> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
1
Joint Channel Coding and Cryptography for
SMS
Ashok Kumar Nanda, Lalit Kumar Awasthi

Abstract—SMS has a variety of advantages and disadvantages
for M-Commerce purpose. The advantages are easy to use,
common messaging tool among consumers, works across all
wireless operators, affordable for mobile users, no specific
software required for installation, allows banks and financial
institutions to provide real-time information to consumers &
employees, stored messages can be accessed without a network
connection. Most important disadvantage of SMS so it does not
offer a secure environment for confidential data during
transmission and there is no standard procedure to certify the
SMS sender. There is a need for an end to end SMS Encryption
with errorless message transmission in order to provide a secure
with error free data transmission for communication. These two
factors are important for SMS. Till now there is no such scheme
that provides complete solutions. The transmission of an SMS in
GSM network is not secure at all. Therefore it is desirable to fully
secure with errorless SMS for business purposes. Both these two
issues are researched and dealt separately with sufficient
literature available. However these solutions were dealt
separately till now. In this paper, we have analyzed about Joint
Channel Coding and Cryptography (JCCC), Soft Input
Decryption (SID). We theoretically proposed a novel scheme
XTR – NR Signature algorithm in this paper. We are expecting
that it will improve the current security level, fastest speed and
provide reliable message recovery at receiver end with respect to
key generation, encryption decryption, signing and verification
and small key size for SMS application in any kind of mobile
device.
Index Terms— Joint Channel Coding and Cryptography
(JCCC), SMS, Soft Input Decryption (SID), XTR – NR Signature
I. INTRODUCTION
W
ireless networks offers mobility and easy if use to many
applications. Most popular applications are cellular
telephony, Short message Service (SMS), multimedia
messaging service (MMS), web browsing and Internet access,
file transfer, sensing streaming audio & video and video
conferencing. Scope, coverage and deployment infrastructure
of the wireless communication vary depending on the desired
application. Wireless communication is more prone
transmission errors. The tolerable data error rate depends upon
Ashok Kumar Nanda is a full time research scholar in Computer Science
and Engineering Department, National Institute of Technology, Hamirpur,
Himachal Pradesh India – 177005. His office Phone: 091 – 1972 – 254413,
Mobile: 091 – 9418143520, e-mail: ashokkumarnanda@yahoo.com and
nanda@nitham.ac.in.
Prof. Lalit Kumar Awasthi is professor & Head of Computer Centre,
National Institute of Technology, Hamirpur, Himachal Pradesh India –
177005. His office Phone: 091 – 1972 – 254404, e-mail: lalit@nitham.ac.in.
the application. For more transmission error is allowed in
voice communication as compared to file transfer application.
Similarly SMS is also a kind of file transmission. Here data
transmission error should be absolutely negligible. In wireless
environment, the transmission errors are due to its broadcast
nature. Presently many business organizations are using SMS
as an application in business. Cryptography is a time tested
technique to provide security. A new concept has been
proposed as called as Joint Channel Coding and Cryptography
(JCCC) to provide both security & error control. It combines
the cryptographic methods for data security with the
techniques for error correction.
Nataša ŽIVIĆ has stated interesting property of the
cryptographic algorithms in [1] that a good cryptographic
algorithm should be such that a one bit error in the input to the
encryption should result in about 50% of the decrypted bits to
be wrong. Thus, if we make use of such algorithm for
verification of data at the receiver and there was an error of at
least one bit introduced during the transmission, then the
verification of cryptographic check value should fail. This
means, that all bits of the message and the cryptographic
check value have to be correct at the input of encryption for
successful verification of data. SID corrects bits at the input of
decryptor. If the decoder is not able to reconstruct the original
message and cryptographic check value because of a noisy
channel or inefficiency of the channel decoding algorithm, it is
possible to correct the message with the cryptographic check
value using side information of the channel decoder in form of
so called L-values. Channel decoding improvement depends
on using a message with its cryptographic check value which
has been corrected by Soft Input Decryption. It is a
combination of Soft Input Soft Output (SISO) convolution
channel coding and decrypting. Corrected L-values are used as
feedback information to the channel decoder for improving
decoding process of bits in error.
Rest of paper is organized as follows. Section II provides an
overview of Joint Channel Coding and Cryptography. Section
III analyses overview of the Soft Input Decryption (SID)
scheme and its algorithm. Section IV presents briefly about
XTR - Nyberg Rueppel (XTR – NR) message recovery
signature scheme. Section V discusses the anticipated result of
application of novel scheme and followed by conclusion.
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
II. JOINT CHANNEL CODING AND CRYPTOGRAPHY (JCCC) [2]
Soft Input Decryption (with feedback) is used for Joint
Channel Coding and Cryptography. The data block is the input
of the encryptor. This data block is equally divided two parts - message ma and message mb (each of length of m). To each
message, its digital signature is appended i.e. na and nb, each
of length n, using a cryptographic check function (CCF) as
shown in Fig 1.
In general, the lengths of message parts ma and mb and the
lengths of cryptographic check values na and nb do not have
to be the same. The different lengths of ma, mb, na and nb
have only minor influence on the bit error rate (BER).
Therefore equal lengths of message parts as well as
cryptographic check values are used to obtain the simulation
results in this work.
Block ‘a’ consists of the message part ma and the appended
XTR – NR Signature message na:
Block ‘b’ consists of the message part mb and the appended
XTR – NR Signature message nb:
Interleaving of the blocks a and b forms the assembled
message u:
u is encoded by a convolutional code, modulated and
transferred over the noisy channel.
After demodulation of the received message, Joint Channel
Coding and Cryptography is applied in 3 steps (Fig. 2).
The first step consists of the following sub tasks,
a. channel decoding
b. segmentation and de-interleaving of the output u’ of
the decoder into block ‘a and block b’, and
c. parallel SID with feedback of blocks a’ and b’.
The second step is the feedback from block a’ corrected by
SID to block b’, or vice versa, from block b’ corrected by SID
to block a’. L-values of bits of the corrected block (for
example, block a’) are set to ±∞, because bits are known and
correspondingly their L-values are known. L-values of bits of
another – not corrected block (for example, block b’) are set to
0, which represent unknown bits. These L-values are fed back
to channel decoder, enabling improved bit error correction of
block which has to be corrected.
The third step is additional SID of block, which has been
improved corrected by feedback in the second step (for
example, block b’).
Fig. 2 shows the joint channel coding and cryptography
process for a received message using the serial SID with
feedback. BER after each of the process components is
recorded as,
• BERcd1 is the BER after the first decoding
• BER1.SID is the BER after the first step
• BERcd2 is the BER after the second step
• BER2.SID is the BER after the third step
The second and third step dependent on one of the
following cases:
• If the results of SID of block a’ and SID of block b’ are
correct, then the decoding succeeds. In this case BER2.SID
=0
• If the result of SID of block a’ is correct, but block b’
could not be corrected then the following step the
•
•
2
corrected block a’ is used for the correction of block b’
by feedback to the second channel decoding, resulting in
BER feedback. Block b´ is tried to be corrected by SID
(BER2.SID).
If the result of SID of block b’ is correct, but block a’
could not corrected then the second step the corrected
block b’ is used for the correction of block a’ by feedback
to the second channel decoding, resulting in BER
feedback. In the third step, block a´ is tried to be corrected
by SID (BER2.SID).
If neither the result of SID of block a’ nor the result of
SID of block b’ is correct then BER is equal to BER of
the convolutional decoder (BER of the inner code).
III. SOFT INPUT DECRYPTION (SID) ALGORITHM [3]
SID is a method for the correction of SID blocks which
contain cryptographic check values (digital signatures, MACs,
H-MACs) by using L-values as the output of the SISO channel
decoder. Cryptographic check values provide data integrity,
data origin authentication and non repudiation. It works in
block oriented fashion. The input for SID contains data which
are secured by cryptographic check values. The block which
has to be corrected by SID after channel decoding is called
ma
mb
……….
Message
Vector
CCF
Key
CCF
XTR-NR Signature
ma
Key
XTR-NR
Signature
na
mb
nb
Block a
Block b
Interleaving
a
b
a
b
a
…….
a
b
Interleaved message (u)
Figure 1. Interleaving of blocks a and b into message u [4].
SID block (SID block). It may contain data and cryptographic
check values, or just cryptographic check values, depending
on the used scenario. The standard verification process
without SID is presented in fig. 3.
The algorithm of Soft Input Decryption (fig. 4) is as
follows: If the verification of the cryptographic check value is
successful, i.e. the output is “true”, then SID is successfully
completed. If the verification is false, then soft output of the
channel decoder is analyzed and the bits with the lowest |L|values are flipped (XOR 1). Then the decryptor performs the
verification process and proves the result of the verification
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
again. If the verification is false, then the bits with another
combination of the lowest |L|-values are changed. This
iterative process will stop when the verification is successful
or the needed resources are consumed.
3
a very long SID block or an attack, so that the resources are
not sufficient to find the correct content of a SID block.
Channel
SISO CHANNEL DECODER
Channel
SOFT INPUT DECRYPTION
SID Block
L - Values
Demodulation
BERcd1
DECRYPTOR
(VERIFICATION)
SISO Channel Decoding
Changing of bits
of SID Block NO
No
Step 1
Segmentation of u’
Step 1
(into blocks a’ & b’)
Block a’
Block b’
SID of Block a’
SID of Block a’
BER 1, SID
BER 1, SID
SISO Channel Decoding
SISO Channel Decoding
Step 2
BER feedback
BER feedback
SID of Block b’
SID of Block a’
Step 3
Figure Algorithm of Joint Channel Coding Cryptography
BER 2, SID
BER 2, SID
Figure 2. Algorithm of Joint Channel Coding and Cryptography [4].
Channel
SISO CHANNEL DECODER
SID BLOCK
L – Values of bits of SID block
DECRYPTOR (VERIFICATION)
No
VERIFICATION
TRUE
Successfully
Verified data Yes
No
Not Verified data
SOURCE DECODER
Figure 3. Verification of SID block without soft Input Decryption [3].
In the case that the attempts for correction fail, the number
of modified bits is too large as a result of a very noisy channel,
VERIFICATION
TRUE
Successfully
verified data
Yes
Successfully
Verified SOURCE
data
YES
DECODER
YES
Number
of trials
exceede
Unsuccessfullyd
verified data
yes
No
unsuccessfully verified data
Figure 4. Algorithm of the Soft Input Decryption [3].
It may happen that the attempts for the correction of a SID
block succeed, but the content of a SID block is not equal to
the original one: a collision happened. This case has a
negligible probability if the length of the cryptographic check
values is chosen under security aspects.
IV. XTR-NYBERG-RUEPPEL (XTR – NR) MESSAGE
RECOVERY SIGNATURE SCHEME
XTR is an algorithm for public-key encryption. XTR stands
for ‘ECSTR’. It stands for Efficient and Compact Subgroup
Trace Representation. From a security point of view, XTR is a
traditional discrete logarithm system: For its security it relies
on the difficulty of solving discrete logarithm related problems
in the multiplicative group of a finite field. Some advantages
of XTR are its fast key generation (much faster than RSA),
small key sizes (much smaller than RSA, comparable with
ECC for current security settings), and speed (overall
comparable with ECC for current security settings) [5]. In
1996, the Nyberg-Rueppel signature scheme was improved as
ElGamal version. In 2000, the XTR-Nyberg-Rueppel version
was presented. Then, the XTR – Blind – Nyberg – Rueppel
version and the verifiable encryption of XTR-Nyberg-Rueppel
version were presented in 2003 and 2007, respectively. It is
XTR version of the Nyberg-Rueppel (NR) message recovery
signature scheme. XTR can in a similar way be used in other
‘ElGamal-like’ signature schemes.
A. XTR-NR signature generation [6]
It is stated in [6] that to sign a message M containing an
agreed upon type of redundancy using the XTR version of the
NR protocol, Alice does the following:
Let P, q & Tr(g) be shared XTR public key data.
1. Alice selects a random integer u ∈ [2, q − 3], and n = u
and c = Tr(g) in
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <
2.
3.
4.
5.
6.
Sn(c) = (cn-1, cn, cn+1) ∈ GF (P2)3 so
Su(Tr(g)) = (Tr(gu−1), Tr(gu), Tr(gu+1)) ∈ GF(p2)3 where q
is prime number,
Alice determines a symmetric encryption key K based on
Tr(gu) ∈ GF(p2).
Alice uses an agreed upon symmetric encryption method
with key K to encrypt M, resulting in the encryption E.
Alice computes the (integer valued) hash h of E.
Alice computes s = (k·h + u) mod q ∈ {0, 1… q − 1}.
Alice’s resulting signature on M is (E, s).
B. XTR-NR signature verification [6]
It is assumed that Alice’s XTR public key data for digital
signatures consist of p, q, Tr(g), and Tr(gk) for a secret integer
k that is known only to Alice. However, in addition it is
assumed that not only Tr(gk) but also Tr(gk−1) and Tr(gk+1)
(and thus Sk(Tr(g))) are available to the verifier. These
additional GF(p2) elements are either part of the public key or
they are reconstructed by the verifier. Tr(gk−1) (or Tr(gk+1)) can
be reconstructed from p, q, Tr(g), Tr(gk), and Tr(gk+1) (or
Tr(gk−1)) using an explicit and easily computed formula.
Reconstruction of Tr(gk+1) (or Tr(gk−1)) given just (p, q, Tr(g),
Tr(gk)) requires additional assumptions and a slightly more
involved computation. To verify Alice’s signature (E, s) and to
recover the signed message M, verifier Bob does the
following.
1. Bob checks that 0 ≤ s < q; if not failure.
2. Bob computes the hash h of E.
3. Bob replaces h by −h mod q ∈ {0, 1 . . . q − 1}.
4. Bob applies Algorithm 5.27 stated in [6] to Tr(g),
Sk(Tr(g)) (with k unknown to Bob), a = s, and b = h to
compute Tr(gs · ghk) (which equals Tr(gu)).
5. Bob determines a symmetric encryption key K based on
Tr(gs · ghk) ∈ GF(p2).
6. Bob uses the agreed upon symmetric encryption method
with key K to decrypt E resulting in M.
7. The signature is accepted if and only if M contains the
agreed upon redundancy.
V. ANTICIPATED RESULT
There are so many cryptosystems are available in market to
implement. Here we have considered more popular ECC and
RSA algorithms with XTR algorithm. We have shown the
comparison among them in Table 1. W. r. t. key length, key
selection, encryption time, decryption time, signature time,
verification time and operation speed. Out of these, XTR is
the best among all others (stated in [8], [9]).
XTR – NR Signature generation and verification are both
considerably faster than traditional implementations of the NR
scheme that are based on subgroups of multiplicative groups
of finite fields of the same security level: XTR-NR Signature
generation is about three times faster than traditional NR
signature generation, and XTR-NR signature verification is
about 1.75 faster than the traditional method [6]. The length of
the signature is identical to other variants of the hybrid version
of the NR scheme: an overhead part of length depending on
4
the desired security (i.e., the subgroup size) and a message
part of length depending on the message itself and the agreed
upon redundancy and symmetric encryption. The XTR
signatures scheme with Message Recovery is secure enough
against attacks, especially forgery attacks [7].
TABLE: 1 COMPARISON AMONG XTR, ECC & RSA [8], [9]
XTR
ECC
RSA
Short 170-bit
Short 170-bit
Long 1020-bit
Key Length
Simplest
Hard
Simple
Key Selection
23 ms
28 ms
05 ms for 32 – bit
Encrypt
11 ms
16 ms
40ms CRT
Decrypt
11 ms
14 ms
123 ms
Sign
23 ms
≤ 21ms
05 ms for 32 – bit
Verify
Operation
Fastest
Fast
slow
Speed
Implementation on Pentium III 450 MHz and 96 MB of Ram
VI. CONCLUSION AND FUTURE WORK
Now-a-days SMS is more popular for different applications
in our daily real life. Errorless data transmission with secured
is important in wireless environment. In this paper we have
discussed about joint channel coding and cryptography, SID
algorithm and XTR – NR message recovery signature scheme.
From the above, we have concluded that XTR – NR message
recovery signature algorithm is best among other popular and
traditional algorithms. As a result, secured data will transfer
from sender to receiver end(s) with errorless. It will efficient
scheme and provide better result. It is our future work to
implement, prove and compare. We ensure that it will improve
the current security level, fastest speed and provide reliable
message recovery at receiver end with respect to key
generation, encryption, decryption, signing and verification
with small key length for SMS in any kind of mobile devices.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
Nataša ŽIVIĆ: “Iterative Method for Improvement Of Coding And
Decryption”, International Journal of Network Security & Its
Applications (IJNSA), Vol 1, No 2, July 2009, PP. 1 – 15.
Nataša ŽIVIĆ and Obaid Ur REHMAN: “On using the message digest
for error correction in wireless communication networks”, in 21 st
International Symposium on Personal, Indoor and Mobile Radio
Communications Workshops 2010, Page(s): 491 – 495.
NATASA ZIVIC: “Strategies and Performances of Soft Input
Decryption”, International Journal of Computer Science and Information
Security, Issue 1, Volume 1, May 2009, PP 1 – 12.
Nataša ŽIVIĆ, Christoph RULAND and Obaid Ur REHMAN: “Error
Correction over wireless Channels using Symmetric Cryptography”, in
1st International Conference Wireless Communication, Vehicular
Technology, Information Theory and Aerospace & Electronic Systems
Technology, 2009. Wireless VITAE 2009, Page(s): 752 – 756.
http://en.wikipedia.org/wiki/XTR
Arjen K Lenstra, Eric R Veheul: “An Overview of the XTR Public Key
System”, www.win.tue.nl/~klenstra/xtrsurvey.ps
Li Yong; Zhang Xiang-li; He Long; Xie Zhi-heng; Zhu Chong:
“Research of Trace Equivalence Relation on XTR”, in WRI CMC '09,
International Conference Communications and Mobile Computing,
2009.. Volume: 3, Page(s): 380 – 384
www.ietf.org/proceedings/67/slides/msec-2/msec-2.ppt
www.ecc-brainpool.org/workshop2/XTR.ppt
ACKNOWLEDGMENT
This research work is supported by Ministry of Human
Resource Development (MHRD), Government of India.