Security Measure Designed To Secure Short Service Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

This project paper discusses about a security measure designed to secure the short message service of GSM which currently has no specific security in the air interfaces (between user and base station). The means of dong it is by encrypting the text messages at the end system and allowing only intended party to perceive the contents or information through the usage of same shared secret key. The algorithm chosen is Blowfish Cipher by a computer security expert Bruce Schneir. This paper is about decryption of SMS security in GSM. Most mobile operator encrypt all mobile communication data, including SMS messages about sometimes this is not the case, and even when encrypted, the data is decipherable for the operator. Therefore these requests give rise for the need to develop additional encryption for SMS messages that end to end security. The decryption of Blowfish Cipher that use for the SMS message protection is not much different from the encryption, only subkeys were used in the reverse and the S-boxes for decryption were created after user insert a key. The key should be same as key used for the encryption text to obtain back the text. This application was build on the Visual Basic programming language to make easier to convert it to other software programming language. Therefore the SMS text will be more safety with this application because only the receiver that knows the key can translate the message.



1.1 Background

Text messaging (SMS) are widely used for communication and yet this service has been under malicious attacks. Recently SMS were used to exchange confidential data such as social security number, bank account number, passwords etc. When a person sends these kind of confidential message by inputting a wrong number; it may end up with severe consequences if it reached to the wrong receiver.

Based on recent surveys done by University of Columbia, more than 82% of mobile user having mobile with them all the time. With business driving communication happening more often on the move, mobile communication has become increasingly essential for corporate world. As a results, more users were exchanging more classified and business related information via SMS and contacts reside in the mobile phones with the management cell of any enterprise. Businesses are increasingly turning to the mobile phone to get the message across to the employees anywhere anytime. The desire to communicate more easily and have more timely access to information is universal.

1.2 Problem Statement

The mobile phone is today being adopted in innovative ways in human life and SMS is playing a leading role in this adoption. Therefore SMS is being important to human and safety of the SMS is being asked. Below are some problems that had been asked:

How secure is the information in the SMS in term of private and confidential?

Does this medium is reliable or not to send in a sales quote or sensitive information?

Social engineering attacks on servers at the SMS gateway have in the past left SMS messages vulnerable to theft and espionage. How far the privacy could extend for each and every SMS

These problems made me to do researched and provide a complete solution to all the above concerns and eliminate the security vulnerabilities inherent with SMS technology. The solution not only provides assurance of security and privacy of SMS messages in transit but also protects the SMS messages in the mobile phone.

1.3 Objectives

The objectives for this project are:

To understand the SMS system in GSM system.

To find an algorithm that can secure the SMS system.

To develop an application that will run the security system.

To create a SMS security that end to end system.

To make sure the SMS is protected from being read by others.


In this assignment, we have learned about project planning and on how to meet the deadline and the objectives. Objectives are the most important factor taken into consideration so that the problems can be identified and new idea can be applied.


The profile of the user can be the any of the mobile phone user or mainly the corporate user. Each user would encrypt the messages especially confidential messages to the receipent in order the confidentiality could be presumed. The receiver would be able to decrypt the encryption with the keys provided before they would be able to read the content of the messages.

1.6 Project Milestone




26 days


20 days

Hardware and Software Design

24 days

Software Requirement and Speciation

15 days


73 days


22 days


210 days

1.7 Planning

Initially planning was needed to detect the project request and analyze the project needs by discuss with supervisor.

1.1.1 Discuss With Supervisor

1.1 Project Request

1. Planning Phase Stage Task Deliverable

Find user tester

1.2.1 Analyze Needs

1.2 Needs Analysis

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

2.1.1 Write Learning Objective

2.1 Content Analysis

2. Design

2.1.2 Write Test Items

2.1.3 Create Diagrams

Design Specification

2.2.1 Write Content Structure

2.2 Information Gathered


( Alpha )


3.1 Authoring

3. Development ________________________________________________________________________

Secondly was the designing phase where two stages were to be completed. This first stage was the content analysis. Under this stage learning objective, and test items were written. Diagrams and screen design also created. The second stage was information gathered where content written and user interface was designed.

Third comes the most important phase of development. Authoring comes under this phase where coding to integrate. The deliverable was the alpha courseware.

4.1.1 Select Testers

4.1 Program Testing

4. Testing

4.1.2 Conduct Program Test


( Beta )

4.2 Review

4.2.1 Collect Feedback

4.2.2Analyze Feedback

4.2.3 Make Amendments

5.1.1 Install Courseware

5.1 Packaging


5.1.2 Press CD-Rom


( Final )

5.1.3 Make Formal Presentation

5.2 Courseware Presentation

5.2.1 Deliver Courseware Material

The forth stage was the testing to deliver the beta courseware program and review were done where feedback were collect and analyzed.

The final stage is the delivery of the product which I'm going to create.



2.1 GSM Overview

GSM was one of the first digital mobile phone systems to follow the analog era.

GSM that stands for Global System for Mobile communication. It is a accepted standard for digital cellular communication. Today over 400 million people worldwide use GSM mobile phones to communicate with each other, via voice and short-message-service (SMS) text. GSM also has other services such as call waiting, call forwarding, calling line identity, circuit-switched data (GPRS technology).

GSM is a cellular network, which means that mobile phones connect to it by searching for cells in the immediate vicinity. When mobile phone move between cells, there will be handover occurs. In GSM, TDMA is used as the accessing method which means many conversations are multiplexed into a single channel, while these channels will be divided into timeslots, each conversation uses one timeslot.

GSM networks operate in four different frequency ranges. Most GSM networks operate in the 900 MHz or 1800 MHz bands. There are four different cell sizes in a GSM network, macro, micro, pico and umbrella cells. The base station antenna is installed on a mast or a building above average roof top level are called Macro cells. Antenna height is under average roof top level, they are typically used in urban area are called Micro cells. Small cells whose diameter is a few dozen meters, they are mainly used indoors are called Pico cells. On the other hand, umbrella cells are used to cover shadowed regions of smaller cells and fill in gaps in coverage between those cells. Cell radius varies depending on antenna height, antenna gain and propagation conditions from a couple of hundred meters to several tens of kilometers.

Figure1: GSM Architecture

(KDU Lecture Notes from KCN)

2.2 Short Message Service (SMS) Review

Short Message service (SMS), often called text messaging, is a means of sending short messages to and from mobile phones. The short Message service (SMS) allows text messages to be sent and received to and from mobile telephones. SMS was originally introduced as part of the GSM series of standard in 1985. This standard were also means of sending messages of up to 160 characters to and from GSM mobile handsets. The text can comprise words or numbers or an alphanumeric combination. SMS was created as part of the GSM phase 1 standard.

The first short message is believed to have been sent from a PC to a mobile phone on the Vodafone GSM network in December 1992 . Each short message is up to 160 characters in length when Latin alphabets are used and 70 characters in length when non-Latin alphabets such as Arabic and Chinese are used.

Messages are sent to a Short Message Service Center (SMSC) which provides and store-and forward mechanism. It attempts to send messages to their recipients. If a recipient is not reachable, the SMSC queues the message for later retry. Some SMSCs also provide a "forward and forget" option where transmission is tried only once. Both Mobile Terminated (MT), for messages sent to a mobile handset, and Mobile Originating (MO), for those that are sent from the mobile handset, operations are supported. Message delivery is best effort, so there are no guarantees that a message will actually be delivered to its recipient and delay or complete loss of a message is not uncommon, particularly when sending between networks. Users may choose to request delivery reports, which can provide positive confirmation that message has reached the intended recipient.

Mobile Application Part (MAP) of the SS7 protocol has been used to transmit short messages between the SMSC and the handset. Messages are sent with the MAP Mobile Originating (MO) and Mobile Terminated (MT) ForwardSM operations, whose payload length is limited by constraints of the signaling protocol. Variety of alphabets such as the default GSM 7-bit UCS2 used to encode short messages. Moreover, it depends on which alphabet the subscriber has configured in the handset, this leads to the maximum individual Short Message sizes of 160 7-bit characters, 140 8-bit characters or 70 16-bit characters. Support of the GSM 7-bit alphabet is mandatory for GSM handset and network elements, but characters in language such as Arabic, Chinese, Korean, Japanese or Slavic languages (e.g. Russian) must be encoded using the 16-bit UCS2 character encoding. Routing data and other metadata is additional to the payload size.

SMS message, going through operator's network in plaintext, can be not only intercepted, but also modified. For example, identity of the sender can be altered, or the text changed. One can never be sure, whether a normal SMS has been received in the same form as it has been sent, and who is the real author. The network acts as a black box to both parties of communication. From the above list it is clear that relying upon standard SMS service is dangerous in case of sensitive data. Users of the network can therefore choose from two possibilities, either use SMS only for exchange of unimportant data, or protect their SMS in some extra way.

There is no questions asked for the success of SMS. The market in Europe alone had reached over three billion short messages per month as of December 1999, despite little in proactive marketing by network operators and phone manufacturers.

sender SMS arch.JPGFigure 2: Sender SMS Architecture.

(HUAWEI Training Slides 2008)

Full SMS Architecture.JPGFigure 3: Full SMS Architecture.

(HUAWEI Training Slides 2008)

2.2.1 SMS protocol description unit (PDU) Format:

SMS message will be sent to operator in PDU format. The PDU string contains not only the message, but also a lot of meta-information about the sender, his SMS service center, the time stamp and others. This octet sequence consists of three parts: An initial octet indicating the length of the SMSC information, the SMSC information itself ("917283010010F5"), and the SMS_DELIVER part (specified by ETSI in GSM 03.40).

Table 1: PDU String




Table 2: PDU Description




Length of the SMSC information (in this case 7 octets)


Type-of-address of the SMSC. (91 means international format of the phone number)

72 83 01 00 10 F5

Service center number(in decimal semi-octets). The length of the phone number is odd (11), so a trailing F has been added to form proper octets. The phone number of this service center is "+27381000015". See below.


First octet of this SMS-DELIVER message.


Address-Length. Length of the sender number (0B hex = 11 dec)


Type-of-address of the sender number

72 38 88 09 00 F1

Sender number (decimal semi-octets), with a trailing F


TP-PID. Protocol identifier.


TP-DCS Data coding scheme

99 30 92 51 61 95 80

TP-SCTS. Time stamp (semi-octets)


TP-UDL. User data length, length of message. The TP-DCS field indicated 7-bit data, so the length here is the number of septets (10). If the TP-DCS field were set to indicate 8-bit data or Unicode, the length would be the number of octets (9).


TP-UD. Message "hellohello" , 8-bit octets representing 7-bit data.

2.3 Encryption

Encryption is a process of transforming information or data to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. A cipher is needed where it is algorithm for performing encryption and decryption or a series of steps that can be followed as a procedure. It is also known as encipherment. In most cases, that process is varied on a key which changes the detailed operation of the algorithm.

The original information is known as plaintext, and the encrypted test is known as cipher text. The cipher text message contains all the information of the plaintext message, but it is in a format unreadable by a human or computer without the proper mechanism to decrypt it. The operation of a cipher usually depends on a piece of auxiliary information, called a key. A key must be selected or created before using a cipher to encrypt a message. Without knowledge of the key, it should be difficult, if not impossible, to decrypt the resulting cipher into readable plaintext.

Cryptography is a part of mathematical science studying protection of information from unauthorized access. At first, cryptographic results were available only to the military. However, in the 1970s, rapid development of digital communication led to rise in nonmilitary cryptography, which protects data in everyday life. Nowadays cryptography is widely used in protection of many secrets, including internet banking (transfers of billions of dollars are protected using cryptography every day), access to private databases and personal communication.

Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitable controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data.

Thus, the objective of data security is to make sure the data is kept safety from corruption and accessing from others. This means data security helps us to ensure privacy and to protect the personal data. It is frequently described in terms of confidentiality, integrity, authentication and non-repudiation of transmitted data. The transferred information is often critical to company's business, and such information should not be leaked to outsiders especially in banking business such as e-commerce. A variety of mechanisms are used in securing data in the communication today which basically based on cryptography and ciphering.

According to Oxford English Dictionary, cryptography is simply defines as hidden writing. Encryption is the process of transforming information (plaintext) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. It has been used for a very long time since the ancient Egyptians and Roman build their empires. Cryptography was also used during World War II, and the most popular one is the Enigma machine which was meant for encryption purpose. Encryption is now used in protecting information within many kinds of public systems, such as computers, networks, mobile telephones, and bank automatic teller machines.

Confidentiality of transmitted data can be provided by encrypting the information flow between the communication parties, and the encryption may take place end-to-end between the communicating parties or just between several parts in the communication path. At a general level, cryptographic algorithms can be classified according to how many different keys they use:

Symmetric cryptographic algorithms use one key, which means each messages were encrypted or decrypted using the same key.

Asymmetric cryptographic algorithms use two different keys for eanch encryption and decryption of the code. Both keys can't be select independently of the other and instead must be constructed as a pair specifically in accordance with the cryptographic algorithm.

2.4 Security of SMS system

Our approach to this problem is to develop an application that can be used in mobile devices to encrypt messages that are about to be sent. Naturally decryption for encrypted messages is also provided. The encryption and decryption are characterized by a secret key that all legal parties have to posses. If SMS message are to be a reliable and secure means of communication, several requirement must be fulfilled in order to prevent the above mentioned risks.

2.4.1 Security against eavesdropping

Messages between two users are encrypted using an algorithm and a key or password that user derived. An adversary which monitors the communication seems only a senseless sequence of binary data, and is unable to decrypt them without the password. In case of a good password, this would take billions of years. The keys for communication with order users are saved in the phone as encrypted and the password is used for their encryption. Also, the keys or passwords can be changed very easily, when the two sides agree upon new ones. This gives the users an opportunity to alter keys regularly say, every week.

2.4.2 Prevention of impersonation attacks

Successful decryption of a received message is also a proof of the fact that the sending person has the correct key. Without knowledge of the key, the adversary is unable to generate a message which would decrypt into correct text on the receiving side. Therefore, the fact that a message has been really sent by its author, is ensured.

2.4.3 Protection of saved messages from reading

All received and sent messages of this system, which are saved into the phone, are protected by encryption, with use of Blowfish standards, and a key that selected by the user. At each start, this system will asks for the password. Without it, it cannot decrypt the data correctly. Any adversary which gets access to your saved data will need to guess the correct password as well. In case of a good password, checking of all possibilities will takes billions of years.

To ensure that the SMS remains confidential, a password-based cipher is used to encrypt the message's content. Making SMS as a secure communication, developers should be mostly interested in the confidentiality and integrity of the message. Authentication is achieved by simply looking at the message itself, which includes the sender's phone number. Encrypting the message providers confidentiality, and a message digest can be used to ensure integrity.

2.5 Feistel Cipher

Feistel cipher is a block cipher with a symmetric structure, named after IBM cryptographer Horst Feistel and it is also commonly known as a Feistel network. Data Encryption Standard (DES) is a large proportion of block ciphers use the scheme. The Feistel structure has the advantage that encryption operations are very similar, even identical in some cases, requiring only a reversal of the key schedule. Therefore the size of the code or circuitry required to implement such a cipher is nearly halved.

Each block of Fiestel cipher consists of 64 bits. This 64 bits will separate to two 32 bits for left side and 32 more bits for right side. Let F be the round function and let K0,K1,K2……, Kn be the sub-keys for the rounds 0,1,2,……,n respectively. For each round, compute

L_{i+1} = R_i\,

R_{i+1}= L_i \oplus {\rm F}(R_i, K_i)

Then the cipher text is (Rn,Ln). Decryption of a cipher text (Rn,Ln) is accomplished by computing for I=n,n-1,n-2,….,0. Then (R0,L0) is the plaintext again.

R_{i} = L_{i+1}\,

L_{i} = R_{i+1} \oplus {\rm F}(L_{i+1}, K_{i})

One advantage of this model is that the round function F does not have to be invertible, and can be very complex. The diagram illustrates both encryption and decryption.

Note the reversal of the subkey order for decryption; this is the only difference between encryption and decryption.


Figure 4: Encryption and Decryption of Feistal Cipher

Advantages of Blowfish Algorithm:

As SMS is a limited size message (small size data), Blowfish algorithm which performing encryption on small size block would be the best design to secure such a data.

This algorithm also has been proven as the fastest speed block cipher by many programmers even it require more memory for sub-key storage about 4 kilobytes.

" Blowfish is one of the fastest block ciphers in widespread use, except when changing keys. Each new key requires preprocessing equivalent to encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers."

Table 3: Relative Speed Comparison


Average time





AES Fast


AES Middle


AES Light












Thus, based on above time measurement, to encrypt 1 byte data with one cycle of Blowfish equals to 0.0223 ms, then we can roughly estimate average time taken for the algorithm to work on a data of size 140-bytes or one full message. The amount of run time taken to encrypt one SMS is about 3 milliseconds by using Blowfish. This time is relevant enough if this security measure is going to be applied on mobile device which use the MIDP 1.0 profile. Basically, MIDP (Mobile information device profile) is a specification published for the use of Java on embedded devices such as mobile phones and PDAs. It also part of the Java platform, Micro Edition (Java Me) framework and sits on top of Connected Limited Device Configuration, a set of lower level programming interfaces.

Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone. There is no effective cryptanalysis on the full-round version of Blowfish known publicly as of 2009.

The design decision of choosing Blowfish algorithm is considered accurate as it is both easier to understand and easier to implement. Furthermore, it has proven its quality in many applications either securing database or computer networking. A long list of the products using Blowfish are given in B.Schneier's official website, two of them are A-lock (encryption software that integrates with popular windows e-mail programs) by Trillium Technology Group and Confide (a point-to-point messaging application with strong encryption, providing both private and public key functions to insure the confidentiality of your conversation) by MC2 Studios.

2.6 Requirement Gathering Approach

Requirement gathering is an essential part of any project and project management. Understanding fully what a project will deliver is critical to its success. This may sound like common sense but surprisingly it's an area that is often given far too little attention.

This section will explain the ways and method we used to gather the required information about the current system in order to conduct the appropriate and necessary analysis.

Requirement gathering approaches are primarily fact-finding activities. The goal is to capture as complete a speciation of the required system as is possible. There are many ways and approaches to achieve this some of it are:

Interview and Listening Sessions


Researches into Printed Materials

Interview and Listening Sessions

Conducting interview sessions with some of my friends and some of my lecturers to get as much as related and required information regarding the existing system that is used recently. I determine the information requirement of the organization and focus on the urgent needs of the organization through the interview. Each session of the interview are approximated 1 hour, depending on the comment given by the interviewee and the purpose or nature of the interview.


The evaluation process is done by all professionals in the administration department unit, in order to get their opinion regarding the secure SMS, and to improve the performance and efficiency of the system. By this way, I will be able to get all the evaluation and feedback from the evaluators faster..

Researches into Printed Materials

I had conduct researches and acquire related documents and research materials to study and analyze the current system further. We also search and gather format of records and analyze its entities and its relationships with other Instituition system. Through this way, I would be able to determine the flow of data and necessary base or key entities which all the education institution depend on. This helps to determine and proposed new functions into the system. I hope that my system could help edge in providing better and faster service for the mobile users.



3.1 Decryption

Security that used encryption to encipher the text, the application also has to provide the decryption algorithm to obtain back the text or message.


Message in text editor



Message in ciphertexts




Figure 6: Flowchart of the decryption system

3.1.1 SMS Security Decryption



New P-array

Sub keys


Decryption function

64 bits of ciphertexts


Figure 7: Flowchart of the decryption system

For this project that is to make SMS secure end to end system, I decided to use Blowfish algorithm since it is a good algorithm for communication security. Beside that, there is no attacks on Blowfish are known that work on the full 16-round official version (certain attacks recover some information from versions with up to 14-rounds only).

The Blowfish program was developed by author and computer security and cryptography consultant Bruce Schneier. Blowfish is a cipher based on Fiestel rounds, and the design of the f-function used amounts to a simplification of the principles used in DES to provide the same security with greater speed and efficiency in software. Blowfish has a 64-bit block size and a key length of anywhere from 32 bits to 448 bits. It is a 16-round Fiestel cipher and uses large key-dependent S-boxes.

The main claim to fame of Blowfish is in its method of key scheduling. The round keys, and the entire contents of all the S-boxes are created by multiple iterations of the block cipher. This enhances the security of the block cipher , since it makes exhaustive search of the key space very difficult, even for sort keys.

Decryption is a way to get back the plaintext from ciphertext. Decryption for this application is same as encryption, but the 18 subkeys are used in reverse order. Decryption for this application also consists of sixteen rounds. For first step XOR the left half of cipher text block (32bits) with the subkey number 16 for that round. Then the output of XOR will be applied with the f-function , and then XOR the right half of the block with the result . finally, swab the halves of the block. These steps will run in 16 rounds and lastly the left half will be XOR with subkey number one.





For f function Blowfish decryption, blowfish also uses four S-boxes. Each one has 256 entries, and each of the entries is 32 bits long. The S-boxes for decryption are generated by the two of last subkey 16 and subkey 17. These two of subkeys be work as a data and will be encrypted by the blowfish algorithm, using the subkeys that generated from the encryption algorithm. The output from the encryption will be save as S-boxes[0][0] and S-boxes[0][1]. Then the output will be encrypted to get S-boxes[0][2] and S-boxes[0][3]. This operation will continue until the output for S-boxes[3][254] and S-boxes[3][255].

To calculate the f-function: use the first byte of the 32 bits of ciphertext to find an entry in the first decryption S-box, the second byte to find an entry in the second decryption S-box, and so on. The value of the f-function is ((S1(B1) + S2(B2)) XOR S3(B3)) + S4(B4) where addition is performed modulo 2^32.


Figure 9: Blowfish S-Boxes

3.1.2 Key for Decryption:

Since we use symmetric algorithm, encryption and decryption key is same. To decrypt the SMS message or to read the message, the key for decrypt must equal to the key for encrypt the SMS message. Both of the users must agree to create the key. If receiver insert different key the program will ask again to insert key for decryption. If after 3 times the user insert wrong key the message will shown a text in hexadecimal format. It is not cipher text but a different text.

Below is the example of the system if receiver insert wrong key for decrypt the message:

Insert key to decrypt message:


Insert key to decrypt message:


Insert key to decrypt message:


Plaintext is: 481629GF640-HS7395HSD2JFDMDF723

Tools ;

The tool that I use this project I used Visual Basic programming language coding to create the system. I use Visual Basic programming because it is a basic language for programmer. This coding can be inserted to another programming language like Java, Visual Basic or other programming software to do the Graphic User Interface (GUI).


For decryptions side, firstly user must insert the main password. This password can be change if both user (sender and receiver) feels the key is not safe anymore. Below are the results if the receiver inserts a right key and a wrong key to decrypt the message.

Chapter 4



In this project, I have make research about the GSM, SMS system and security algorithm to performed a security for SMS system in GSM. I choose Blowfish cipher to secure the SMS since it is a good algorithm for communication security. It is because the time taken to encrypt text is the fastest from other algorithm like DES, 3DES and AES. Beside that the Blowfish also an algorithm is a secure cipher because there is no attacks on Blowfish are known that work on the full 16-round official version (certain attacks recover some information from versions with up to 14-rounds only).

During this project, I face many problems. Firstly I have problems to choose an algorithm that suite for SMS system. I make research finally I found an algorithm that suite for communication system that is Blowfish algorithm.

After that I face another problem how to create the program of Blowfish. In this phase I have problem to do the part of decryption of the message. Finally I found the solution that is the S-boxes of Blowfish cannot be freely created. There are specifications that must use to create the S-boxes.

Some might consider this as disadvantage, but I would not agree with that idea. Although, I need to decrease number of bits, this would not be less advantage as this is what we consider as a cost of price for security in which to gain something I need to sacrifice something. Note that if I use the 8-bit coding scheme early on without any security applied then the same result would be produced where maximum characters will only be 140. Unluckily, if users are using other symbols like Arabic or Chinese then their maximum characters would also be small, even far smaller than 140 which is only 70 characters per SMS allowed.

"The main claim to fame of Blowfish, however, is in its method of key scheduling. The round keys, and the entire contents of all the S-boxes, are created by multiple iterations of the block cipher. This enhances the security of the block cipher, since it makes exhaustive search of the keyspace very difficult, even for short keys[ ]."

When someone decide whick cipher or algorithm to use, different factors play a role in this decision, including factors such as the cipher's strength, run-time performance, and royalties for the use of some algorithms. Given the average time of this application on the processing power of a MIDP device, run-time performance should be carefully examined. Average Time for decrypt 140 bytes or full message is 3.13125 ms .

Chapter 5



As conclusion, the security for SMS message system must be secured against wiretapping(reading) by a third person and must be secured against modification (any change, even senseless one, must be detected at arrival). The sender of the message must be certain and saved messages must be protected from reading when the phone falls into adversary's hands.

The method and technology selected in securing SMS should also be the one that could last for significant period of time so that the effort and price spend on securing it are not wasted. The security measure applied in this project is meant to suit what is required by SMS technology and handset capacity or speed would be considered as a perfect way to secured SMS from end-to-end. As in the design presented in this project, the securing system applied is very accurate and able to provide a suitable amount of security as well as ease of implementation for any service providers. The openness of Blowfish algorithm plus the design of it such as a Feistel network, non-reversible function F and 4 different S-Boxes seems more secure.

My project is successful because the objectives of this project paper are achieved. The objectives are achieved since the application for security is done. The plaintexts of SMS text are being encrypted using Blowfish algorithm are being shown in hexadecimal decimal format. SMS message will be sent encrypted end by end system from sender to receiver. Only the receiver that only know the key can decrypt the message cause if the inserted key is wrong the message will shown hexadecimal text.

With this application SMS text can not be read by other people. It is because SMS text will be encrypted from the sender until to the receiver. Therefore, there is no one can read and modified the message only if the person know the key since the algorithm is very safe and secure. The key should only be known by the sender and receiver and the users can change the key if they think the key in not safe to use anymore. Lastly I want to express my appreciation to my supervisor Ms YEW because assisting since my research until my design application.