Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm.

Transcription

1 Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm. Garba S. (1), Abdu-Aguye U.-F., Raubilu A.A., Ibrahim Y. Department of Electrical and Computer Engineering, Ahmadu Bello University, Zaria. (1) sgarba@abu.edu.ng, sgarbaabu@gmail.com Abstract Asymmetric encryption techniqueswas successfully incorporated in a Network Message Centre (NMS) to address insecurity of the SMS (Short Message Service) in a GSM network. The Network Message Centre (NMS)was design using MYSQL, PHP, HTML and CSS which serves as GUI (Graphic User Interface) and the Asymmetric algorithm was incorporated into the application for encryption/decryption of SMS using public and private key respectively.a modulus size of 1248 bits, with cipher text of 156 characters were used on the Asymmetric algorithms to achieved optimal payload. The secure SMS undergo three (3) stages; compression, encryption, and decryption. The SMS was implemented under the aforementioned stages. The NMS runs successfully after incorporating the Asymmetric Encryption technique under the design specifications. Keywords: SMS, GSM, Encryption, Compression, Decryption, NMS. 1.0 Introduction In recent times, mobile communication devices are integrated with multiple wireless network technologies to support additional functionality and services. One of the most important developments that have emerged from communication technology is Short Message Service (SMS). An integral part of Global System for Mobile Communications (GSM), but is now available on a wide range of network standards such as Code Division Multiple Access (CDMA) (1). SMS was originally meant to notify users of their voic message, it has now become a popular means of communication by individuals and businesses. Banks worldwide are using SMS to conduct some of their banking services. E.g. clients are able to query their balances via SMS or conduct mobile payment or an alert by banks to notify customers about the transaction they made.sms are transmitted within or outside the same cell or to anyone with roaming capabilities. The SMS is a store and forward service, and is not sent directly but delivered via an SMS Centre (SMSC).SMSC is a network element in the mobile telephone network, in which SMS is stored until the destination device becomes available (1) (2). The SMS messages do not require the mobile phone to be active and within range, as they will be held for a period of time until the phone is active over the air interface. The security feature Over the Air interface and those present in the GSM fixed network are independent of each other. The network security feature do not continue past the Base Transceiver Station (BTS). This contrasts to the air interface which is a medium accessible by anyone with right air interface equipment available to them. This makes the SMS technology vulnerable to risk and unauthorized access, as such, the integrity of SMSs needs to be preserved (3). An alternative to protect data privacy in SMS message involves encrypting the message body at the sending device and decrypting the message at the receiving. Such anapproach protects the data for the entire duration of its transit through the network, although such an 557

2 implementation of such a system is highly task demanding (4). In order to be in agreement with the all flavours of SMS, the encryption algorithms must possess three attributes, namely(3): i. The encrypted message must be in the form of cipher text or plain text in order to meet the SMS message body standard. ii. The encryption algorithms cannot alter the size of the original message, since that would course initially large messages to exceed the maximum allowed size after encryption. iii. Simple and computationally inexpensive. In cryptography, a key agreement is a protocol whereby the two parties (i.e. encryption and decryption at sender and receiver respectively) can agree on a key in such a way that both influence outcome (5). If properly done, this precludes undesired third parties from forcing a key choice on agreeing parties. Protocols that are useful in practice also do not reveal to any eavesdropping party what key has been agreed upon on (6). Reliable encryption and decryption techniques is the process of converting information into a special code so that it is intelligible only to someone who knows how to convert it into plain text (7). 2.0 Algorithm Types Many different algorithms are used for encryption but contain elements common to all of them. Algorithms can be divided into two (2) classes, depending on the technique and approach employed. They are (5): i. Symmetric. ii. Asymmetric. i. Symmetric Algorithm Symmetric algorithms use the same key for encryption and decryption data. They usually operate at relatively high speed and are suitable for large/bulk encryption of message (7). ii. Asymmetric Algorithm This is a special class of transformations in engineering, where a pair of related independent keys can be used to perform asymmetric encryption and decryption. One key from the pair is used to encrypt the message into cipher, and the other key decryption key is used to generate the plain text (known as RSA, after its developers Rivers, Shamir and Adelman) (7). 3.0 Mobile Station and Subsystems The mobile station (MS) consists of Mobile Equipment (ME) and Subscriber Identity Module (SIM) which store secret information which includes International Mobile Subscriber Identity (IMSI), and secret key (KI) for authentication. SIM provide personal mobility, so that the user can have access to subscribed services irrespective of a specific terminal. The user is able to receive and make calls at the terminal (2). In the base station subsystem (BSS), the radio network controls the radio link and provide a radio interface for the rest of the network. It consists of two types of nodes; Base Station Controller (BSC) and Base Transceiver Station (BTS). The BTS covers a specific geographical area which is called a cell. Each cell comprises of many mobile station. The BSC controls 558

3 several base stations by managing their radio resources. The BSC is connected to Mobile services Switching Centre (MSC) in the third part of the network. The network system subsystem (NSS) also called the Core Network (CN) In addition to MSC consists of several other databases such as Visitor Location Register (VLR), Home Location Register (HLR) and Gateway MSC (GMSC) which connect the GSM network to public Switched Telephone Network (PSTN). The MSC, in cooperation with HLR and VLR provide numerous function including registration, authentication, location updating and call routing (2) (3). 4.0 Methodology i. Creating a database using MYSQL which will serve as the container for SMS (Short Message Service) sent/received. ii. Designing a dynamic web based application using HTML and PHP and applying styles and side script to the application using CSS and JS. iii. Incorporating the asymmetric encryption technique using RSA Algorithm iv. Testing and analyzing the application 5.0 System Flow Chart A home screen is displayed when the application starts, which is an introduction to the message centre. A login forms follows for authentications (username and password required) before access is guaranteed. Subsequently, allowing access to SMS informations. Provision is created for ending a user session. The system flow chart is shown in Figure 1. Figure 1: System flow chart Figures 2, 3, and 4 shows the designed administrator and user login forms, and success page. 559

4 Figure 2: Administrator log in form Figure 3: User login form Figure 3: Success page 6.0 Design Specification for the Asymetric Algorithm The message centre is developed using a single Database which contains four (4) relation (tables), and stored data in each table. They are: i. The subscriber table that stored the data about each subscribers. ii. The data vault table. 560

5 iii. iv. The Administrator table that stored the admin user login. The Users table that stored the user login details. The database has key bank where the public and private keys are stored and a data vault where the query is being passed. The proposed message centre comprised of seven (5) interface forms of different functionality and has the ability of accessing the database in order to retrieve, query and delete information from the database. These interface forms include the following: i. HOME SCREEN. ii. THE LOG_IN FORM (1). iii. THE LOG_IN FORM (2). iv. THE SEND_SMS FORM. v. THE ADD_NEW_SUBSCRIBER FORM. vi. THE ENCRYPT FORM. vii. USERS FORM. The simulated enhanced message centre developed provides the mobile network organizations with the ability to prevent internal fraud, espionage and conspiracy. It prevents easy access to subscriber s text message for infamous motives by having the following properties: a) Identification of the message centre system structure. b) Authentication relation. c) Simulated SMS interface and Data vault. d) Concrete method encryption. e) Flexibility of decryption to authorized personnel 7.0 The Technique for Securing The SMS The SMS is secure without increasing its length. The two main steps of this technique are the compression and encryption processes (8). The SMS is compressed (processes of encoding) using fewer bits than an un-encoded representation. The purpose of this step is to reduce the consumption of resources and reducing SMS length. The SMS is the encrypted, that is achieving security by encoding the messages to make them non readable. The steps of the technique can be described as follows: Step 1: Get the SMS Step 2: Determine the SMS recipient Step 3: Compress the SMS Step 4: Check the compressed SMS length 4.1: If it is greater than 145 characters then divide it into more than one according to its length such that each message is 145 characters to satisfy the message length limit. Step 5: Encrypt the compressed SMS using Asymmetric algorithm. Step 6: Add signature to the SMS. Step 7: Send the SMS. 561

6 In Step 4, restricting the SMS length in the proposed technique to 145 characters is necessary for the encryption process. Table 1 Indicates the relation between RSA Modulus (Asymmetric) bits, maximum number of Input characters and length of output encrypted characters. Table 1: The relation between RSA Modulus bits, maximum number of Input characters and length of output encrypted characters. RSA Number of Length of Modules size (bits) input characters Range output encrypted character Based Table 1, the RSA Modulus size chosen is 1248 bits as optimal value, that gives an output cipher text of 156 characters and the maximum input characters will be 145. The standard SMS length is 160 characters (8). In step 5, encrypting the SMS is based on RSA algorithm. The encryption using this algorithm can be achieved as follows: Step 1: choosing two large prime numbers P and Q Step 2: Calculating N (8), N=P*Q (1) Step 3: Selecting the public key (i.e. the encryption key) E, such that it is not a factor of (P-1) and (Q-1). Step 4: Selecting the private key (i.e. the decryption key) D, such that the following equation is true (D*E) mod (8): (P-1) * (Q-1) =1 (2) Step 5: For encryption, the cipher text is calculated using the plain text PT as (8): CT=PT^E mod N (3) Step 6: Sending CT as the cipher text to the receiver Step 7: For decryption, the plain text PTis calculated from the cipher text CT as (8): PT=CT^D mod N (4) 8.0 GSM Authentication and Identification The Subscriber Identity Module (SIM) is a smart card which contains both programming and information. The SIM plays an important role in identifying a user and is placed in a Mobile Station (MS) slot (2). This card is issued by the network operator and contains two sorts of information namely USER-DATA and NETWORK-DATA. One of the pieces of information is 562

7 the International Mobile Subscriber Identity (IMSI) which is stored securely within the SIM under NETWORK-DATA. This is the unique number assigned to each GSM Mobile user and is up to 15 digits. When a user switches on his/her Mobile devices, the International Mobile Subscriber Identity (IMSI) is used for connection to the network. The initial connection is the only time the IMSI is used, as after the connection the network assigns the user a random Temporary Mobile Subscriber Identity (TMSI), thus hiding a user s true identity. The TMSI has local purpose, as the temporary is valid only for a specific area. If the user moves to another area, the network allocates the user a new TMSI. When a new TMSI is allocated to a MS, it is transmitted to the MS in a cipher text. The MS stores the TMSI on SIM card so that when the MS is switched off then this data is not lost. The TMSI is also stores at the VLR and not at the HLR and consist of up to 32 bits (4 octets). The main purpose of the TMSI is to retain the anonymity of the Subscriber since the IMSI can reveal the user s true identity. The IMSI consist of three parts, namely (1): a) Mobile Country Code (MCC) 3 decimal digits. b) Mobile Network Code (MNC) 2 decimal digits. c) Mobile Subscriber Identification Number (MSIN) 10 decimal digits. The MSIN is unique for a MCC/MNC combination. (N.J Croft and M.S Oliver, (2005)). 9.0 Security Implementation The security implementation is based on public-key encryption and a simulated interface, such that every new and existing subscriber is allocated a unique mobile number (public-key) and private-key. Step1; A GSM user types his text message into the SMS interface, the intended recipient s number and his own corresponding number. After the send button is pressed; the text message is automatically encrypted and sends to the data vault. Step2; In order for authorized personnel to access the message for a subscriber, a legal password must be inputted, which grants access to the main menu otherwise access denied. This is achieved by comparing the subscriber s SIM certificate data with the information in the database. If the information in the SIM certificate corresponds with the information in the database then step 3. Step3: The SMS message of the subscriber would immediately appear the access window. 5.1 Conclusions Asymmetric encryption techniques using public and private key was successfully developed to address insecurity of the SMS (Short Message Service) in a GSM network. The application runs successfully under the design specification. The SMS was successfully encrypted from the application locally on a system. 563

8 References P. Traynor, W. Enck, P. McDaniel and T. La Porta. (2009). Mitigating Attacks on Open Functionalityin SMS-Capable Cellular Networks. IEEE/ACM Transactions on Internet Networking. 17(1), pp GSM document (2009). Short Message Service. Available: N. Croft and M. Olivier (2005). Using an approximated One Time Pad to Secure Short MessagingService (SMS). Proceedings of the Southern African Telecommunication Networks and Applications Conference. South Africa Pp per.pdf. B. Schneier (1996). Applied Cryptography: Protocols, Algorithms and SourceCode in C. Wiley Computer Publishing, John Wiley and Sons, Inc. pp Parliamentary Office of Science and Technology (POST) (2006). Data encryption POSTnote.Number 270. Rivest, Sharmir, Adleman (RSA) (1978).A method for obtaining digital signatures and publickey cryptosystems. Communication OS of the ACM K. M. Alallayah, W. F. Abd El-Wahed (2010). Attack of Against Simplified Data Encryption Standard Cipher System Using Neural Networks.Journal of Computer Science 6 (1): pp 29-35, ISSN