company such as banks who will provide these mobile
banking. Presently there is no such scheme which can give the
complete SMS security. In this paper, we have proposed a
security scheme for improving the SMS security. At first
plaintext of SMS would be made as cipher text with the help of
existing GSM encryption technology, then this cipher text would
be digitally signed with the help of public key signature. These
have to be made compatible to existing infrastructure of GSM
security. The proposed scheme will give total authenticity, data
integrity, confidentiality, authorization and non-repudiation
which are the most essential issues in m-commerce or mobile
banking and in secure messaging.
Keywords-component; SMS, mobile banking, ciphering, digital
signature, public key algorithm, public key signature, data integrity,
authenticity etc.
I. INTRODUCTION
SMS is a very popular wireless service throughout the
world. It is the transmission of alphanumeric message between
two parties. It enables the communication between the mobile
subscribers and external systems such as paging, electronic
mail and voice-mail systems. It will be the most attractive and
effective service for future commercial use.
SMS is a part of GSM networks that allows the
alphanumeric message up to 160 characters to be sent and
received via the network operator’s SMS center to the mobile
subscribers. If the subscriber is not reachable, then SMS are
stored in the GSM operator’s SMS center and delivered when
it is reachable.
The existing SMS is the transmission of just plaintext. It
can be easily read by the intruder or even the persons of the
operator. Therefore, it is not secured enough for future m-
commerce or mobile banking. So security is one of the main
concerns for these businesses.
S. H. Shah Newaz
Samsung-ICU Research Center
Information & Communication University
Daejeon, South Korea
In this paper, the security of SMS in GSM network has
been discussed especially for the use of SMS as such business
tool. Here, we have introduced the complete security solution.
Both the encryption and digital signature has been
incorporated with the transmission of SMS. Encryption can be
done with the existing GSM encryption algorithm, A8. Then
the encrypted message will create hash and finally it will be
digitally signed. This signed encrypted will be transmitted.
Encryption will provide us the privacy of the message, while
digital signature will give the services of authentication, data
integrity and non-repudiation. These are main security
measures that will be achieved by our proposed scheme.
In this paper, the section 2 discusses about the existing
SMS architecture in GSM network. SMS security concern
related to m-commerce will be discussed then. After that
various kinds of threats on SMS have been discussed. Section
5 deals with the proposed scheme. Then the overview of
various algorithms used for our proposal has been given. The
following section will give the analysis of our proposal. Then
in section 8 we have included the conclusion and finally the
discussion about our future work in this field.
II. ARCHITECT OF SMS IN GSM NETWORK
The basic network architecture of SMS in GSM network is
shown in Fig. 1. Here we have considered the communication
between the mobile subscriber and the bank which is
providing such m-commerce facilities.
SMS-C SMS MSC BTS
GMSC
Database of MS
Bank/commercial company
Figure.1: Existing SMS Architecture in GSM
SMS-C : SMS Center
SMS GMSC : SMS Gateway Mobile Switching Center
MSC : Mobile Switching Center
BSS : Base Station System
SMSC is responsible for the relaying, storing, and
forwarding of a short message between an SME and mobile
 device. The SMSC must have high reliability, scalability, The recipient of SMS might be the database system of the
subscriber capacity and message throughput. Another factor to bank or any commercial company’s database server.
be considered is the ease of operation and maintenance of the
B. Mobile Subscriber Terminated SMS (MT-SM)
application, as well as the flexibility to activate new services
and upgrade to new software releases. SMS-C may connect to It means the SMS communication from SMS-C to an MS.
several GSM network through SMS GMSC which locates the The following steps are taken places for this MT-SM scenario
current MSC of the message receiver and forwards the [1]:
message to that MSC. This MSC broadcasts the message to 1. Bank has sent the SMS to its SMS-C
specific BSS (in specific location area) with the help of Home 2. SMS-C will evoke the routing information from the mobile
Location Resistor (HLR) and Visitor location resistor (VLR). operator’s HLR.
Then Base Transceiver Stations (BTS) page the destination 3. After knowing the location of the nearest MSC of the MS
Mobile station (MS). SMS can be stored in Subscriber Identity the SMS-C will forward the SMS to that MSC.
Module (SIM) or in the memory of the Mobile equipment 4a. MSC after taking the help from its VLR send the SMS to
(ME) [1]. the nearest BSC. BSC will page the MS for telling about the
MT-SM. Then authentication procedure will start.
To explain the fig. 1 completely, we can consider 2 basic 4b. VLR tells the MSC about the authentication
services of SMS. They are discussed as follows: 5. If the authentication is successful then MSC forward the
SMS to the MS.
A. Mobile subscriber originated SMS (MO-SM) 6. MS will send an acknowledgment after getting the SMS.
It means that SMS is sent from MS to an SMS-C. The 7. The SMS-C will in inform the bank about the outcome of
following steps are related with this service [1]: the MT-MS operation.
1. The MS is powered on and registered with the network. Fig. 3 depicts the successful MT–SM scenario, utilizing the
2. The MS transfers the SM to the MSC. GSM method.
3. The MSC interrogates the VLR to verify that the message
transfer does not violate the supplementary services invoked Originating
or the restrictions imposed. MS Terminating
MS
(Bank/
4. The MSC sends the short message to the SMSC using the Commercial SMS-C HLR MSC VLR
(subscriber)
forwardShortMessage operation. company)

5. The SMSC delivers the short message to the SME (and

optionally receives acknowledgment). 2. Send
routing
6. The SMSC acknowledges to the MSC the successful 1. Submit information
for SMS
outcome of the forwardShortMessage operation. SMS

7. The MSC returns to the MS the outcome of the MO-SM 3. Forward SMS
operation. 4a. send
info for
Fig. 2 depicts the successful MO–SM scenario, utilizing MT-SM
the GSM method. page
Terminating
MS
(Bank/ 4b. send authentication
Commercial info for
Originating MSC HLR SMS-C VLR
company) MT-SM
MS
(ack)

5. Message transfer
1. Access request and authentication 6. Delivery
7. Status
2. SMS

3. Send info for SMS Figure. 3: Mobile Terminated SMS (MT-SM)

4. Forward SMS
SMS is a store and forward service. Every case, it has to
5a. Submit SMS be passed through the SMS-C. As mention earlier, this SMS is
not encrypted and not signed. It is just a plaintext [2].
5b. Acknowledgement (optional)
1. SMS can be sent to or received from a mobile station
6. Delivery report irrespective of the state or condition of the MS.
7. Status report Assuming the MS is switched on and connected to a
network. Two states can be distinguished:

2. The active state occurs when a traffic channel

Figure. 2: Mobile Terminated SMS (MT-SM) (TCH/SACCH) is assigned to the MS for
communication.
 In the idle state, SMS are sent on a dedicated signaling
channel (SDCCH), which happens to be the fastest way of
transmitting SMS. In the active state, SMS has to use resource
of the SACCH. If a state change happens while a SMS is
being sent, this will take the signaling resource away from the
SMS. A state change from idle to active means that the
signaling channel is needed for setting up a call, and it will
eventually be replaced by a traffic channel. A state change
from active to idle results in disconnecting the signaling
resources. In these cases, SMS transmission will fail, and the
service center will be notified so that it can send the SMS later
[2].
III. SMS SECURITY IN & M-COMMERCE
SMS will play a very vital role in the future banking or
commercial purpose because of its simplicity and cheapness.
Upcoming payment system will be based on the mobile device
by using SMS.
Money can be debited or credited from the bank through the
SMS by using the GSM network. But some security related
services of SMS should be available when we go for such m-
commerce or m-banking. The service includes[3-5]:
1. Confidentiality: only the valid communicating parties can
view the SMS.
2. Integrity: the SMS can not be tampered by the intruders.
The system should be able to find out such alteration.
3. Non-repudiation: no party can deny the receiving or
transmitting the data communicating between them.
4. Authentication: each party has to have the ability to
authenticate the other party.
5. Authorization: it has to be ensured that, a party
performing the transaction is entitled to perform that
transaction or not.
Our security proposals ensure all of these services. No
such work ever done which can provide all of these.
IV. VARIOUS THREATS ON SMS IN GSM
There many threats can come to account for m-commerce via
SMS. Sometimes the passwords for a bank account need to be
sent. If any intruder read the SMS, he or she can gain the
password as it is in plaintext. Encryption technique would be
required to solve this attack. The SMS can also be altered or
modified. Another problem is repudiation. Any sender can
deny sending his or her SMS. Commercial companies can also
deny the SMS receiving. Digital signature can provide the
solution of these threats. So various threats or attacks can be
generalized in 4 ways [6]:
1. Interception
2. Interruption
3. Modification
4. Fabrication
Our proposal will give the solution of these security
problems.
V. PROPOSED SECURITY SCHEME
In our proposal, the authentication and the authorization
procedure of the subscribers while connecting to the GSM
network will be done according to the standard existing
procedure. Our concern is to provide secure end-to-end
communications. It has to be kept in mind that we can keep
the SMS secured even from the network operator. The main
concept of our proposal is that we will do the ciphering on
SMS first, and then the digital signature will imposed. This
signed encrypted SMS will be finally transmitted.
Cipher text Signed
SMS
Digital
encrypted
SMS
Plain text
Ciphering
Signature
SMS
Figure. 4: Proposed Security Scheme for SMS
A. SMS Ciphering
The security methods standardized for the GSM System
make it the most secure cellular telecommunications standard
currently available. The confidentiality of the communication
itself on the radio link is performed by the application of
encryption algorithms and frequency hopping which could
only be realized using digital systems and signaling. But
unfortunately, there is no such system for encrypting SMS.
The security mechanisms (for voice and data communication)
of GSM are implemented in three different system elements;
the Subscriber Identity Module (SIM), the GSM handset or
MS, and the GSM network. The SIM contains the ciphering
key generating algorithm A8 which is used to produce the 64-
bit ciphering key (Kc). The ciphering key is computed by
applying the same random number (RAND) used in the
authentication process to the ciphering key generating
algorithm A8 with the individual subscriber authentication key
(Ki). The ciphering key (Kc) is used to encrypt and decrypt the
data between the MS and BS by the use of the encryption
algorithm A5 [7, 8]. In our proposal, the first initiate is to make
the SMS encrypted by using these existing A8 and A5
algorithm. So no additional algorithm is needed for such
encryption. We want to treat the SMS as the voice or data in
GSM network.
A5
Plain text Algorithm Cipher text
SMS SMS
Ki
A8
Algorithm
64 bit Kc
Figure. 5: Ciphering Mechanism for SMS
 It is assumed that all the parameters required for this Ka Signed
160 bit hash
encryption will be provided as per GSM specification. The of E
encrypted
SMS
additional job has to be done by MS. SHA-1
Encrypted RSA
This ciphered SMS will be sent and at the receiver (if we SMS (E) Algorithm
H
Algorithm
DA(H)

not consider our second approach) it will be decrypted by the (Arbitrary

length) GSM
existing procedures. This is the same phenomenon of voice Network

ciphering. This is regularly done in GSM network. So,

encryption gives us the data confidentiality, but not the total
security solution. Because only cipher can not provide us the
data integrity and non-repudiation. So we have also proposed
the digital signal concept (as our second approach) to be
incorporated along with this ciphering.
B. Digital Signature on SMS
Message integrity means that the message has not been
altered or destroyed by any attackers. And non-repudiation
means that a receiver must be able to prove that a received
message came from a specific sender. The sender must not be
able to deny sending a message that he or she, in fact, did
send. Digital signature will provide us this security service. So
we need digital signature after ciphering the plaintext SMS.
In this research, Secured Hash Algorithm (SHA-1) has been
incorporated as digital signature. For this SHA-1 we need
some (mentioned below) additional keys as SHA-1 is known
as public key signature.
Bank/
Business
Company
Figure. 7: Digital Signature Mechanism for SMS (Transmitting End)
C. Verifying the Digital Signature
At the receiver end, bank’s server will send a request to get a
corresponding Kb from verification key center. Then signed
and unsigned E will be separated. Now applying the Kb on the
signed message, receiver will decrypt it. It will also make a
hash of the unsigned encrypted SMS (E). This operation will
give H1. Then H and H1 will be compared (see Fig. 8) [10].
Signed E Unsigned E
DA(H)

Ka : private key for signing message

Kb : public key for verifying message
Kb RSA SHA-1
Algorithm Algorithm
The existing Ki is stored in SIM. The key Ka is also
considered to be stored in SIM. And Kb is stored and
maintained in a verification key database.
H H1
req Kv
GSM Bank/
Network commercial Compare
company
SIM
Kv

Result
Ki, Ka

Verification Figure. 8: Verifying the Digital Signature on SMS (Receiving End)

Key Center

If H and H1 are matched each other it assures that message

Figure. 6: Keys Needed for Digital signature
The encrypted SMS will be signed by the Ka. This
signed encrypted message along with the encrypted message
itself will be sent to the GSM network.
In digital signing, at first the encrypted message (E) is fed
into the SHA-1 algorithm to get a 160 bit SHA-1 hash (H).
Then the RSA (Rivest, Shamir & Adleman) algorithm will
sign the hash (DA(H)) [9]. The subscriber will send both the
signed hash (DA(H)) and the encrypted message (E) to the
bank/commercial company via the GSM network. The
processes are depicted in Fig.7
has been verified as original. That means four measures of
security (authenticity, authorization, integrity and non-
repudiation) are preserved. But if H and H1 are not same, then it
can be said that there must be some data modification or
alteration. This comparison also gives the guarantee that the
transmission of SMS has been done by the true sender and
received by the true receiver. The comparison also clarifies that
the sender can never deny the SMS sending since he/she can
not deny the signature.
D. Deciphering SMS
After verifying the SMS, the receiver will decrypt it by
using the ciphering key Kc by the help of existing GSM
decryption algorithm (A5) (that is done for voice B. RSA Algorithm
communication).
The next algorithm has been used for signing the hash is
Cipher text A5 Plain text RSA. It is one of the most common public key algorithms. It
SMS Algorithm SMS
is based on some principles from number theory. The
security of the method is based on the difficulty of factoring
large numbers. Its major disadvantage is that it requires keys
of at least 1024 bits for good security, which makes it quite
Kc slow.[9]
Figure. 9: Decryption of SMS
C. SHA-1
Finally, we get the original plain text of SMS (Fig. 9). SHA-1 is one of the major message digest functions. It
So, we can put together the whole proposal into the following processes input data in 512-bit blocks, then generates 160 bit
steps: message digest. SHA-1 has the 2 properties to guarantee its
At the Transmitter, success. [10]
• K c = A (K
8 i ) 1. Hashing is one way: the digest can only be created
• E = A5(M)Kc from the message, not vice versa.
• H = SHA-1(E) 2. Hashing is one-to-one function: there is little
• DA(H) = RSA (H)Ka probability that two messages will create the same
• E and DA(H) will be sent digest.
VII. ANALYSIS OF OUR PROPOSED SCHEME
At the Receiver,
• H = RSA (DA(H) )Kb
The limited memory capacity of SIM and the slow
• H1 = SHA-1(E)
processing power of MS have to be considered. Another thing
If H & H1 are matched then we have to consider that the secured SMS communication
• M = A5(E)Kc should be real time or should have a minimal accepted delay.
That’s why instead of using any new algorithm for ciphering
If H & H1 are not matched then the message will be rejected. we can use the existing A5 algorithm. For the digital signature,
RSA algorithm has been proposed as it’s the one of the best
public key algorithm. But it takes much for processing.
VI. ALGORITHMS
In the key selection, for A5, Kc (which is 64 bit) has been
In this section we will give overview of the algorithms we used. Ka and Kb both are 1024 bits because it’s the minimum
have used in our paper. requirement for the RSA to be worked better [12].
In our scheme, some overhead of the SMS will be included
A. A5 Algorithm while transmitting. This will limit the maximum characters
can be sent as 130 instead of 160. Although, for future
In this paper work, for ciphering the existing A5 algorithms banking, the 130 characters are sufficient enough.
has been used. The details of this implementation, as well as In our proposal, no hardware implementation is needed. All
some documented facts about A5, are summarized below [11]: proposals can be served by the software or system
modification.
• A5 is a stream cipher consisting of three clock-
controlled LFSRs (Line Feed Shift Register) of
degree 19, 22, and 23. VIII. CONCLUSION
In the future, the use of SMS will have verities of
• The clock control is a threshold function of the dimensions such as for m-commerce, m-banking etc due to its
middle bits of each of the three shift registers. cheapness and availability. For these feasible future businesses
through SMS, we have to provide the total security of it. In
• The sum of the degrees of the three shift registers is this paper, we have proposed a security scheme that will
64. The 64-bit session key is used to initialize the improve the security of SMS. In the proposal, the plain SMS
contents of the shift registers. will be encrypted first, and then it will be digitally signed by
the public key infrastructure. So by these themes, we can
• The 22-bit TDMA frame number is fed into the shift achieve a total SMS security solution.
registers.

• Two 114-bit key streams are produced for each

TDMA frame, which are XOR-ed with the uplink and
downlink traffic channels.
 IX. FUTURE WORK
In the future, the practical implementation and the proposed
scheme will incorporate. Various kinds of latest encryption
algorithms and the hash functions are yet to be analyzed. We
will try to integrate the channel coding and the encryption
procedure so that it will give errorless secured fastest SMS
transmission. We have also planned to research with the SMS
security in 3G system.
REFERENCES
[1] S. M. Redi, M. K. Weber and M.W. Oliphant, “GSM and Personal
Communications Handbook”, Artech House, London, 2000.
[2] Hodges, M.R.L., "The GSM Radio Interface," British Telecom
Technology Journal, Vol. 8, No. 1, January 1990, pp. 31-43.
[3] Williamson, J., "GSM Bids for Global Recognition in a Crowded
Cellular World," Telephony, vol. 333, no. 14, April 1992, pp. 36-40.
[4] Scmidt M, “Consistent m-Commerce Security on Top GSM-bases Data
protocols: A security analysis”, University of Siegen, Institute for Data
communication systems, Siegen, Germany 2001.
[5] Papadiglou, N and Stipide, E. , “Short message service link for
automatic vehicle location reporting”, Electronic Lett., 1999, 35, pp.
876-877
[6] Andrew S. Tanenbaum, “Computer Networks”, fourth edition, Pearson
education, 2006.
[7] European Telecommunications Standards Institute, Recommendation
GSM 02.09, "Security Aspects".
[8] European Telecommunications Standards Institute, Recommendation
GSM 03.20, "Security Related Network Functions".
[9] R. L. Rivest, A. Shamir and L. Adleman, “A method for obtaining
digital signature and public key cryptosystem ”, Communication of the
ACM, vol.21, pp. 120-126, feb 1987.
[10] Behrouz A. Forouzan, “Data Communications and Networking”, 3rd Ed,
Tata McGraw-Hill, 2004.
[11] Cooke, J.C.; Brewster, R.L., "Cryptographic Security Techniques for
Digital Mobile Telephones," Proceedings of the IEEE International
Conference on Selected Topics in Wireless Communications,
Vancouver, B.C., Canada, 1992. pp 425-428, 1992.
[12] M. Ayoub Khan, Ir. M K Awang, R Chowudhury, Y. P. Singh, “A
public key infrastructure (PKI) for signaling short message in GSM”,
proceedings of the ICCCE’06, Malaysia, vol. 1, pp 97-102, May 2006,