Add to collection(s) Add to saved
  1. No category
Uploaded by savatiacedric

SMS PROTOCOLS

advertisement 
SMS GATEWAY PROTOCOLS AND SERVICES.
SMS is a point-to-point store and forward technology with 2 basic services:
 Short Message Mobile Terminated (SM-MT) – A mobile message routed from a client or an
application and delivered to the end user's mobile phone.
 Short Message Mobile Originated (SM-MO) - the ability of a network to transmit a Short
Message sent by a mobile phone. The message can be sent to a phone or to a software
application.
SMS allows message delivery to handsets either active/in-use or powered off:
 SMS-Submit - used to submit a short message from a mobile phone (Mobile Station, MS) to
a short message service centre (SMSC, SC). SMS-SUBMIT-REPORT is an
acknowledgement to the SMS-SUBMIT; a success means that the message was stored
(buffered) in the SMSC, a failure means that the message was rejected by the SMSC.
 SMS-Deliver - is a measure of the percentage of outgoing SMS and MMS messages which
are received at their intended destination. While sometimes referring to the status of a single
message, SMS delivery usually is a rate of delivered versus intended messages and
summarized as an 'SMS Delivery Rate. '
SMS PROTOCOLS
SMPP - SMPP (Short Message Peer-to-Peer Protocol) sends SMS (Short Message Service) text
messages. SMPP is often referred to as “true SMS” or just “SMS texts.” The SMPP protocol was
developed by the telecommunications
industry specifically for sending text messages to cell phones: one-to-one or
one-to-many. True SMS text messages are routed through cell phone carriers
who charge fees for text messaging.
The most commonly used versions of SMPP are v3.3, the most widely supported standard, and
v3.4, which adds transceiver support (single connections that can send and receive messages). Data
exchange may be synchronous, where each peer must wait for a response for each PDU being sent,
and asynchronous, where multiple requests can be issued in one go and acknowledged in a skew
order by the other peer.
SMTP - SMTP (Simple Mail Transfer Protocol) is the protocol used for sending email. SMTP
messages are delivered to cell phones in text format with headlines containing numbers and
symbols. However, they are actually email messages that are sent to email addresses assigned to
each cell phone by the carrier. SMTP messages are routed through the Internet and as with email,
there is no charge for delivery. SMTP protocol is sometimes called “email to SMS,” “web to phone”
or “standard delivery.” Suppliers sometimes market SMTP messaging as “free text messaging.”
HTTP - The HTTP-API allows you to integrate your application (client) to SMSGlobal (vendor)
using the HTTP protocol to send SMS. HTTPS is also supported for secure transactions using SSL
encryption.
The Client issues either a HTTP GET or POST request to the SMSGlobal HTTP interface supplying
a list of required parameters. SMSGlobal issues back a HTTP response which indicates the validity
of the transaction.
The HTTP-API is used for one-way messaging only. Therefore, you need to provide a valid
MSISDN as the Sender ID of the message to enable the recipient to respond.
SECURITY
THE BASICS OF SMS SECURITY
The technical specifications for SMS are laid down in ETSI TS 03.48 5 . Certain options in
the technical specification, such as the Security Parameter Index (SPI), the Ciphering Key
Identifier (KIc), and the Integrity Value (RC/CC/DS), provide specifications for available
security parameters. A Redundancy Check (RC), Cryptographic Checksum (CC) or
Digital Signature (DS) might also be used for integrity verification of the data.
However, these confidentiality and integrity mechanisms are only specified as optional
security measures that can be made available, but they are not mandatory requirements for
SMS system implementation 6 . The availability of SMS services may also be interrupted
by the SMSC. Without proper implementation of these SMS security options, everyday
SMS messages transmitted on a network are only protected by the communication
network itself such as a GSM network.
In practical use, SMS messages are not encrypted by default during transmission. A cyclic
redundancy check is provided for SMS information passing across the signalling channel
to ensure short messages do not get corrupted. Forward error protection is also
incorporated using conventional encoding. Cryptographic protection on confidentiality
and integrity is not available for SMS messages.
Short Message Service Security - Each short message has a validity period whereby
temporary storage is provided by the SMSC if the SMS message cannot be delivered to the intended
recipient(s) successfully. The SMSC will delete stored SMS messages if they cannot deliver a
message within the validity period. After a message is deleted, the intended recipient(s) will not be
able to receive the original message. Usually this can happen if the recipient is not in the SMS
coverage area, such as during a business trip out of the country.
SMS SECURITY THREATS
Understanding the basics of SMS security opens the door to preventing some common
security threats in SMS usage and implementation:

Message Disclosure - Since encryption is not applied to short message transmission by
default, messages could be intercepted and snooped during transmission. In addition, SMS
messages are stored as plain text by the SMSC before they are successfully delivered to the
intended recipient. These messages could be viewed or amended by users in the SMSC who
have access to the messaging system. Spying programs such as FlexiSpy 7 enable intruders
to automatically record all incoming and outgoing SMS messages and then upload the logs
to a remote server for later viewing and analysis.

Spamming - While e-Marketers are using SMS as a legitimate marketing channel, many
people have had the inconvenience of receiving SMS spam. The availability of bulk SMS
broadcasting utilities makes it easy for virtually everyone to send out mass SMS messages.

Flooding / Denial of Service (DoS) Attacks - Flooding or DoS attacks are made possible by
sending repeated messages to a target mobile phone, making the victim’s mobile phone
inaccessible. Studies also show that weaknesses in the SMS protocol could be exploited to
launch a DoS attack on a cellular phone network. For example, it was found that sending
165 text messages a second was enough to disrupt all the cell phones in Manhattan 8 .

SMS Phone Crashes - Some vulnerable mobile phones may crash if they receive a
particular type of malformed short message. Once a malformed message is received, the
infected phone becomes inoperable. Media reports have shown that mobile phones are
vulnerable to this type of attack.

SMS Viruses - There have been no reports of viruses being attached to short messages, but
as mobile phones are getting more powerful and programmable, the potential of viruses
being spread through SMS is becoming greater. In addition, the ability of SIM application
toolkits that allows applications to access the dialling functions and phone book entries,
might make SMS suitable platform for spreading self-replicating virus.

SMiShing (SMS Phishing) - SMiShing is a combination of SMS and phishing. Similar to
an Internet phishing attack using email, attackers are attempting to fool mobile phone users
with bogus text messages . When users are taken in by a bogus text message, they may
connect to a website provided in the SMS message, and be tricked into download a malware
application into their mobile phones.
SMS SECURITY CONSIDERATIONS
To avoid security threats to SMS, users are advised to follow the following common
precautions:

Message Transmission - When sending SMS messages via a web browser, security
protection should be in place to prevent message disclosure, such as using Secure Socket
Layer (SSL) to secure the transmission.
For those applications that require secure transmission of a message, such as mobile
banking, end-to-end encryption is advisable between the sender and the recipient. These
transactional systems should have the end-to-end security built-in.
For person-to-person communications, products such as CryptoSMS 12 are available to
help users encrypt SMS communications using strong encryption algorithms. This can
help protect against possible SMS interception threats.

Storage Protection - In the case of large-scale SMS broadcasts, customer mobile phone
contact lists should be kept confidential and properly protected from disclosure. As contact
lists are considered personal data, proper protection should be implemented in accordance
with privacy laws and regulations.

User authentication - User login IDs and passwords should be used to authenticate users on
web-based SMS services when sending short messages. User login IDs and passwords
should not be disclosed to others. For secure transactions, user authentication should be
protected by SSL.

Protection of PCs for sending messages - When sending short messages to an SMS
gateway via the Internet, it is not advisable to use a public Internet terminal. If desktop
utilities are used to send out SMS messages, the PC used to send the message should not be
left unattended.
SMS is now a very common communication tool. Security protection of SMS messages is
not yet that sophisticated and difficult to implement in practice. With the increasing use
of SMS for communication and information exchange, care should be taken when
sensitive information is transmitted using SMS. Users should be aware that SMS
messages might be subject to interception. Solutions such as encrypted SMS should be
considered if there is a need to send sensitive information via SMS.
Related documents
Yellow Blue Modern Company Profile Presentation
Yellow Blue Modern Company Profile Presentation
1 Introduction To Information Technology.ppt
1 Introduction To Information Technology.ppt
SMS - FltPlan.com
SMS - FltPlan.com
here - Edenfield Road Surgery
here - Edenfield Road Surgery
Contact 999 by text - EmergencySMS!
Contact 999 by text - EmergencySMS!
EMERGING TRENDS IN CONSUMER BEHAVIOUR KEVIN WOOD
EMERGING TRENDS IN CONSUMER BEHAVIOUR KEVIN WOOD
Download
advertisement