SecureSMS: A secure SMS protocol for VAS and other applications

Nowadays, the SMS is a very popular communication channel for numerous value added services (VAS), business and commercial applications. Hence, the security of SMS is the most important aspect in such applications. Recently, the researchers have proposed approaches to provide end-to-end security for SMS during its transmission over the network. Thus, in this direction, many SMS-based frameworks and protocols like Marko's SMS framework, Songyang's SMS framework, Alfredo's SMS framework, SSMS protocol, and, Marko and Konstantin's protocol have been proposed but these frameworks/protocols do not justify themselves in terms of security analysis, communication and computation overheads, prevention from various threats and attacks, and the bandwidth utilization of these protocols. The two protocols SMSSec and PK-SIM have also been proposed to provide end-to-end security and seem to be little better in terms of security analysis as compared to the protocols/framework mentioned above. In this paper, we propose a new secure and optimal protocol called SecureSMS, which generates less communication and computation overheads. We also discuss the possible threats and attacks in the paper and provide the justified prevention against them. The proposed protocol is also better than the above two protocols in terms of the bandwidth utilization. On an average the SecureSMS protocol reduces 71% and 59% of the total bandwidth used in the authentication process as compared to the SMSSec and PK-SIM protocols respectively. Apart from this, the paper also proposes a scheme to store and implement the cryptographic algorithms onto the SIM card. The proposed scheme provides end-to-end SMS security with authentication (by the SecureSMS protocol), confidentiality (by encryption AES/Blowfish; preferred AES-CTR), integrity (SHA1/MD5; preferred SHA1) and non-repudiation (ECDSA/DSA; preferred ECDSA).

[1]  Dongchil Kim,et al.  A network-aware quality adaptation scheme for device collaboration service in home networks , 2012, IEEE Transactions on Consumer Electronics.

[2]  N. S. Chaudhari,et al.  Secure encryption with digital signature approach for Short Message Service , 2012, 2012 World Congress on Information and Communication Technologies.

[3]  Mohsen Toorani,et al.  SSMS - A secure SMS messaging protocol for the m-payment systems , 2008, 2008 IEEE Symposium on Computers and Communications.

[4]  Habibah Hashim,et al.  Implementation of MIDlet application on probability of Alzheimer's disease via mobile phone , 2011, 2011 IEEE International Conference on Computer Applications and Industrial Electronics (ICCAIE).

[5]  Alfredo De Santis,et al.  Do You Trust Your Phone? , 2009, EC-Web.

[6]  Umberto Ferraro Petrillo,et al.  An Extensible Framework for Efficient Secure SMS , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[7]  Yuguang Fang,et al.  Security analysis and enhancements of 3GPP authentication and key agreement protocol , 2005, IEEE Trans. Wirel. Commun..

[8]  Xi Qin,et al.  A PK-SIM card based end-to-end security framework for SMS , 2009, Comput. Stand. Interfaces.

[9]  Thomas F. La Porta,et al.  Mitigating Attacks on Open Functionality in SMS-Capable Cellular Networks , 2006, IEEE/ACM Transactions on Networking.

[10]  Patrick Traynor,et al.  Mitigating attacks on open functionality in SMS-capable cellular networks , 2009, TNET.

[11]  Chi-Chun Lo,et al.  Secure communication mechanisms for GSM networks , 1999, IEEE Trans. Consumer Electron..

[12]  Jan H. P. Eloff,et al.  SMSSec: An end-to-end protocol for secure SMS , 2008, Comput. Secur..

[13]  Kang G. Shin,et al.  Design of SMS commanded-and-controlled and P2P-structured mobile botnets , 2012, WISEC '12.

[14]  Chengxiang Tan,et al.  A High Security Framework for SMS , 2009, 2009 2nd International Conference on Biomedical Engineering and Informatics.

[15]  Mahmoud Reza Hashemi,et al.  A Secure Digital Signature Approach for SMS Security , 2015 .

[16]  Minyong Kim,et al.  Enhancing online power estimation accuracy for smartphones , 2012, IEEE Transactions on Consumer Electronics.

[17]  Umberto Ferraro Petrillo,et al.  Engineering a secure mobile messaging framework , 2012, Comput. Secur..

[18]  M. Hassinen,et al.  Java based Public Key Infrastructure for SMS Messaging , 2006, 2006 2nd International Conference on Information & Communication Technologies.

[19]  G. L. Prajapati,et al.  An extended approach for SMS security using authentication functions , 2012, 2012 7th IEEE Conference on Industrial Electronics and Applications (ICIEA).

[20]  Qin Zheng,et al.  A PK-SIM card based end-to-end security framework for SMS , 2009 .

[21]  Kang G. Shin,et al.  Proactive security for mobile messaging networks , 2006, WiSe '06.

[22]  Chih-Ya Shen,et al.  S-AKA: A Provable and Secure Authentication Key Agreement Protocol for UMTS Networks , 2011, IEEE Transactions on Vehicular Technology.

[23]  Günther Horn,et al.  Authentication protocols for mobile network environment value-added services , 2002, IEEE Trans. Veh. Technol..

[24]  K. Hypponen,et al.  Strong mobile authentication , 2005, 2005 2nd International Symposium on Wireless Communication Systems.