A Review of SMS Security Using Hybrid Cryptography and Use in Mobile Money System

Rufai Yusuf Zakari; Abdulkadir Suleiman; Zaharaddeen Karami Lawal; Najib Abdulrazak

doi:7420168

In the last dozen years mobile technology has flourished throughout the developing world faster than any other technology in history. The latest phenomenon spawned by mobile technology is mobile money. Short message service (SMS) is a very popular and easy to use communications technology for mobile phone devices. Originally, this service was not designed to transmit secured data, so the security was not an important issue during its design. Yet today, it is used to exchange sensitive information between communicating parties i.e. Mobile Money. The most important security service that most provided to secure SMS are confidentiality, integrity, authentication and non-repudiation. In this review a secured short Message service (SMS) which is a peer-to-peer hybrid cryptography is analyzed which provide the security services, it uses symmetric (AES-Rijndael) and asymmetric (NTRU) algorithm to achieve more robust functionality and the use of hashing algorithm SHA-1 is suggested to be replace with HMAC-SHA256 because of its vulnerability. The protocol is proposed to be use in mobile money short message service communication channel.

[1]

Michaels L. (2011): It’s better than Cash: Kenya Mobile Money Market Assessment, Kenya, and Accenture Development Partnership.

[2]

Diniz, H.E., Albuquequer, P.J., Cernev, A.K., (2011) “Mobile Money and Payment: a literature review based on academic and practitioner-oriented publications”.

[3]

Medhi, I., Ratan, A. & Toyama, K (2009). "Mobile-Banking Adoption and Usage by Low Literate, Low-Income Users in the Developing World".

[4]

Maniego Eala R. (2007). 'Telcos Extending Financial Access to the Unbanked: the Philippine Experience Siteresources,' [Online], [Retrived August 18, 2011], worldbank.org/FSLP/.../Rizza Maniego Eala Delivery Chanels

[5]

GSM World (2009a). GSM Security Algorithms. Retrieved 2-9-2009, fromhttp://www.gsmworld.com/ourwork/programmmesandinitiatives

[6]

Al-bakri, S. H., & Kiah, M. M. (2010). A novel peer-to-peer SMS security solution using a hybrid technique of NTRU and AES-Rijndael. acadamic journals, 3455-3466.

[7]

Tom Clements 2003. SMS -- Short but Sweet. [Online]. Available:http://developers.sun.com/techtopics/mobility/midp/articles/sms/. Accessed on 15 November 2005

[8]

Hassinen M (2006). Java based Public Key Infrastructure for SMS Messaging. Information and Communication Technologies, 2006. ICTTA'06. 2nd, 1.

[9]

Barkan E, Biham E, Keller N (2008). Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication. J. Cryptol., 21(3): 392-429.

[10]

Haque A, Tarofder A, Rahman S, Raquib M (2009). Electronic transaction of internet banking and its perception of Malaysian online customers. Afr. J. Bus. Manage. 3(6): 248-259.

[11]

Hashim F, Alam G, Siraj S (2010). Information and communication technology for participatory based decision-making-E-management for administrative efficiency in Higher Education. Int. J. Phys. Sci., 5(4): 383-392.

[12]

Ratshinanga H, Lo J, Bishop J (2004). A Security Mechanism for Secure SMS Communication. Singh, S. (2006). The Code Book.

[13]

Croft NJ, Olivier MS (2005). Using approximate one-time pad to secure short messaging Service (SMS), pp. 71-76.

[14]

Lison_k D, Drahanský M (2008). SMS Encryption for Mobile Communication. Security Technology, 2008. SECTECH '08. International Conference on, pp. 198-201.

[15]

Anuar N, Kuen L, Zakaria O, Gani A, Wahab A (2008). GSM mobile SMS/MMS using public key infrastructure: m-PKI. WSEAS Transactions on Computers, 7(8): 1219-1229.

[16]

Zhao S, Aggarwal A, Liu S (2008) Building Secure User-to-user Messaging in Mobile Telecommunication Networks. Wireless Telecommunications Symposium, WTS 2008, pp. 151-157.

[17]

Wu S, Tan C (2009b) A High Security Framework for SMS. Paper presented at the Biomedical Engineering and Informatics, 2009. BMEI '09. 2nd International Conference, pp.1-6.

[18]

Dolan, J. (2009). "Accelerating the Development of Mobile Money Ecosystem," Washington, DC: IFC and the Harvard Kennedy School, available at:http://www.hks.harvard.edu/mrcbg/CSRI/publications/report_39_mobilemoney_january_09.pdf

[19]

Forum, W. (2001). wireless Application Protocol ArchitectureSpecification. http//:www.wapforum.org. 2001.

[20]

GSM World (2009b). Market Data Summary (Q2 2009). Retrieved 2-9-2009, from http://www.gsmworld.com/newsroom/marketdata/market_dat_summary.security/gsm_security_algorithms.htm.

[21]

Jimale MA (2008). Securing Mobile Communications Using Public Key Infrastructure for Multimedia Messaging Service (MMS). University Malaya, p. 70.

[22]

Kuen LN (2008). Mobile Messaging Using Public Key Infrastructure: MPKI. University Malaya.

[23]

Lecture Notes in Computer Science, Vol. 5623, pp 485-494.

[24]

Narendiran C, Albert Rabara S, Rajendran N (2009). Public key infrastructure for mobile banking security. Paper presented at the Global Mobile Congress.

[25]

OECD (2006) "Online payment systems for e-Commerce,"DSTI/ICCP/IE/(2004)18/FINAL (unclassified), [online] available at: http://www.oecd.org/dataoecd/37/19/367 36056.pdf

[26]

Stallings W (2005). Cryptography and Network Security Principles, and Practices fourth edition.

[27]

S. Vaudenay (1996), “Hidden collisions on DSS”, Advances in Cryptology – Crypto ’96, LNCS 1109, Springer-Verlag, 1991, pp.268-273.

[28]

Lecture Notes in Computer Science, 11-09-1996, Springer-Verlag, 83-88.

[29]

Xiaoyun, W., Hongbo, Y., & Yiqun, l. y. (2005). Finding Collision in the full SHA-1 in Crypto. Santa Babara, California: MIT.edu.

[30]

Gilbert, H., & Helena, H. (2003). Security Analysis of SHA-256 and Sisters. In Selected Areasin Cryptography (pp. 175-193). hhtp://www.unixwiz.net/techtips/iguid-hashes-html.