Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm.

Similar documents
Hybrid Compression Encryption Technique for Securing SMS

GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017

Chapter 3 GSM and Similar Architectures

Basics of GSM in depth

Cellular Mobile Systems and Services (TCOM1010) GSM Architecture

Pertemuan 7 GSM Network. DAHLAN ABDULLAH

Security of Cellular Networks: Man-in-the Middle Attacks

Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography.

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.

Information Technology Mobile Computing Module: GSM Handovers

EUROPEAN ETS TELECOMMUNICATION November 1996 STANDARD

Communication Networks 2 Signaling 2 (Mobile)

Design of a Routing Mechanism to Provide Multiple Mobile Network Service on a Single SIM Card Boobalan. P, Krishna. P, Udhayakumar. P, Santhosh.

Security functions in mobile communication systems

Designing Authentication for Wireless Communication Security Protocol

SECURE SHORT MESSAGE PEER-TO-PEER PROTOCOL

Computers and Security

Cellular Communication

Technical description of international mobile roaming May 2010

GSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications

Internal. GSM Fundamentals.

GSM. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides) GPRS

CHAPTER 4 SYSTEM IMPLEMENTATION 4.1 INTRODUCTION

International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 ISSN

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Telemetry Data Sharing Using S/MIME

UNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase

Practical Operator Considerations Cellular Analog Cellular Rogue Base Station Tumbling Cloning

Public Key Cryptography

Public Key Algorithms

Integration of voice and data in an m-commerce situation

City Research Online. Permanent City Research Online URL:

GSM System Overview. Ph.D. Phone Lin.

E2-E3: CONSUMER MOBILITY. CHAPTER-5 CDMA x OVERVIEW (Date of Creation: )

Cryptography and Network Security. Sixth Edition by William Stallings

Key Exchange. Secure Software Systems

Network Security Issues and Cryptography

Mobility and Security Management in the GSM System

Sequenced Release of Privacy Accurate Call Data Record Information in a GSM Forensic Investigation

Mobile Communications

Short Message Service (SMS)

Rashmi P. Sarode et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (5), 2015,

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Diminishing Signaling Traffic for Authentication in Mobile Communication System

UMTS System Architecture and Protocol Architecture

Enhanced Asymmetric Public Key Cryptography based on Diffie-Hellman and RSA Algorithm

Cryptography MIS

COSC : mobility within same subnet. Lecture 26. H1 remains in same IP subnet: IP address can remain same

TECHNICAL BRIEFING: MOBILE ACCESS TO THE INTERNET. Bornholm, October 2003

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Chapter 9. Public Key Cryptography, RSA And Key Management

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Cryptography. Cryptography is much more than. What is Cryptography, exactly? Why Cryptography? (cont d) Straight encoding and decoding

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

ETSI TS V7.1.0 ( )

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

LECTURE 4: Cryptography

Semi-Active GSM Monitoring System SCL-5020SE

Verteilte Systeme (Distributed Systems)

The Application of Elliptic Curves Cryptography in Embedded Systems

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Mobility: vocabulary

(2½ hours) Total Marks: 75

Distributed Systems. Lecture 14: Security. 5 March,

Public Key Cryptography and RSA

PORTABLE communication systems (PCSs) do not require

Wireless Communications

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Section 4 GSM Signaling BSSMAP

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

GPRS and UMTS T

Wireless and Mobile Network Architecture

1.264 Lecture 28. Cryptography: Asymmetric keys

International Journal of Innovative Research in Advanced Engineering (IJIRAE) ISSN: Volume 1 Issue 6 (July 2014)

COMP327 Mobile Computing Session: Lecture Set 5 - Wireless Communication Part 2

Chapter 3 Public Key Cryptography

Threat patterns in GSM system. Basic threat patterns:

Sniffer. J.DEEPTHI Associate Professor & HOD, Department of CSE,

CYBER SECURITY MADE SIMPLE

Security. Communication security. System Security

PROTECTING CONVERSATIONS

Advanced Computer Networks Exercise Session 4. Qin Yin Spring Semester 2013

Mobile Security / /

International Journal of Advance Research in Engineering, Science & Technology

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Security Management System of Cellular Communication: Case Study

Cryptographic Concepts

Public-key Cryptography: Theory and Practice

Lorenz Cipher. Menu. Class 4: Modern Cryptography. British Cipher Machine. German Code-Breaking Efforts. Some loose ends on WWII Maurice Burnett

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

e-commerce Study Guide Test 2. Security Chapter 10

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection

Chapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao

Cloud Computing: Security Issues & Solution

NETWORK SECURITY & CRYPTOGRAPHY

Encryption I. An Introduction

GSM Mobility Management

Transcription:

Securing SMS of a GSM Network Message Center Using Asymmetric Encryption Technique Algorithm. Garba S. (1), Abdu-Aguye U.-F., Raubilu A.A., Ibrahim Y. Department of Electrical and Computer Engineering, Ahmadu Bello University, Zaria. (1) sgarba@abu.edu.ng, sgarbaabu@gmail.com Abstract Asymmetric encryption techniqueswas successfully incorporated in a Network Message Centre (NMS) to address insecurity of the SMS (Short Message Service) in a GSM network. The Network Message Centre (NMS)was design using MYSQL, PHP, HTML and CSS which serves as GUI (Graphic User Interface) and the Asymmetric algorithm was incorporated into the application for encryption/decryption of SMS using public and private key respectively.a modulus size of 1248 bits, with cipher text of 156 characters were used on the Asymmetric algorithms to achieved optimal payload. The secure SMS undergo three (3) stages; compression, encryption, and decryption. The SMS was implemented under the aforementioned stages. The NMS runs successfully after incorporating the Asymmetric Encryption technique under the design specifications. Keywords: SMS, GSM, Encryption, Compression, Decryption, NMS. 1.0 Introduction In recent times, mobile communication devices are integrated with multiple wireless network technologies to support additional functionality and services. One of the most important developments that have emerged from communication technology is Short Message Service (SMS). An integral part of Global System for Mobile Communications (GSM), but is now available on a wide range of network standards such as Code Division Multiple Access (CDMA) (1). SMS was originally meant to notify users of their voicemail message, it has now become a popular means of communication by individuals and businesses. Banks worldwide are using SMS to conduct some of their banking services. E.g. clients are able to query their balances via SMS or conduct mobile payment or an alert by banks to notify customers about the transaction they made.sms are transmitted within or outside the same cell or to anyone with roaming capabilities. The SMS is a store and forward service, and is not sent directly but delivered via an SMS Centre (SMSC).SMSC is a network element in the mobile telephone network, in which SMS is stored until the destination device becomes available (1) (2). The SMS messages do not require the mobile phone to be active and within range, as they will be held for a period of time until the phone is active over the air interface. The security feature Over the Air interface and those present in the GSM fixed network are independent of each other. The network security feature do not continue past the Base Transceiver Station (BTS). This contrasts to the air interface which is a medium accessible by anyone with right air interface equipment available to them. This makes the SMS technology vulnerable to risk and unauthorized access, as such, the integrity of SMSs needs to be preserved (3). An alternative to protect data privacy in SMS message involves encrypting the message body at the sending device and decrypting the message at the receiving. Such anapproach protects the data for the entire duration of its transit through the network, although such an 557

implementation of such a system is highly task demanding (4). In order to be in agreement with the all flavours of SMS, the encryption algorithms must possess three attributes, namely(3): i. The encrypted message must be in the form of cipher text or plain text in order to meet the SMS message body standard. ii. The encryption algorithms cannot alter the size of the original message, since that would course initially large messages to exceed the maximum allowed size after encryption. iii. Simple and computationally inexpensive. In cryptography, a key agreement is a protocol whereby the two parties (i.e. encryption and decryption at sender and receiver respectively) can agree on a key in such a way that both influence outcome (5). If properly done, this precludes undesired third parties from forcing a key choice on agreeing parties. Protocols that are useful in practice also do not reveal to any eavesdropping party what key has been agreed upon on (6). Reliable encryption and decryption techniques is the process of converting information into a special code so that it is intelligible only to someone who knows how to convert it into plain text (7). 2.0 Algorithm Types Many different algorithms are used for encryption but contain elements common to all of them. Algorithms can be divided into two (2) classes, depending on the technique and approach employed. They are (5): i. Symmetric. ii. Asymmetric. i. Symmetric Algorithm Symmetric algorithms use the same key for encryption and decryption data. They usually operate at relatively high speed and are suitable for large/bulk encryption of message (7). ii. Asymmetric Algorithm This is a special class of transformations in engineering, where a pair of related independent keys can be used to perform asymmetric encryption and decryption. One key from the pair is used to encrypt the message into cipher, and the other key decryption key is used to generate the plain text (known as RSA, after its developers Rivers, Shamir and Adelman) (7). 3.0 Mobile Station and Subsystems The mobile station (MS) consists of Mobile Equipment (ME) and Subscriber Identity Module (SIM) which store secret information which includes International Mobile Subscriber Identity (IMSI), and secret key (KI) for authentication. SIM provide personal mobility, so that the user can have access to subscribed services irrespective of a specific terminal. The user is able to receive and make calls at the terminal (2). In the base station subsystem (BSS), the radio network controls the radio link and provide a radio interface for the rest of the network. It consists of two types of nodes; Base Station Controller (BSC) and Base Transceiver Station (BTS). The BTS covers a specific geographical area which is called a cell. Each cell comprises of many mobile station. The BSC controls 558

several base stations by managing their radio resources. The BSC is connected to Mobile services Switching Centre (MSC) in the third part of the network. The network system subsystem (NSS) also called the Core Network (CN) In addition to MSC consists of several other databases such as Visitor Location Register (VLR), Home Location Register (HLR) and Gateway MSC (GMSC) which connect the GSM network to public Switched Telephone Network (PSTN). The MSC, in cooperation with HLR and VLR provide numerous function including registration, authentication, location updating and call routing (2) (3). 4.0 Methodology i. Creating a database using MYSQL which will serve as the container for SMS (Short Message Service) sent/received. ii. Designing a dynamic web based application using HTML and PHP and applying styles and side script to the application using CSS and JS. iii. Incorporating the asymmetric encryption technique using RSA Algorithm iv. Testing and analyzing the application 5.0 System Flow Chart A home screen is displayed when the application starts, which is an introduction to the message centre. A login forms follows for authentications (username and password required) before access is guaranteed. Subsequently, allowing access to SMS informations. Provision is created for ending a user session. The system flow chart is shown in Figure 1. Figure 1: System flow chart Figures 2, 3, and 4 shows the designed administrator and user login forms, and success page. 559

Figure 2: Administrator log in form Figure 3: User login form Figure 3: Success page 6.0 Design Specification for the Asymetric Algorithm The message centre is developed using a single Database which contains four (4) relation (tables), and stored data in each table. They are: i. The subscriber table that stored the data about each subscribers. ii. The data vault table. 560

iii. iv. The Administrator table that stored the admin user login. The Users table that stored the user login details. The database has key bank where the public and private keys are stored and a data vault where the query is being passed. The proposed message centre comprised of seven (5) interface forms of different functionality and has the ability of accessing the database in order to retrieve, query and delete information from the database. These interface forms include the following: i. HOME SCREEN. ii. THE LOG_IN FORM (1). iii. THE LOG_IN FORM (2). iv. THE SEND_SMS FORM. v. THE ADD_NEW_SUBSCRIBER FORM. vi. THE ENCRYPT FORM. vii. USERS FORM. The simulated enhanced message centre developed provides the mobile network organizations with the ability to prevent internal fraud, espionage and conspiracy. It prevents easy access to subscriber s text message for infamous motives by having the following properties: a) Identification of the message centre system structure. b) Authentication relation. c) Simulated SMS interface and Data vault. d) Concrete method encryption. e) Flexibility of decryption to authorized personnel 7.0 The Technique for Securing The SMS The SMS is secure without increasing its length. The two main steps of this technique are the compression and encryption processes (8). The SMS is compressed (processes of encoding) using fewer bits than an un-encoded representation. The purpose of this step is to reduce the consumption of resources and reducing SMS length. The SMS is the encrypted, that is achieving security by encoding the messages to make them non readable. The steps of the technique can be described as follows: Step 1: Get the SMS Step 2: Determine the SMS recipient Step 3: Compress the SMS Step 4: Check the compressed SMS length 4.1: If it is greater than 145 characters then divide it into more than one according to its length such that each message is 145 characters to satisfy the message length limit. Step 5: Encrypt the compressed SMS using Asymmetric algorithm. Step 6: Add signature to the SMS. Step 7: Send the SMS. 561

In Step 4, restricting the SMS length in the proposed technique to 145 characters is necessary for the encryption process. Table 1 Indicates the relation between RSA Modulus (Asymmetric) bits, maximum number of Input characters and length of output encrypted characters. Table 1: The relation between RSA Modulus bits, maximum number of Input characters and length of output encrypted characters. RSA Number of Length of Modules size (bits) input characters Range 256 1-21 32 512 1-53 64 1024 1-117 128 1248 1-145 156 2048 1-245 256 output encrypted character Based Table 1, the RSA Modulus size chosen is 1248 bits as optimal value, that gives an output cipher text of 156 characters and the maximum input characters will be 145. The standard SMS length is 160 characters (8). In step 5, encrypting the SMS is based on RSA algorithm. The encryption using this algorithm can be achieved as follows: Step 1: choosing two large prime numbers P and Q Step 2: Calculating N (8), N=P*Q (1) Step 3: Selecting the public key (i.e. the encryption key) E, such that it is not a factor of (P-1) and (Q-1). Step 4: Selecting the private key (i.e. the decryption key) D, such that the following equation is true (D*E) mod (8): (P-1) * (Q-1) =1 (2) Step 5: For encryption, the cipher text is calculated using the plain text PT as (8): CT=PT^E mod N (3) Step 6: Sending CT as the cipher text to the receiver Step 7: For decryption, the plain text PTis calculated from the cipher text CT as (8): PT=CT^D mod N (4) 8.0 GSM Authentication and Identification The Subscriber Identity Module (SIM) is a smart card which contains both programming and information. The SIM plays an important role in identifying a user and is placed in a Mobile Station (MS) slot (2). This card is issued by the network operator and contains two sorts of information namely USER-DATA and NETWORK-DATA. One of the pieces of information is 562

the International Mobile Subscriber Identity (IMSI) which is stored securely within the SIM under NETWORK-DATA. This is the unique number assigned to each GSM Mobile user and is up to 15 digits. When a user switches on his/her Mobile devices, the International Mobile Subscriber Identity (IMSI) is used for connection to the network. The initial connection is the only time the IMSI is used, as after the connection the network assigns the user a random Temporary Mobile Subscriber Identity (TMSI), thus hiding a user s true identity. The TMSI has local purpose, as the temporary is valid only for a specific area. If the user moves to another area, the network allocates the user a new TMSI. When a new TMSI is allocated to a MS, it is transmitted to the MS in a cipher text. The MS stores the TMSI on SIM card so that when the MS is switched off then this data is not lost. The TMSI is also stores at the VLR and not at the HLR and consist of up to 32 bits (4 octets). The main purpose of the TMSI is to retain the anonymity of the Subscriber since the IMSI can reveal the user s true identity. The IMSI consist of three parts, namely (1): a) Mobile Country Code (MCC) 3 decimal digits. b) Mobile Network Code (MNC) 2 decimal digits. c) Mobile Subscriber Identification Number (MSIN) 10 decimal digits. The MSIN is unique for a MCC/MNC combination. (N.J Croft and M.S Oliver, (2005)). 9.0 Security Implementation The security implementation is based on public-key encryption and a simulated interface, such that every new and existing subscriber is allocated a unique mobile number (public-key) and private-key. Step1; A GSM user types his text message into the SMS interface, the intended recipient s number and his own corresponding number. After the send button is pressed; the text message is automatically encrypted and sends to the data vault. Step2; In order for authorized personnel to access the message for a subscriber, a legal password must be inputted, which grants access to the main menu otherwise access denied. This is achieved by comparing the subscriber s SIM certificate data with the information in the database. If the information in the SIM certificate corresponds with the information in the database then step 3. Step3: The SMS message of the subscriber would immediately appear the access window. 5.1 Conclusions Asymmetric encryption techniques using public and private key was successfully developed to address insecurity of the SMS (Short Message Service) in a GSM network. The application runs successfully under the design specification. The SMS was successfully encrypted from the application locally on a system. 563

References P. Traynor, W. Enck, P. McDaniel and T. La Porta. (2009). Mitigating Attacks on Open Functionalityin SMS-Capable Cellular Networks. IEEE/ACM Transactions on Internet Networking. 17(1), pp 40-53. GSM document (2009). Short Message Service. Available: http://www.gsmfavorites.com/documents/sms/. N. Croft and M. Olivier (2005). Using an approximated One Time Pad to Secure Short MessagingService (SMS). Proceedings of the Southern African Telecommunication Networks and Applications Conference. South Africa. 2005. Pp 26-31. http://www.mynetsec.com/files/xms_mobile/sms_vulnerabilities_xms_technology_white_pa per.pdf. B. Schneier (1996). Applied Cryptography: Protocols, Algorithms and SourceCode in C. Wiley Computer Publishing, John Wiley and Sons, Inc. pp 46-59 Parliamentary Office of Science and Technology (POST) (2006). Data encryption POSTnote.Number 270. Rivest, Sharmir, Adleman (RSA) (1978).A method for obtaining digital signatures and publickey cryptosystems. Communication OS of the ACM 21 120-126. K. M. Alallayah, W. F. Abd El-Wahed (2010). Attack of Against Simplified Data Encryption Standard Cipher System Using Neural Networks.Journal of Computer Science 6 (1): pp 29-35, ISSN 1549-3636 564

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback