A multi-channel steganographic protocol for secure SMS mobile banking

The advancement in mobile technologies and wireless communications has led to a rapidly growing number of users benefiting from mobile banking services. SMS banking offers a convenient mobile banking solution which is easy to implement and frequently used in many parts of the world. However, it is only viable under the assumption of secure SMS services. In this paper, a novel secure SMS banking protocol is proposed. The approach is based on a multi-channel security protocol combining low and high entropy steganography. One of the distinct advantages of this protocol is its confidentiality property against the mobile phone operator which, to our knowledge, is a novel feature. Furthermore, the required architecture is simple and only involves GSM services and one additional internet connection which can be insecure. As such it offers security, low deployment costs and would be suitable for example in rural areas or countries without individual secure home internet connections.

[1]  Emiliano De Cristofaro,et al.  Undetectable communication: The Online Social Networks case , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[2]  Ron Vetter,et al.  SMS: The Short Message Service , 2007, Computer.

[3]  Songwu Lu,et al.  New Security Threats Caused by IMS-based SMS Service in 4G LTE Networks , 2016, CCS.

[4]  Chong Hee Kim,et al.  Improved Differential Fault Analysis on AES Key Schedule , 2012, IEEE Transactions on Information Forensics and Security.

[5]  Christian Gehrmann,et al.  Manual authentication for wireless devices , 2004 .

[6]  Maria Kalenderi,et al.  Breaking the GSM A5/1 cryptography algorithm with rainbow tables and high-end FPGAS , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[7]  Nasir D. Memon,et al.  Analysis of LSB based image steganography techniques , 2001, Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205).

[8]  H. Harb,et al.  SecureSMSPay: Secure SMS Mobile Payment model , 2008, 2008 2nd International Conference on Anti-counterfeiting, Security and Identification.

[9]  Alex Biryukov,et al.  Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds , 2010, IACR Cryptol. ePrint Arch..

[10]  S. Jamil,et al.  Short messaging service (SMS) based m-banking system in context of Bangladesh , 2008, 2008 11th International Conference on Computer and Information Technology.

[11]  V. N. Sastry,et al.  SSMBP: A secure SMS-based mobile banking protocol with formal verification , 2015, 2015 IEEE 11th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[12]  Jessica Fridrich,et al.  Steganography in Digital Media: References , 2009 .

[13]  Shuangqing Wei,et al.  Enhancement of Secrecy of Block Ciphered Systems by Deliberate Noise , 2012, IEEE Transactions on Information Forensics and Security.

[14]  Jin Cao,et al.  A Survey on Security Aspects for LTE and LTE-A Networks , 2014, IEEE Communications Surveys & Tutorials.

[15]  Nor Azlina Bt Abd Rahman,et al.  SMS banking transaction as an alternative for information, transfer and payment at merchant shops in Malaysia , 2013, 2013 3rd International Conference on Information Technology and e-Services (ICITeS).

[16]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[17]  Srdjan Capkun,et al.  For some eyes only: protecting online information sharing , 2013, CODASPY.

[18]  Supakorn Kungpisdan,et al.  Design and accountability analysis of a secure SMS-based mobile payment protocol , 2011, The 8th Electrical Engineering/ Electronics, Computer, Telecommunications and Information Technology (ECTI) Association of Thailand - Conference 2011.

[19]  S. M. Zakariya,et al.  Analysis of Modified LSB Approaches of Hiding Information in Digital Images , 2013, 2013 5th International Conference on Computational Intelligence and Communication Networks.

[20]  Neetesh Saxena,et al.  EasySMS: A Protocol for End-to-End Secure Transmission of SMS , 2014, IEEE Transactions on Information Forensics and Security.

[21]  Paul Coulton,et al.  Mobile Terminated SMS Billing — Exploits and Security Analysis , 2006, Third International Conference on Information Technology: New Generations (ITNG'06).

[22]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[23]  Rainer Bhme Advanced Statistical Steganalysis , 2010 .

[24]  Mohammad Shirali-Shahreza Improving Mobile Banking Security Using Steganography , 2007, Fourth International Conference on Information Technology (ITNG'07).

[25]  Stuart J. Barnes,et al.  Mobile banking: concept and potential , 2003, Int. J. Mob. Commun..

[26]  Reza Ebrahimi Atani,et al.  A novel protocol for the security of SMS-based mobile banking: Using GSM positioning techniques and parameters , 2013, The 5th Conference on Information and Knowledge Technology.

[27]  Shaikh Anowarul Fattah,et al.  Security Enhancement Protocol in SMS-Banking using Digital Watermarking Technique , 2010, 2010 Fourth UKSim European Symposium on Computer Modeling and Simulation.

[28]  Eckhard Pfluegel,et al.  A secure channel using social messaging for distributed low-entropy steganography , 2017 .

[29]  James Orwell,et al.  Building secure ICT through virtual private social networks: A multi-channel mobile instant messaging approach , 2016 .

[30]  Felix Olu Bankole,et al.  Mobile Banking Adoption in Nigeria , 2011, Electron. J. Inf. Syst. Dev. Ctries..

[31]  Shaikh Anowarul Fattah,et al.  Digital security algorithm for GSM incorporated virtual e-banking protocol using watermarking technique , 2010, The 10th IEEE International Symposium on Signal Processing and Information Technology.

[32]  Nicolas Sklavos,et al.  LTE/SAE Security Issues on 4G Wireless Networks , 2013, IEEE Security & Privacy.

[33]  Mauro Barni,et al.  MPSteg-color: A New Steganographic Technique for Color Images , 2007, Information Hiding.

[34]  Hsiao-Cheng Yu,et al.  Electronic payment systems: an analysis and comparison of types , 2002 .