Engineering a secure mobile messaging framework

It is quite usual in the world of scientific software development to use, as black boxes, algorithmic software libraries without any prior assessment of their efficiency. This approach relies on the assumption that the experimental performance of these libraries, although correct, will match the theoretical expectation of their algorithmic counterparts. In this paper we discuss the case of SEESMS (Secure Extensible and Efficient SMS). It is a software framework that allows two peers to exchange encrypted and digitally signed SMS messages. The cryptographic part of SEESMS is implemented on top of the Java BC library (The Legion of Bouncy Castle, 2010), a widely used open-source library. The preliminary experimentations conducted on SEESMS, discussed in Castiglione et al. (2010), revealed some unexpected phenomena like the ECDSA-based cryptosystem being generally and significantly slower than the RSA-based equivalent. In this paper, we analyze these phenomena by profiling the code of SEESMS and expose the issues causing its bad performance. Then, we apply some algorithmic and programming optimizations techniques. The resulting code exhibits a significant performance boost with respect to the original implementation, and requires less memory in order to be run.

[1]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[2]  Jongin Lim,et al.  Analysis of the Power Consumption of Secure Communication in Wireless Networks , 2006, DEXA.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Srivaths Ravi,et al.  A study of the energy consumption characteristics of cryptographic algorithms and security protocols , 2006, IEEE Transactions on Mobile Computing.

[5]  Alfred Menezes,et al.  Software Implementation of the NIST Elliptic Curves Over Prime Fields , 2001, CT-RSA.

[6]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[7]  Umberto Ferraro Petrillo,et al.  An Extensible Framework for Efficient Secure SMS , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[8]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.