Security Analysis: Short Messaging System (SMS)
SMS or short message service is a popular, cheap and public service over GSM network and other cellular networks and is based upon Store-and-Forward mechanism; which means messages would be stored in SMSC (Short Message Service Center) until expiration time and would be sent to the receiver whenever he/she becomes available. This system emerged in Europe in 1991 and become prevalent after this breakthrough happened. Using SMSC as a store and forward system and cellular networks as a means of transferring signals, people can send their messages and make sure that their messages have been delivered unlike Alphanumeric paging systems. SMS provides the infrastructure for different services such as electronic mail, mobile banking and stock information. However, it seems it is not enough secure to handle money transferring. Generally, there are two types of security problems related to short message service:
1) Vulnerabilities which are related to the cellular networks and SMS inherit those problems.
2) Vulnerabilities which are specific to this service and has nothing to do with cellular networks.
First set of problems can be applied to all services over GSM. In other words, all signals transmitted over GSM would be prone to attacks. Short message service in GSM uses A5 algorithm to encrypt messages transmitted over radio and in other part of the network messages would be kept unencrypted. Also, there is no integrity check in SMS. Therefore, using man in the middle attacks and fake receiver-sender attackers can change or eliminate messages. Another way to attack SMS is to copy a sim card or obtain Ki and IMSI of the victim to receive all SMS intended for the victim. In this situation if a banking system decides to stupidly provide a means of depositing and withdrawing money from one’s account via sms the attacker can in an easy manner compromise the banking account.
Secondly, the other category of attacks is related to vulnerabilities in the SMS. Since messages in the SMSC are in plain text, storing them may lead to leakage of data. In addition to this problem, fake SMSs can be generated in the Internet. In the roaming process in cellular networks, SMS contents would be transferred over the Internet and could be prone to attacks. Other sort of attack that we can think of is physically accessing a device and stealing information.
In order to have a secure messaging system, we need to provide an end to end system which guaranties integrity and privacy and security. There are some ways to implement security with an end to end approach four of which goes as follow.
1) Programming Languages: Thanks to high processing capability of cellphones and available programming languages for cellphones, we can encrypt voice over GSM channels. Therefore it is plausible to encrypt small size packets. For instance, we can take advantage of J2ME and SATSA (Security and Trust Service API) and WMA (Wireless Messaging API) to encrypt SMS sent over GSM.
2) SAT (SIM Application Toolkit): Most of the SIM cards provides a facility for operators to control their users and give them the capability to get information from user keyboards. However we should notice that regarding processing capabilities SIM cards are not as powerful as cellphone devices.
3) JavaCard : In devices with two processing chips we can use this approach.
4) Encryption Processing Unit: Cellphone factories can insert a module in their devices which can add security capabilities to their devices and cannot be changed by users.
It seems the first two approaches mentioned above are more feasible and general can be applied to all cellphones.
References:
M. Toorani, and A.A. Beheshti Shirazi, “Solutions to the GSM Security Weaknesses,”
Proceedings of the 1st IEEE Workshop on Wireless and Mobile Security (WMS’08),
pp.576-581, Cardiff, UK, Sept. 2008.
http://www.alarm.de.
M. Toorani, and A.A. Beheshti Shirazi, “SSMS – A Secure SMS Messaging Protocol for
the M-payment Systems,” Proceedings of the 13th IEEE Symposium on Computers and
Communications (ISCC’08), pp.700-705, Morocco, July 2008.
European Telecommunications Standards Institute, “Digital cellular Telecommunications
system (Phase 2+), Security mechanisms for the SIM Application Toolkit,” GSM 02.48
version 6.0.0 Release 97, April 1998.
A.B. Rekha, B. Umadevi, Y. Solanke, and S.R. Kolli, “End-to-End Security for GSM
Users,” IEEE International Conference on Personal Wireless Communications, pp.434-
437, Jan. 2005.
N.N. Katugampala, K.T. Al-Naimi, S. Villette, and A.M. Kondoz, “Real-time End-to-end
Secure Voice Communications Over GSM Voice Channel,” 13th European Signal
Processing Conference (EUSIPCO’05), Turkey, Sept. 2005.