This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Short message service and multimedia message service are popularly used and will be more popular in the future. However, the security of sms and mms messages is still a problem. There is no end-to-end security (including integrity, confidentiality, authentication, and nonrepudiation) in these services this hinders service providers to provide some services that require communication of high-level security we propose a new solution for a secure messaging channel using identity-based cryptography. This solution provides end-to-end security from service provider to mobile users, and between mobile users. The advantage of this solution is that it does not require a large storage on mobile terminal side, which is especially essential for user-to-user communication. Also this solution can be implemented with existing technologies on both service provider side and mobile terminal side
Mobile telecommunication handsets and networks are developing rapidly in recent years. While GSM as a representative of 2nd generation (2G) systems has proven successful, 3rd generation (3G) systems are burgeoning. Booming market of mobile telecommunication brings both opportunity and competition in this area.
A typical messaging service involves a Service Provider (SP), a mobile network operator and mobile users. A mobile user needs to subscribe to the service first, and can then receive messages or interact with the SP. Messaging users can also communicate with each other. All messages are processed and sent by the Short Message Service Center (SMSC) of the mobile network.
Current messaging systems provide only point-to-point authentication and confidentiality mechanism from SP to SMSC and SMSC to mobile terminals (MT). There is no end-to-end security from SP to mobile users and from MT to MT. The messages are written into Call Detail Record (CDR) files. These messages are not encrypted, and can be easy target for criminals. People working in the service operator or a hacker who gets into the operator network can read the message contents. This is a security weakness for messaging service in mobile networks, and may lead to failure of provisioning services that need high level end-to-end security. For example, a bank may hope to set up online banking service whereby its customers may pay their bills and check balance of their accounts via SMS.
II. Background and Related Work
A. Security of Mobile Networks and Messaging: There are practical messaging services already in use that have taken some measures for security. Most of these messaging services rely on mobile network access security and Internet security technologies. The GSM authentication center (AUC) is used to authenticate each Subscriber Interface Module (SIM) card that attempts to connect to the GSM network. The authentication of the SIM depends on a shared secret key between SIM card and the AUC. This secret key is embedded into the SIM card during manufacture, and it is securely replicated into the AUC. The problem with GSM MAP is that it is an unencrypted protocol allowing employees within the mobile operator's network to eavesdrop or modify SMS messages . The only encryption involved during transmission is the encryption between the base transceiver station and the mobile terminal. Technologies used in mobile networks and Internet do not cover each other. Thus, there is no end-to-end security.
B. Existing Solutions of Secure Messaging
For mobile users and service providers, it is wiser to build an add-on end-to-end security layer on top of the network layer. In literature, most solutions use symmetric key cryptography to provide secure messaging. Croft et al make use of an approximated one-time pad scheme to encrypt SMS messages between two mobile phones . Lo et al  point out the limitation in this mechanism - It does not ensure end-to end encryption between the two mobile phones because there is a decryption occurring within the mobile network so that another one-time pad can be created for the receiving phone to decrypt the message.
Chikomo et al  propose a mobile banking security scheme which uses SMS as one means of this service. They design a secure SMS protocol to protect SMS communication. The scheme employs symmetric cryptography. The key used for encryption is generated from the one-time password entered by the user. The one-time passwords are only known by the server and the user. The server stores the one-time password in its database. The password is indexed by the account identifier and the sequence number. Thereafter the server uses the retrieved password as the decryption key to decode the encrypted contents. If the decryption is successful, then the used one-time password is discarded and the server's sequence counter for that account gets incremented by the value of 1.The authors claim the scheme provides confidentiality, integrity, authentication, and non-repudiation to mobile banking service using SMS. However, this scheme does not solve user-to-user secure communication problem.
C. Identity-based Cryptography:
Identity-based cryptography specifies a cryptosystem in which both public and private keys are based on the identities of the users. The idea of identity-based cryptography was first proposed by Shamir . Such a scheme has the property that a user's public key is an easily calculated function of his identity, while a user's private key can be calculated for him by a trusted authority, called Private Key Generator (PKG). Identity-based cryptography saves storage and transmission of public keys and certificates, which is especially attractive for devices used in mobile telecommunication networks.
III. Secure SMS Messages Using Identity-Based Cryptography
A. Why Choosing Identity-based Cryptography: Basically, there are three alternatives to use for a secure end -to- end messaging channel.
1) Secret Key (Symmetric Key) cryptography: The algorithms are highly efficient, and the keys are short. However, the SP needs to maintain n pairs of keys. Each user needs to maintain a key with the SP, and n(n−1)/2 keys will be required if user-to-user communication is needed.
2) Public Key Certificate (PKC) cryptography: The cryptography requires much computational and storage resources to calculate and store public/private keys. A mobile device may not be able to provide the required services. Furthermore, the SP needs to maintain n certificates. Each user needs to maintain a certificate of the SP, and (n − 1) certificates if user to- user communication is needed. It is suitable for SP to- user security, but seems awkward for user-to-user security if the number of users is large.
3) Identity-based cryptography: It requires shorter keys to obtain the same security level as compared to the size of the key for traditional cryptography. Moreover, it does not require extra transmission and storage of
public keys. The SP needs to maintain n keys. Each user needs to maintain nothing for the SP, and nothing for other users if user-to-user communication is needed. One disadvantage of identity-based cryptography is that it is still in research phase.
we choose identity-based cryptography in our scheme.
Identity: The advantage of identity-based cryptography is that there is no need to propagate public keys before communication and thus no need to store the keys. The public keys should be implicit with the message. In GSM, the primary user identity is the International Mobile Subscriber Identity (IMSI) number. In mobile networks, each messaging service provider has a unique short number that is publicly known to mobile users. The short number is used for users access while sending SMS/MMS messages. For a SP, we choose the short number as the identity to be used in identity-based cryptography.
Identity-based cryptography needs a setup phase in which system parameters are distributed to its users. These parameters include system public key, master key, private key of each user, and algorithms to be used for hashing encryption/decryption. We use a cryptographic scheme to provide integrity, confidentiality, authentication and partial non-repudiation to SMS messages. The service provider functions as key management administrator. At system setup phase, the SP sets the system public key .It also chooses a cryptographic hash function to map variable identity strings and chooses hash functions for keys of specified length. The initial master key and the system parameters are determined and calculated by the service provider. For a given string ID of a node, the cryptographic scheme builds an initial private key. Every user gets the system parameters and its private key from the service provider when he/she subscribes the service.
Each service with its unique short number is treated as a unique user, and gets its unique private key. To prevent a lost phone being used for fraud, a mobile phone user should prove his/her legal possession of the phone number. To guarantee the end-to-end security, the private key should be delivered in another channel than SMS, for example, in person, by fix-line phone call or post, lest the network operator could also get the private key.
An add-on Message Management Toolkit, including encryption/ decryption application, the system parameters and the private key, is installed into a mobile phone when the user subscribes the service.
On the service provider side, a corresponding application runs on its server. The application encrypts all messages before sending to SMSC, and decrypts all messages coming from SMSC.
A Basic Scheme to Protect SMS Message Security
After the Message Management Toolkit along with the system parameters are set up in a mobile device, it can communicate securely with the SP, or another mobile device from the same SP. The Message Management Toolkit would encrypt a message with the system parameters. The ID of the sender can uniquely identify a SMS message. A destination device can also be identified by its ID. Thus an encryption key used in identity-based cryptography can be determined using these two identities. When user A sends a SMS message to user B (A or B can be the SP), it encrypts and authenticates the message as follows:
1) A first generates an implicit shared key with B, without any interaction with B.
2) A encrypts payload of the message M to C.
The encrypted message C is put in the payload field. The encrypted packet is handed to network operator. After it transits through the Internet and mobile network, at the receiver B side, the message is decrypted as follows:
1) B first generates the implicit shared key with A, without any interaction with A
2) B decrypts the payload of the message C to M'. The decrypted message M′ equals to the original message M.
The encryption and decryption processes provide authentication also, since the message is encrypted at the sender with its private key and the receiver's public key.
An Improved Scheme to Protect SMS Message Security
The above basic scheme relies much on access security of mobile networks. The integrity of message cannot be verified. To improve the security level of it, we need space in the packet to carry signature and algorithm parameters. While signature signed with sender's private key is widely used in Internet to protect integrity and authentication of data, such as e-mails and URLs, it is not so easy to use in SMS messages. The reason is that the packet of SMS message is usually very short (140 bytes) and simple and lacks fragmentation and reassembling mechanism like IP packets. SMS interface in most mobile phones fragments and resembles at application layer, the messages that are too long to be sent in a single SMS packet.
A further solution needs some space reserved for signature and security parameters. Security parameters can contain useful values, such as Sequence Number or Timestamp. Security parameters are appended to message first, as the entire message to be processed. The message is then encrypted, and the signature is calculated and appended to the message at the end.
When user A sends a SMS message to user B, it encrypts and authenticates the message as follows
1) A first generates an implicit shared key with B, without any interaction with B.
2) A encrypts the message M (the reduced payload), and outputs the ciphertext.
3) A signs the message with its own private key and the receiver's public key. The encrypted message C and signature S are put
Fig. 1. Packet Format of a Secured SMS Message
Fig. 2. A User Sends a Message using the Message Management Toolkit
into the payload field of the standard SMS packet, M.
At the receiver B side, the message is verified and decrypted as follows:
1) B first generates the implicit shared key with A, without any interaction with A.
2) For a received message M′ in the defined format with signature S and ciphertext C, the signature is verified. If S matches the new calculated result S′, the integrity and authenticity are confirmed, and the message is processed further. Otherwise, the message is discarded.
3) For the received message, B decrypts it with the shared key,M′′ .
M′′ should be the same as the original message M.
Use of the System
The Message Management Toolkit does not change the traditional message input/output interfaces in the mobile phone, but is built on top of them. It is like a new message management interface, whereby the user receives and sends all messages. The user chooses an option to read or send a message as encrypted message or plain text message. An encrypted message has a special flag embedded, to inform the application if or not it should be processed by the application. To bind the private key to the user, the application should be protected by a password set by the user at the first time it is used. J2ME Mobile Information Device Profile (MIDP) provides a Persistent Storage feature that ensures that the record generated by a Java application is only accessible by itself. The security of the password is protected by this feature.
The packet format of a SMS message in Figure 1. Figure 2 illustrates how a user sends an encrypted message. Figure 3 illustrates how a user receives an encrypted message. In all this communication, the network operator has an access to only the encrypted text. Anyone who has intercepted the traffic, either from the air, or by getting into the network operators network, will also see only the encrypted messages, and cannot get the clear text as what they could do earlier.
The proposed scheme provides integrity, authentication, confidentiality of SMS messages by binding a message with a private key possessed only by the mobile phone. It effectively prevents the following attacks previously available on SMS:
• Identity Impersonation: The address of the original sender is bound to the private key of the sender. The attacker, not knowing the private key, cannot forge an arbitrary address.
• Message Forgery and Tampering: The attacker, not knowing the private key of the sender, cannot tamper the message and generate a correct signature. It's easy to verify the integrity of the message.
• Message Replay: Replaying an authentication response could be a more serious vulnerability. If we put Sequence Number or Timestamp in the parameter field in our scheme, these attacks can be prevented or detected
• Eavesdropping: With the proposed scheme, the message is encrypted, and only the sender and receiver know the decryption key. Any attacker will need a great deal of effort if he wants to crack the encryption.
Non-repudiation: The solution to this problem is to trace the route of the message which is protected by access security of mobile networks. The SP should keep a log of traffic between itself and SMS operator, although the SMS operator should always have CDR files of all traffic in a certain period.
We present a scheme to build secure channels for messaging services in mobile networks using identity-based cryptography. This scheme provides end-to-end security for both SP-to-user and user-to-user messaging communication. We suggest this scheme be used by commercial companies and government authorities, who need confidential information transmitted over the air, e.g. banks providing mobile bank service, policemen exchanging data of criminals, etc. Mobile operators might also be interested in this scheme since it can bring more business into mobile telecommunication networks.