International Journal of Engineering Trends and Technology (IJETT) – Volume 9 Number 7 - Mar 2014
A Threshold Public Key Cryptosystem to Secure SMS in
the Mobile Devices
K.Suresh1, K.Venkataramana2, Prof.M.Padmavathamma3
1
2
Student, Department of CSE, MTECH, KMM Institute of Technology and Science
Tirupati, Andhra Pradesh, India
Associative professor, Department of CSE, KMM Institute of Technology and Science
Tirupati, Andhra Pradesh, India
3
Professor, Department of Computer Science, S.V.University, Tirupati
Tirupati, Andhra Pradesh, India
Abstract
I. Introduction
In this paper we propose threshold public key
cryptosystem for securing SMS between mobiles using
a new method of Encryption and Decryption process
of asymmetric cryptography. The mobile plays an
important role in the online transactions; today 89%
of mobiles communicating with the corporate data and
carry the sensitive data like passwords, Bank pin
numbers are also stored in the mobile devices, must be
secured. The encryption plays an important role in the
information security. The most important aspect
needed to be considered while using cryptography to
SMS security is the data storage and processing
capabilities of the mobile phone. So in this paper we
propose new technique HP-RSA (High Performance
Mobile security or mobile phone security has turned
into ever more important in mobile computing. It is of
meticulous concern as it relates to the security of
personal and business information now stored on
smart phones. Not only normal and also business
personnel use smart phones as communication tools,
as a means of planning and organizing their work and
their
private
life.
Within
companies,
these
technologies are causing profound changes in the
organization of information systems and therefore they
have become the source of new risks. According to
ABI Research the Mobile Security Services market
will total around $1.88 billion by the end of 2013 [6].
RSA) mainly helps in reducing the decryption process
All smartphones are preferred targets of attacks as
time, avoids the attacks at mobile devices (insecure
computers. These attacks exploit weaknesses related to
data storage) and also reduces network traffic when
smartphones at the time of communication like SMS,
we send SMS
Considering all
MMS, wifi networks, and GSM. Short Message
aspects in this paper proposed HPRSA provides
Service (SMS) is a text message service that enables
higher authentication and security to the messages
users to send short messages (it includes Bank pins,
shared, which can be efficiently used in small devices
passwords, etc) to other users on the Global System
like mobile phones.
for Mobile communication (GSM) network.
Keywords:
between devices.
Hashing,
Lookup
encryption, decryption, SMS.
table,
indexes,
All
SMSs passes through the Short Message Center
(SMSC) similar to SMTP mail service. The SMS
Centers (SMSC) is also follow the SMTP mail server
ISSN: 2231-5381
http://www.ijettjournal.org
Page 334
International Journal of Engineering Trends and Technology (IJETT) – Volume 9 Number 7 - Mar 2014
mechanism is to store the SMS messages before they
the encryption keys. Although asymmetric encryption
are forwarded to the mobile user's service provider or
offers the additional advantage of simple Key
another SMSC. Although the network connections
distribution
between the SMSC and nodes in a GSM network are
encryption is not used because it is computationally
usually protected by Virtual Private Network (VPN)
demanding. However, today the mobile devices have
tunnels, the SMS messages are stored in an
qualified dramatic improvements in computing speeds
unencrypted format at the SMSC. So the employees of
and memory capacity, matching those of desktop
SMSC are possible to read or hack them, or others
computers. Advances have also been made in battery
who can hack into the system, can view all the SMS
technology and the energy efficiency of components,
messages passing through the SMSC [7]. If an intruder
thereby extending the operating life of mobile devices.
manages to compromise the SMS center, the intruder
So, today the mobile devices are having the efficiency
can also read the SMS traffic. One of the more high
for asymmetric key cryptography for sending secure
profile victims of such an attack in recent years was
SMS
England football captain David Beckham, whose SMS
cryptography HP-RSA (High performance RSA)
exchange with his personal assistant Rebecca Loos
reduces the number of computations than the general
was intercepted and published in a tabloid [2]. Two
asymmetric key cryptography RSA.
employees from European phone operator mmO2 were
II. Related work
and
and
strong
MMS.
The
encryption,
new
asymmetric
asymmetric
key
dismissed for helping their friend obtain copies of his
There have been several proposals up to now to secure
girlfriend’s SMS messages [3].
SMS based communications on a GSM network. A
For some SMS services like online bank transactions
and mobile shopping etc, should requires security in
terms of confidentiality, integrity, authentication and
non-repudiation services which are standard for
network security. Encryption provides a means of
protecting sensitive communications over a public
network but it imposes overhead in terms of additional
computing. Mobile devices are generally faced with
constraints on computational power and battery time.
These constraints enforce restrictions on the amount of
encryption operations that can be performed without
seriously disturbing the usability of the device.
Therefore, symmetric encryption is commonly used in
mobile devices because of its efficiency relative to
asymmetric encryption, such as PKI. That is why most
current commercial SMS encryption solutions use
password-based symmetric encryption. Passwords are
used as a key distribution mechanism to synchronize
ISSN: 2231-5381
first category of contributions to secure SMS
communication — which is becoming feasible because
of the increasing flow of ME with advanced
computational capabilities — introduces security
features through the implementation of security
schemes at the application level. The resulting
software frameworks can be categorized according to
the place where the application implementing the
security scheme, and their cryptographic keys, are
stored. The first possibility is to locate the application
and its keys in a programmable SIM card used by the
ME. This solution is adopted by systems like the one
developed by Rongyu et al. in [8] or by the IPCS
Group with the IPCryptSIM [9].
A second contribution to secure SMS using Elliptic
curve cryptography The Encryption and Decryption
methods in ECC are designed to encode and decode a
point on the curve and not the entire message. During
http://www.ijettjournal.org
Page 335
International Journal of Engineering Trends and Technology (IJETT) – Volume 9 Number 7 - Mar 2014
encryption, each character in the message has to be
peer-to-peer fashion, without further interaction with
converted into bytes then the bytes into points of the
the SSMC server. Due to the use of a standard
form (x, y) and then the points have to be encoded by
interface definition, all the cryptosystem engines have
mapping each of them with each point on the elliptic
the same interface resulting in the ability to load them
curve and then the entire encoded points have to be
in the framework seamlessly [12].
converted back to bytes and then to strings as SMS
III. Our proposal
can carry only string values. Once the message reaches
The new algorithm is called High performance RSA
the receiver, during the process of decryption, the
(HP-RSA). It can maintain the encrypted text of all
string has to be converted to bytes; these bytes should
possible characters at both sides of the sender and
be decoded to points again using the mapping
receiver side, for that they will communicate with each
technique and then the points to bytes and finally to
other before installing the application. So both are
characters that form the message and only then the
having the same encrypted values and also know SIM
decrypted plain text can be viewed by the receiver [5].
card numbers (SIM serial number) with each other. It
An alternative approach, adopted in systems like the
can reduce the encryption time, decryption time, and
one presented in [10], is to use a SIM card only to
storage space in the system or mobile and also reduces
store the cryptographic keys used in a scheme, while
the network traffic. It is mainly monitors the repeated
using the computational capabilities of the ME to run
characters or symbols, if any character is repeated that
the scheme. In addition, it is also possible to use a SIM
character not send to encryption process, just place the
card to perform certain cryptographic operations,
index of that encryption text of hash table. It is more
while executing the remaining part of the application
useful in sending a file or a document in the encrypted
through the ME, like in the mobile payment scheme
format (because of mostly the number of characters
presented by Hassinen et al. in [11].
are repeated), because it apply the encryption process
Another alternative approach is The SEESMS
only for unique characters, so it automatically reduce
framework adopts hybrid architecture. If a user is
the encryption time and decryption time and also
interested in sending/receiving a secure message
network traffic when we send the encrypted file
through SEESMS and has never used it before, then he
through the network.
has to contact a trusted third-party server, called
The new (TPKCSSM) system not reduce the
Secure SMS Management Center (SSMC), to request
encryption time and decryption time on a single
a customized copy of the SEESMS client application.
character comparing to RSA, so it is mainly suitable
Similarly, if the user has already installed the
for to send multiple lines of text in the encrypted
SEESMS client, but does not own the public-key of
format(SMS). It avoids the attacks at mobile side also
the recipient of the message (or the public-key of the
(Messages are stored as encrypted format). This
user who sent him a secure SMS message), he has to
algorithm also helps to store any file or any document
contact the SSMC server to ask for a copy of his key
in encrypted format at mobiles. Consider an example
(this behavior is similar to the PGP key-servers).
if we send the text like “Department of computer
Instead, if the user already owns the public-key of his
science svu university tirupati” in the encrypted format
recipient, he will establish a direct communication in a
using RSA with 1024 bit modulo. The length of the
ISSN: 2231-5381
http://www.ijettjournal.org
Page 336
International Journal of Engineering Trends and Technology (IJETT) – Volume 9 Number 7 - Mar 2014
plain text is 54, and each encrypted character size is
asci[], then m is encrypted and applying hashing on it,
308(approximately), so the total encrypted text size is
then searching the hash table, then m is substituted
308x54=16632. It is not possible to send that much
with index.
amount of text as SMS. If you apply the modified
4. Encrypt the message M with the public key (e, n)
RSA (HP-RSA), it will encrypt the only 17 characters
like encrypt[i] = ce mod (n).
(unique), so the remaining 37 characters are repeated.
5. SIM serial number will be added to first ten
That means it saves the encryption and decryption
characters of cipher text (cipher text + SIM card
time for 37 characters and also finally we send only
number).
54 characters of text instead of 308x54=16632
6. The user Sends the message as cipher text is
(indexes of hash table) is an unreadable format as
encrypt[].
“aPDhCiePci,L`,ZLeD?iPC,@ZVPcZP,@>?,?cV>PC
C. Decryption Process
@Vi;,iVC?DhiV” is equivalent to the original
The Receiver does the Following:
message.
1. The algorithm at receiver side gets the SIM serial
number of mobile number from the device and
IV. HP-RSA Algorithm
The HP-RSA (High Performance-RSA) algorithm
separates the SIM serial number from cipher text and
works in three phases, Initialization phase, encryption
comparing it. If it is true then the following steps will
and decryption phase is as follows.
be done otherwise the message will not possible to
A. Initialization phase
decrypt.
1. Install the Secure SMS application at both ends. The
2. Uses the private key (d, n) to decrypt the message
sender and receiver communicate and store the hash
like
table with same encrypted data of each character used
3. Decrypt the all characters in the encrypt[] array as
in data exchange process.
3.1. index[i]=encrypt[i]
2. The Sender and receiver only know the public and
3.2. It checks each character before going to
decrypt
private keys.
in the index table if it is not there, then
3. They are also shares the SIM card Numbers to each
3.3. temp=index[i]
other using website server.
3.4. Ptxt[j]=harray[temp]d mod n
4. The website server maintains the all keys regarding
4. Else index[i] substituted by the Ptxt[j].
the group (Sender and receivers).
V. Architecture of proposed model
B. Encryption Process
The Sender does the Following:
The architecture of proposed model can be divided
1. Obtain the recipient public key (e, n)
2. Each character (c) of Message (M) will be
represented as positive integer c < n.
into two modules
1. Installation Process module
3. Before going to encrypt, search the asci value of
character (m) is already encrypted or not? If m is
found in the asci[] array then
m is substituted by
2. Encryption process module
3. Decryption process module
index of hash table. If m is not found in the array
ISSN: 2231-5381
http://www.ijettjournal.org
Page 337
International Journal of Engineering Trends and Technology (IJETT) – Volume 9 Number 7 - Mar 2014
Installation Process module allows the users to
looking into the hash table and place the appropriate
install the software, if they are interested sending and
index of character. The asci[],encrypt[] arrays are
receiving the messages through this Crypto system and
maintains the asci values and indexes of the hash table
has never used before they should register in the
respectively.
website and then download and install the software.
Based on the user registration details the keys will be
generated and stored in the server and also generates
the hash table using those keys. If the receiver
The function of the Encryption process system is
encrypting the given character with given modulo
(1024 bits minimum). It is same as Basic RSA.
installing the software, he/she should sends the details
The function of the Hashing process is generates the
of sender to the server (website) then it provides the
hash value for each unique encrypted character. We
installable software with same hash table of sender.
know hashing creates a collision problem that will be
Otherwise the server provides the software with new
overcome using linear probing method. The hash table
hash table.
will be prepared before installation process, in secure
Architecture of Process of Encryption of Modified
sms communication done only encryption and
decryption.
RSA
Decryption Process Architecture
Input
TEXT
ABC..
Monitoring
System
Unique Characters
only
Encryption
Process
System
Encrypted
TEXT
Send cipher text
Adding
Recipient
IME
number to
cipher text
Place each character
index
Apply hashing
on cipher text
And place
index of hash
table
Plain
Text
Separate the IME
number And
compare with
SIM-SNO of that
mobile number
Decryptio
n process
system
Read indexes of
received text
and substitute
encrypted text
Monitoring
System
Fig-1
Fig-2
The diagram in fig-1 represents the encryption
The above diagram represents the Decryption process.
Its having the following modules is
process. Its having the following components is
1. Authentication process
A. Monitoring System.
2. Hash table process
B. Encryption process
3. Monitoring System.
C. Hashing process.
Where the function of monitoring system is every
4. Decryption process
character is checked before send to encryption process,
The function of Authentication process is to verify
if it is unique character then allowed, otherwise
the recipient mobile is valid or not. If it is valid it
ISSN: 2231-5381
http://www.ijettjournal.org
Page 338
International Journal of Engineering Trends and Technology (IJETT) – Volume 9 Number 7 - Mar 2014
allows further process otherwise, the message not
VI. Results and Analysis
possible to decrypt. When the message reach to
recipient The Application will active and get the SIM
serial number using “getSimSerialNumber()” method
For purpose of verification of HP-RSA the Android
environment is used for developing secure SMS crypto
system for mobiles, in which hash table generation
and verify it.
module is used to store encrypted values , encryption
The function of Hash table process is to read the each
module performs encryption process and decryption
character of cipher text and matching with the Hash
modules for decrypting the SMS message. The Fig-3
table values. If the matching is done then it will be
represents the Hash table format at both sides of the
send to Monitoring system. The below diagram
sender and receiver. Fig-4 represents the user message
represents the Hash table, it maintains encrypted text
composer; it allows the user to send the message in
of the all possible characters of the keyboard. Those
encrypted format. After Users input, the SMS message
indexes are not actual asci values of characters, so it
as normal text and click the Encrypt button, it will
avoids the mobile side attacks. To store the important
encrypted using HP-RSA algorithm. The monitoring
messages always in encrypted format, when we need
system plays an important role, which allows only
to view the messages then decrypt it.
unique characters to encryption process.
Fig-3 represents the normal message as well as
encrypted message; the encrypted message contains
the SIM serial number also (not mobile number).
When we click send button the message sending to
receiver. Fig-6 represents the receiver side application,
the message will be reached to receiver
mobile, then automatically our application will be
invoked and display the message as an encrypted
format, then the Authentication process will be done
as, it gets the SIM serial number of recipient and
Fig-3
compare the SIM serial number of carrying message,
The function of Monitoring system is to monitor the
each character before to send the decryption process.
if both are same the message will be decrypted
otherwise the message is not possible to decrypt.
Each unique character of receiving text will be stored
into the index array. So it avoids the decryption for
Fig-7 represents the successful decrypted message,
repeated characters. It will be more helpful to reduce
when the authentication process is valid then the
consumption of decryption time.
message will be decrypted.
The function of
Decryption process is to decrypt the each character of
received text using hash table and monitoring system.
(Modified RSA)
ISSN: 2231-5381
http://www.ijettjournal.org
Page 339
International Journal of Engineering Trends and Technology (IJETT) – Volume 9 Number 7 - Mar 2014
Fig-6
Fig-4
Fig-5
Fig-7
A. Analysis
Different
messages
has
been
tested
in
Android
environment based devices and the analysis for Basic-RSA
and HP-RSA with 1024 bit-modulo in terms of encryption
time and decryption time is as follows.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 340
International Journal of Engineering Trends and Technology (IJETT) – Volume 9 Number 7 - Mar 2014
S.
Encryption Process Time
Decryption
Considering
N
In milli seconds
Process Time
Characters
O
1
2
3
4
5
In milli seconds
Msg-
RS
HP-
Length
A
RSA
30
16
58
RSA
HP-RSA
RSA
HPRSA
15
906
516
30
15
48
16
1610
609
58
19
85
62
16
2344
672
85
20
106
78
22
2875
688
106
22
147
94
31
3984
782
147
25
Fig-9
Table-1
The above table represents the three sections Encryption
process time and Decryption time and how many
characters to be used complete the encryption and
The above diagram represents the Decryption process
time; the Basic-RSA takes the more amount of time than
the HP-RSA.
decryption process of message. Due to the monitoring
VII. Conclusions
system module the HP-RSA encrypt and decrypts the
This paper presents Secure SMS crypto System framework
unique characters only.
for mobile devices, a software framework that allows two
peers to exchange encrypted SMS messages. This frame
work differs from the other frameworks presented so far in
literature, because it allows users to choose the hash table
based on public and private keys. It avoids the tampering
the message and insecure data storage. It reduces the
network traffic and the computations also reduced
comparing to traditional public cryptographic algorithms
because the encrypted data will be stored at both sides of
sender and receiver but those indexes are not actual
characters and we use the RSA with some extension and
Fig-8
also uses the SIM card number for authentication (not
The above diagram represents the Encryption process time
the RSA takes the more amount of time comparing to HPRSA because it encrypts the all characters of message, but
the HP-RSA encrypts the unique characters only. The HPRSA takes the some (negligible) amount of time for
mobile number). Comparing to other related work it
provides the more security at mobile side attacks and
network side attacks. It is also provides the signing feature
because of the encrypted message also carry the SIM card
number of the receiver as well as sender (mobile number).
searching the repeated characters.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 341
International Journal of Engineering Trends and Technology (IJETT) – Volume 9 Number 7 - Mar 2014
References
[1] Rafat, Ali, The SMS Privacy Problem, Textually.org
7695-3967-6/10
$26.00
©
2010
IEEE
10.1109/CISIS.2010.81
website,
http://www.textually.org/textually/archives/2004/04/00348
9.htm, last accessed 19 October 2006
[2] Breed, Allen G., Ubiquitous message technology can
be powerful tool for good or ill, TMCNet Website,
http://www.tmcnet.com/usubmit/2006/10/17/1985881.htm,
last accessed 19 October 2006.
[3] Jones, Nick, Don't Use SMS for Confidential
Communication, Gartner Website, 26 November 2002,
http://www.gartner.com/DisplayDocument?doc_cd=11172
0, last accessed 19 October 2006.
[4] GSM World, GSM Services,
http://www.gsmworld.com/services/index.shtml,last
accessed 17 October 2006.
[5] Sri Rangarajan, N. Sai Ram, N. Vamshi Krishna
“Securing SMS using Cryptography”
[6] Mobile security - Wikipedia, the free encyclopedia ,
www.wikipedia.org
[7] Yu Loon Ng
Short message service (sms) Security
solution for mobile devices PDF file
[8] H. Rongyu, Z. Guolei, C. Chaowen, X. Hui, Q. Xi, and
Q. Zheng, “A PK-SIM card based end-to-end security
framework for SMS,” Computer Standards & Interfaces,
vol. 31, no. 4, pp. 629–641, 2009.
[9]
IPCS
Group
“IPCryptSim
SMS
Encryption”,
http://www.ipcslive.com/
pdf/IPCSSMS.pdf, online visited July 2009
[10] M. Toorani and A. Beheshti Shirazi, “SSMS - A
secure SMS messaging protocol for the m-payment
systems,” in Computers and Communications, 2008. ISCC
2008. IEEE Symposium on, July 2008, pp. 700–705.
[11] M. Hassinen, K. Hypp ¨ onen, and K. Haataja, “An
Open, PKI-Based Mobile Payment System,” in ETRICS,
2006, pp. 86–100
[12] Alfredo De Santis, Aniello Castiglione “An
Extensible Framework for Efficient Secure SMS” 978-0-
ISSN: 2231-5381
http://www.ijettjournal.org
Page 342
DOI