Short Message Service (sms) security solution for mobile devices



Download 1,13 Mb.
Pdf ko'rish
bet45/51
Sana09.06.2022
Hajmi1,13 Mb.
#647072
1   ...   41   42   43   44   45   46   47   48   ...   51
Bog'liq
06Dec Ng Yu

 
B. RECOMMENDATIONS 
The SMS and GSM technologies are matured after being in operation for 
more than ten years. Although they are not secure by design and 
implementation, their pervasiveness and low cost may be leveraged to improve


 66
other aspects of security. Following are several areas of potential exploration 
which may prove to increase the utility of the SMS protocol for sensitive 
communications. 
1.
Remote Device Termination by SMS 
By using SMS interception, a remote device that is physically lost may be 
remotely locked and the contents encrypted to prevent loss of sensitive 
information such as address book and personal information. However, the 
address book and sensitive information such as emails are locked for access by 
the Pocket Outlook application. The challenge will be to explore ways in which 
the information can be accessed and encrypted. 
 
2. 
One Time Pad (OTP) for SMS Encryption 
The advantages and possibility of using OTP for SMS encryption was 
discussed in Chapter III. This possibility can be further explored. The key 
research area would be to design an architecture for the key management and 
key synchronization for a OTP encryption scheme. 
3. SMS-based 
Two-factor Authentication 
Some banks are already using SMS as an additional authentication 
mechanism for online banking. This idea could be further extended by using the 
cell phone as the second factor of authentication. The cell phone is connected to 
the laptop via Bluetooth and the laptop is connected to the server via Internet. A 
challenge and response authentication mechanism can be built such that either 
the challenge, or the response information is sent via SMS through the cell 
phone, and the information is relayed to the laptop. The sending of the challenge 
and response on different channels makes it virtually impossible for the attacker 
to conduct a man-in-the-middle attack. The attacker has to be able to monitor, 
correlate and respond on two channels in order to carry out the attack. For the 
user, it is a two-factor authentication. If the laptop is lost, access to the server is 


 67
denied even if the attacker has the password. The key research question is the 
synchronization and the timing requirements for such a setup. 

Download 1,13 Mb.

Do'stlaringiz bilan baham:
1   ...   41   42   43   44   45   46   47   48   ...   51




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish