Review of mobile short message service security issues and techniques towards the solution

Scientific Research and Essays

Volumn 6, Issue 6, 2011, Pages 1147-1165

  Medani, A ^a   Gani, A ^a   Zakaria, O ^b   Zaidan, A A ^c,d   Zaidan, B B ^c,d  

^a UNIVERSITY OF MALAYA   (Malaysia)

^b NATIONAL DEFENCE UNIVERSITY OF MALAYSIA   (Malaysia)

^c MULTIMEDIA UNIVERSITY   (Malaysia)

^d SUNWAY UNIVERSITY   (Malaysia)

Author keywords

Mobile communication; Mobile public key infrastructure; Short message service cryptography; Short message service security; Short message service security analysis

Indexed keywords

EID: 79957657234     PISSN: None     EISSN: 19922248     Source Type: Journal    
DOI: None     Document Type: Review

References (85)

1. Abomhara M, Khalifa O, Zakaria O, Zaidan A, Zaidan B, Alanazi H (2010). Suitability of Using Symmetric Key to Secure Multimedia Data: An Overview. J. Appl. Sci., 10: 1656-1661.
2. Al-bakri S, Kiah M (2010). A novel peer-to-peer SMS security solution using a hybrid technique of NTRU and AES-Rijndael. Sci. Res. Essays., 5: 3455-3466.
3. Al-Fayoumi M, Nashwan S, Yousef S, Alzoubaidi AR (2007). A new hybrid approach of symmetric/asymmetric authentication protocol for future mobile networks. pp. 29-29.
4. Alanazi H, Jalab H, Alam G, Zaidan B, Zaidan A (2010). Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. J. Med. Plants Res., 4: 2059-2074.
5. Alanizi H, Kiah M, Zaidan A, Alam G (2010). Secure topology for electronic medical record transmissions. Int. J. Pharmacol., 6: 954-958.
6. Anuar NB, Kuen LN, Zakaria O, Gani A, Wahab AWA (2008). GSM mobile SMS/MMS using public key infrastructure: m-PKI. WSEAS Trans. Comput., 7: 1219-1229.
7. Asokan N, Niemi V, Nyberg K (2005). Man-in-the-middle in tunneled authentication protocols. pp. 28-41.
8. Asvial M, Sirat D, Susatyo B (2008). Design and Analysis of Anti Spamming SMS to Prevent Criminal Deception and Billing Froud: Case TELKOM FLEXI.
9. Aziz Q (2006). Payments through Mobile Phone. Emerging Technologies, 2006. ICET '06. International Conference on. pp. 50-52.
10. Bais A, Penzhorn WT, Palensky P (2006). Evaluation of UMTS security architecture and services. pp. 570-575.
11. Beller MJ, Chang LF, Yacobi Y (1993). Privacy and authentication on a portable communications system. IEEE J. Selected Areas Commun., 11: 821-829.
12. Biryukov A, Shamir A, Wagner D (2001). Real Time Cryptanalysis of A5/1 on a PC. pp. 37-44.
13. Boman K, Horn G, Howard P, Niemi V (2002). UMTS security. Elect. Commun. Eng. J., 14: 191-204.
14. Cai L, Yang X, Chen C (2005). Design and implementation of a serveraided PKI service (SaPKI). pp. 859-864.
15. Chanson ST, Cheung TW (2001). Design and implementation of a PKIbased end-to-end secure infrastructure for mobile E-Commerce. World Wide Web. 4: 235-253.
16. Chikomo K, Chong MK, Arnab A, Hutchison A (2006). Security of mobile banking. University of Cape Town, South Africa, Tech. Rep., Nov. 1:
17. Croft NJ, Olivier MS (2005). Using an approximated one-time pad to secure short messaging service (SMS). pp. 71-76.
18. Dankers J, Garefalakis T, Schaffelhofer R, Wright T (2002). Public key infrastructure in mobile systems. Elect. Communi. Eng. J., 14:180-190.
19. De Paula R, Ding X, Dourish P, Nies K, Pillet B, Redmiles D, Ren J, Rode J (2005). Two experiences designing for effective security. p. 34.
20. Diffie W, Hellman M (1976). New directions in cryptography. IEEE Transactions on information Theory. 22: 644-654.
21. Ekdahl P, Johansson T (2001). Another attack on A5/1 [GSM stream cipher], 49(1): 284-289.
22. Forsberg D (2007). Use Cases of Implicit Authentication and Key Establishment with Sender and Receiver ID Binding. pp. 1-8.
23. Garza-Saldana JJ, Daz-Pérez A (2008). A State of Security for SMS on Mobile Devices, Electronics, Robotics and Automotive Mechanics Conference, CERMA '08. 4(5):110-115.
24. Glitho RH (1997). Use of SS7 in D-AMPS-based PCS: orthodoxy vs. heterodoxy. Personal Commun. IEEE., 4: 15-23.
25. Gonzalez-Castano FJ, Vales-Alonso J, Pousada-Carballo JM, de Vicente FI, Fernandez-Iglesias MJ (2002). Real-time interception systems for the GSM protocol. IEEE Trans. Vehicular Technol., 51: 904-914.
26. Grillo A, Lentini A, Me G, Italiano GF (2008). Transaction oriented text messaging with Trusted-SMS. pp. 485-494.
27. Guthery S, Kehr R, Posegga J. (2000). How to Turn a GSM SIM into a Web Server. p. 209.
28. Gutmann P (2004). Simplifying public key management. Comput., 37: 101-103.
29. Hankerson DR, Vanstone SA, Menezes AJ (2004). Guide to elliptic curve cryptography, pp. 1-305.
30. Harb H, Farahat H, Ezz M (2008). Secure SMS Mobile Payment Model. Anti-counterfeiting. pp. 1-17.
31. Hassinen M (2005). SafeSMS-End-to-End encryption for SMS messages. pp. 359-365.
32. Hassinen M (2006). Java based public key infrastructure for sms messaging. Information and Communication Technologies, 2006. ICTTA'06. 2nd. 1:
33. Hassinen M, Hyppönen K, Haataja K (2006). An open, PKI-based mobile payment system. Emerging Trends in Information and Communication Security, pp. 86-100.
34. Hassinen M, Markovski S (2003). Secure SMS messaging using Quasigroup encryption and Java SMS API. pp. 187-199.
35. Hossain M, Jahan A, Hussain S, Amin MM, Newaz MR, Shah SH (2008). A proposal for enhancing the security system of short message service in GSM. pp. 235-240.
36. Hwu JS, Chen RJ, Lin YB (2006). An efficient identity-based cryptosystem for end-to-end mobile security. IEEE Trans Wireless Commun., 5: 2586.
37. Inc VS (2002). Trust Assertion XML Infrastructure. P 45.
38. Islam S, Ajmal F (2009). Developing and implementing encryption algorithm for addressing GSM security issues.Emerging Technologies, 2009. ICET 2009. International Conference. pp. 358-361.
39. Jøsang A, Zomai MA, Suriadi S (2007). Usability and privacy in identity management architectures. p. 152.
40. Jumaat NB, Zakaria O, Gani A (2008). GSM Mobile SMS/MMS using Public Key Infrastructure: M-PKI. WSEAS Trans. Comput., 7: 1219-1229.
41. Kangasharju J, Lindholm T, Tarkoma S (2005). Requirements and design for XML messaging in the mobile environment. pp. 29-36.
42. Kawamoto K, Nakamura N (2002). Study of Management on the Mobile Public Key Infrastructure. NOMS2002, Apr, pp. 955-957.
43. Koien GM, Haslestad T (2003). Security aspects of 3G-WLAN interworking. Commun. Mag. IEEE, 41: 82-88.
44. Kolsi O (2004). MIDP 2.0 security enhancements. p. 8.
45. Kuaté PH, Lo JLC, Bishop J (2009). Secure asynchronous communication for mobile devices. pp. 5-8.
46. Lam KY, Chung SL, Gu M, Sun JG (2003). Lightweight security for mobile commerce transactions. Comput. Commun., 26: 2052-2060.
47. Le Bodic G (2005). Mobile messaging technologies and services: SMS, EMS, and MMS. DOI: 10.1002/0470014520.ch3, 1-425.
48. Lee Y, Lee J, Song JS (2007). Design and implementation of wireless PKI technology suitable for mobile phone in mobile-commerce. Comput. Commun., 30: 893-903.
49. Leung CH, Chan YY, Chan CSC (2003). Analysis of mobile commerce market in Hong Kong. pp. 408-412.
50. Lin H, Y Harn L, (1995). Authentication protocols for personal communication systems. pp. 261.
51. Lison KD, Drahanský M (2008). SMS Encryption for Mobile Communication. SECTECH '08 Proceedings of the International Conference on Security Technology, pp. 198-201.
52. Lo JLC, Bishop J, Eloff JHP (2008). SMSSec: an end-to-end protocol for secure SMS. Comput. Security, 27: 154-167.
53. Lockefeer L, Hubbers E, Verdult R (2010) Encrypted SMS, an analysis of the theoretical necessities and implementation possibilities, pp. 1-40.
54. Lu CC, Tseng SY (2002). Integrated design of AES (Advanced Encryption Standard) encrypter and decrypter. pp. 277-285.
55. Malhotra K, Gardner S, Patz R (2007). Implementation of Elliptic-Curve Cryptography on Mobile Healthcare Devices. pp. 239-244.
56. Margrave D (2000). GSM Security and Encryption. George Mason University, pp. 1-6.
57. Messaging, W. (2002). API (WMA). Meyer U, Wetzel S (2004a). A man-in-the-middle attack on UMTS. p. 97.
58. Meyer U, Wetzel S (2004b). On the impact of GSM encryption and manin-the-middle attacks on the security of interoperating GSM/UMTS networks. Personal, Indoor and Mobile Radio Communications, 2004. PIMRC 2004. 15th IEEE Int. Symposium on. 4: 2876-2883.
59. Moore T, Kosloff T, Keller J, Manes G, Shenoi S (2002). Signaling system 7 (SS7) network security, 2(3): 496-499.
60. Nah FFH, Siau K, Sheng H (2005). The value of mobile applications: a utility company study. Commun. ACM, 48:90.
61. Nguyen TT, Ivar J (2008). Security and Performance of Mobile XML Web Services. pp. 261-265.
62. Nicholson A, Smith I, Hughes J, Noble B (2006). Lokey: Leveraging the sms network in decentralized, end-to-end trust establishment. Pervasive Computing. pp. 202-219.
63. Pesonen L (1999). Gsm interception. lecture notes, Helsinki University of technology, Lauri. Pesonen@ iki. Fi, pp. 1-9.
64. Pitoura E,Samaras G (1998). Data management for mobile computing, pp. 1-11.
65. Quirke J (2004). Security in the GSM system. AusMobile, May, pp. 1-26.
66. Ratshinanga H, Lo J, Bishop J (2004). A Security Mechanism for Secure SMS Communication. pp. 1-6.
67. Schneier B. (2005). Two-factor authentication: too little, too late. Communications of the ACM. 48: 136.
68. Schwiderski-Grosche S, Knospe H (2002). Secure mobile commerce. Electron. Commun. Eng. J., 14: 228-238.
69. Seema N, Lu CT, Liang LR (2004). Analysis of payment transaction security in mobile commerce.Information Reuse and Integration, 2004. IRI 2004. Proceedings of the 2004 IEEE Int. Conf. pp. 475-480.
70. Sengar H, Wijesekera D, Jajodia S (2005). Authentication and integrity in telecommunication signaling network, pp. 163-170.
71. Siddique SM, Amir M (2006). Gsm security issues and challenges. pp. 413-418.
72. Soram R (2009). Mobile SMS Banking Security Using Elliptic Curve Cryptosystem. IJCSNS. 9: 30.
73. Steiner JG, Neuman C, Schiller JI (1988). Kerberos: An authentication service for open network systems. pp. 191-201.
74. Tiejun P, Leina Z, Chengbin F, Wenji H, Leilei F (2008). M-commerce Security Solution Based on the 3rd Generation Mobile Communication, pp. 364-367.
75. Tillich S, Grossschaedl J (2004). A survey of public-key cryptography on J2ME-enabled mobile devices. Computer and Information Sciences-ISCIS 2004935-944, pp. 935-944.
76. Toorani M, Beheshti SAA (2008). Solutions to the GSM Security Weaknesses.Next Generation Mobile Applications, Services and Technologies, 2008. NGMAST '08. The Second International Conference on. pp. 576-581.
77. Toorani M, Shirazi B, Asghar A (2008). LPKI-a Lightweight Public Key Infrastructure for the mobile environments. pp. 162-166.
78. Weerasinghe D, Elmufti K, Rajarajan M, Rakocevic V (2006). Xml security based access control for healthcare information in mobile environment. pp. 1-6.
79. Wilson DR (1992). Signaling System No.7, IS-41 and cellular telephony networking. Proceed. IEEE, 80: 644-652.
80. Wilson S (2005). The importance of PKI today. China Communications. p. 15.
81. Wu S, Tan C (2009). High Security Communication Protocol for SMS. pp. 53-56.
82. Xiaoyu S, Zhenjun D, Rong C (2009). Research on NTRU Algorithm for Mobile Java Security.Scalable Computing and Communications; Eighth International Conference on Embedded Computing, 2009. SCALCOM-EMBEDDEDCOM'09. Int. Conf. pp. 366-369.
83. Zhang F, Yang HW, Song C (2005). A security scheme of SMS system. pp. 1333.
84. Zhao S, Aggarwal A, Liu S (2008). Building Secure User-to-user Messaging in Mobile Telecommunication Networks. pp. 24-26.
85. Zheng Y (1996). An authentication and security protocol for mobile computing. pp. 249-257.