|
Secure SMS Messaging Protocol
|
The Global Service for Mobile communications (GSM) with the greatest worldwide number of users succumbs to several security vulnerabilities. In the GSM, only the airway traffic between the Mobile Station (MS) and the Base Transceiver Station (BTS) is optionally encrypted with a weak and broken stream cipher (A5/1 or A5/2). The authentication is unilateral and also vulnerable. There are also many other security vulnerabilities and shortcomings. Such vulnerabilities are inherited to the Short Message Service (SMS) as one of the superior and well-tried services with a global availability in the GSM networks. The SMS messaging has some extra security vulnerabilities due to its store -and-forward feature, and the problem of fake SMS that can be conducted via the Internet. When a user is roaming, the SMS content passes through different networks and perhaps the Internet that exposes it to various vulnerabilities and attacks. Another concern is arisen when an adversary gets access to the phone and reads the previous unprotected messages. To exploit the popularity of SMS as a serious business bearer protocol, it is necessary to enhance its functionality to offer the secured transaction capability. Data confidentiality, integrity, authentication, and non-repudiation are the most important security services in the security criteria that should be taken into account in many secure applications. However, such requirements are not provided by the traditional SMS messaging. Due the vast area of applications, each of them having a different level of security requirements, the most profitable solution is via the end-to-end security or the security at the application layer. It will be a network independent solution and does not need any change in the network's infrastructure . Several researches have been done to provide end-to-end security in SMS. Some of them just considered the concept of end-to-end encryption at the application layer such as and SafeSMS , while some of them (such as SSMS and SMSSec ) not only considered end-to-end security at the application layer but have proposed Secure SMS Messaging Protocols. There are also some companies (such as SecureGSM and CellTrust) that have products for end-to-end encryption of SMS. As an example, the CellTrust corporation has offered a trademark with SecureSMS™ brand for its product . However, it should be emphasized that the concept of a "Secure SMS Messaging Protocol" (such as SSMSand SMSSec protocols) fundamentally differs from a simple end-to-end encryption of SMS messages (e.g. SafeSMS).
|
|
|