Short Message Service (sms) security solution for mobile devices

Download 1,13 Mb.

Pdf ko'rish

bet	11/51
Sana	09.06.2022
Hajmi	1,13 Mb.
	#647072

1 ... 7 8 9 10 11 12 13 14 ... 51

Bog'liq
06Dec Ng Yu

I. INTRODUCTION
A.
BACKGROUND
Short Message Service (SMS) is a text message service that enables
users to send short messages to other users on the Global System for Mobile
communication (GSM) network. SMS uses a store-and-forward mechanism
similar to SMTP mail service. Instead of mail servers, SMS Centers (SMSC) are
used to store the SMS messages before they are forwarded to the mobile user's
service provider or another SMSC. Although the network connections between
the SMSC and nodes in a GSM network are usually protected by Virtual Private
Network (VPN) tunnels, the SMS messages are stored unencrypted at the
SMSC. This means that employees of SMSC operators, or others who can hack
into the system, can view all the SMS messages passing through the SMSC.
Many SMSCs also retain a copy of the SMS messages for audit, billing and
dispute resolution purposes [1]. If an attacker manages to compromise the
SMSC, the attacker can also read the SMS traffic. One of the more high profile
victims of such an attack in recent years was England football captain David
Beckham, whose SMS exchange with his personal assistant Rebecca Loos was
intercepted and published in a tabloid [2]. Two employees from European phone
operator mmO2 were dismissed for helping their friend obtain copies of his
girlfriend’s SMS messages [3].
B.
STATEMENT OF PROBLEM
Encryption provides a means of protecting sensitive communications over
a public network but it imposes overhead in terms of additional computing.
Mobile devices are generally faced with constraints on computational power and
battery life. These constraints impose limits on the amount of encryption
operations that can be performed without seriously affecting the usability of the
device. Therefore, symmetric encryption is commonly used in mobile devices

2
because of its efficiency relative to asymmetric encryption, such as PKI. That is
why most current commercial SMS encryption solutions use password-based
symmetric encryption. Passwords are used as a key distribution mechanism to
synchronize the encryption keys. However, the use of passwords reduces the
strength of the cipher to the strength of the password when open algorithms,
such as Data Encryption Standard (DES) or Advanced Encryption Standard
(AES), are used. The onus is on the user to select a strong password.
Although asymmetric encryption offers the additional advantage of simple
key distribution and strong encryption, asymmetric encryption is not used
because it is computationally demanding.
However, mobile devices have experienced dramatic improvements in
computing speeds and memory capacity, matching those of desktop computers a
few years ago. Advances have also been made in battery technology and the
energy efficiency of components, thereby extending the operating life of mobile
devices. Given these developments, it remains to be shown whether or not
modern devices are still limited in their ability to harness the advantages of
asymmetric encryption to secure messages like SMS.

Download 1,13 Mb.

Do'stlaringiz bilan baham:

1 ... 7 8 9 10 11 12 13 14 ... 51