Short Message Service (SMS) is a hugely popular and easily adopted communications technology for mobile devices. Yet due to a lack of understanding in its insecure implementation, it is generally trusted by people. Users conduct business, disclose passwords and receive sensitive notification reports from systems using this communication technology. SMS was an “after-thought” in the Global System for Mobile Communication (GSM) design which uses SS7 for signalling. SMSs by default are sent in cleartext form within the serving GSM’s SS7 network, Over The Air (OTA), and potentially over the public Internet in a predictable format. This allows anyone accessing the signaling system to read, and or modify the SMS content on the fly. In this paper, we focus our attention on alleviating the SMS security vulnerability by securing messages using an approximate one-time pad. A one-time pad, considered to be the only perfectly secure cryptosystem, secures an SMS message for transport over any medium between a mobile device and the serving GSM network. Our approach does not alter the physical underlying GSM architecture.
[1]
Ron Vetter,et al.
SMS: The Short Message Service
,
2007,
Computer.
[2]
Kerry Rodden,et al.
Mobile search with text messages: designing the user experience for google SMS
,
2005,
CHI EA '05.
[3]
Ronald L. Rivest,et al.
The MD5 Message-Digest Algorithm
,
1992,
RFC.
[4]
Vijay K. Garg,et al.
Principles and applications of GSM
,
1999
.
[5]
Bernard P. Zajac.
Applied cryptography: Protocols, algorithms, and source code in C
,
1994
.
[6]
Michel Yacoub.
Signaling System Number 7
,
2001
.