SMSSec: An end-to-end protocol for secure SMS

SMSSec: An end-to-end protocol for secure SMS

Short Message Service is usually used to transport unclassified information, but with the rise of mobile commerce it has become an integral tool for conducting business. However, SMS does not guarantee confidentiality and integrity of the message content. This paper proposes a protocol called SMSSec...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2008-10, Vol.27 (5), p.154-167
Hauptverfasser: Lo, Johnny Li-Chang, Bishop, Judith, Eloff, J.H.P.
Format: Artikel
Sprache:eng
Schlagworte:
Cryptography
Data integrity
Mobile devices
Network security
Protocol
Protocols
Service introduction
Small Message Service
Studies
Text messaging
Wireless Messaging API
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 167
container_issue 5
container_start_page 154
container_title Computers & security
container_volume 27
creator Lo, Johnny Li-Chang
Bishop, Judith
Eloff, J.H.P.
description Short Message Service is usually used to transport unclassified information, but with the rise of mobile commerce it has become an integral tool for conducting business. However, SMS does not guarantee confidentiality and integrity of the message content. This paper proposes a protocol called SMSSec that can be used to secure an SMS communication sent by Java's Wireless Messaging API. The physical limitations of the intended devices such as mobile phones, made it necessary to develop a protocol which would make minimal use of computing resources. SMSSec has a two-phase protocol with the first handshake using asymmetric cryptography which occurs only once, and a more efficient symmetric nth handshake which is used more dominantly. What distinguishes this work from conventional protocols is the ability to perform the secure transmission with limited size messages. Performance analysis showed that the encryption speed on the mobile device is faster than the duration of the transmission. To achieve security in the mobile enterprise environment, this is deemed a very acceptable overhead. Furthermore, a simple mechanism handles fault tolerance without additional overhead is proposed.
doi_str_mv 10.1016/j.cose.2008.05.003
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_35543345</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404808000151</els_id><sourcerecordid>35543345</sourcerecordid><originalsourceid>FETCH-LOGICAL-c402t-fad585de8bc450bba0e5216edab54f97ae2958b96a558587ddde2ddf6a8c8c2b3</originalsourceid><addsrcrecordid>eNp9kD1PwzAURS0EEqXwB5giBjaHF8dOHMRSVeVDKmIozJZjv0iJ0rjYCRL_HkdlYmC6y7lP9x1CrjNIM8iKuy41LmDKAGQKIgXIT8gikyWjBQN5ShYRKikHLs_JRQgdQFYWUi4I3b3udmjuk9WQ4GDp6GiM5ODd6Izrk8b5JKCZPCaRvCRnje4DXv3mknw8bt7Xz3T79vSyXm2p4cBG2mgrpLAoa8MF1LUGFCwr0Opa8KYqNbJKyLoqtIicLK21yKxtCi2NNKzOl-T2eDfu-JwwjGrfBoN9rwd0U1C5EDzPuYjgzR-wc5Mf4jbFoMyrkosZYkfIeBeCx0YdfLvX_ltloGZ9qlOzPjXrUyBU1BdLD8cSxj-_WvQqmBYHg7b1aEZlXftf_QfosHcY</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>207397455</pqid></control><display><type>article</type><title>SMSSec: An end-to-end protocol for secure SMS</title><source>Elsevier ScienceDirect Journals</source><creator>Lo, Johnny Li-Chang ; Bishop, Judith ; Eloff, J.H.P.</creator><creatorcontrib>Lo, Johnny Li-Chang ; Bishop, Judith ; Eloff, J.H.P.</creatorcontrib><description>Short Message Service is usually used to transport unclassified information, but with the rise of mobile commerce it has become an integral tool for conducting business. However, SMS does not guarantee confidentiality and integrity of the message content. This paper proposes a protocol called SMSSec that can be used to secure an SMS communication sent by Java's Wireless Messaging API. The physical limitations of the intended devices such as mobile phones, made it necessary to develop a protocol which would make minimal use of computing resources. SMSSec has a two-phase protocol with the first handshake using asymmetric cryptography which occurs only once, and a more efficient symmetric nth handshake which is used more dominantly. What distinguishes this work from conventional protocols is the ability to perform the secure transmission with limited size messages. Performance analysis showed that the encryption speed on the mobile device is faster than the duration of the transmission. To achieve security in the mobile enterprise environment, this is deemed a very acceptable overhead. Furthermore, a simple mechanism handles fault tolerance without additional overhead is proposed.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2008.05.003</identifier><identifier>CODEN: CPSEDU</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Cryptography ; Data integrity ; Mobile devices ; Network security ; Protocol ; Protocols ; Service introduction ; Small Message Service ; Studies ; Text messaging ; Wireless Messaging API</subject><ispartof>Computers &amp; security, 2008-10, Vol.27 (5), p.154-167</ispartof><rights>2008 Elsevier Ltd</rights><rights>Copyright Elsevier Sequoia S.A. Oct 2008</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c402t-fad585de8bc450bba0e5216edab54f97ae2958b96a558587ddde2ddf6a8c8c2b3</citedby><cites>FETCH-LOGICAL-c402t-fad585de8bc450bba0e5216edab54f97ae2958b96a558587ddde2ddf6a8c8c2b3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.cose.2008.05.003$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,777,781,3537,27905,27906,45976</link.rule.ids></links><search><creatorcontrib>Lo, Johnny Li-Chang</creatorcontrib><creatorcontrib>Bishop, Judith</creatorcontrib><creatorcontrib>Eloff, J.H.P.</creatorcontrib><title>SMSSec: An end-to-end protocol for secure SMS</title><title>Computers &amp; security</title><description>Short Message Service is usually used to transport unclassified information, but with the rise of mobile commerce it has become an integral tool for conducting business. However, SMS does not guarantee confidentiality and integrity of the message content. This paper proposes a protocol called SMSSec that can be used to secure an SMS communication sent by Java's Wireless Messaging API. The physical limitations of the intended devices such as mobile phones, made it necessary to develop a protocol which would make minimal use of computing resources. SMSSec has a two-phase protocol with the first handshake using asymmetric cryptography which occurs only once, and a more efficient symmetric nth handshake which is used more dominantly. What distinguishes this work from conventional protocols is the ability to perform the secure transmission with limited size messages. Performance analysis showed that the encryption speed on the mobile device is faster than the duration of the transmission. To achieve security in the mobile enterprise environment, this is deemed a very acceptable overhead. Furthermore, a simple mechanism handles fault tolerance without additional overhead is proposed.</description><subject>Cryptography</subject><subject>Data integrity</subject><subject>Mobile devices</subject><subject>Network security</subject><subject>Protocol</subject><subject>Protocols</subject><subject>Service introduction</subject><subject>Small Message Service</subject><subject>Studies</subject><subject>Text messaging</subject><subject>Wireless Messaging API</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2008</creationdate><recordtype>article</recordtype><recordid>eNp9kD1PwzAURS0EEqXwB5giBjaHF8dOHMRSVeVDKmIozJZjv0iJ0rjYCRL_HkdlYmC6y7lP9x1CrjNIM8iKuy41LmDKAGQKIgXIT8gikyWjBQN5ShYRKikHLs_JRQgdQFYWUi4I3b3udmjuk9WQ4GDp6GiM5ODd6Izrk8b5JKCZPCaRvCRnje4DXv3mknw8bt7Xz3T79vSyXm2p4cBG2mgrpLAoa8MF1LUGFCwr0Opa8KYqNbJKyLoqtIicLK21yKxtCi2NNKzOl-T2eDfu-JwwjGrfBoN9rwd0U1C5EDzPuYjgzR-wc5Mf4jbFoMyrkosZYkfIeBeCx0YdfLvX_ltloGZ9qlOzPjXrUyBU1BdLD8cSxj-_WvQqmBYHg7b1aEZlXftf_QfosHcY</recordid><startdate>20081001</startdate><enddate>20081001</enddate><creator>Lo, Johnny Li-Chang</creator><creator>Bishop, Judith</creator><creator>Eloff, J.H.P.</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20081001</creationdate><title>SMSSec: An end-to-end protocol for secure SMS</title><author>Lo, Johnny Li-Chang ; Bishop, Judith ; Eloff, J.H.P.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c402t-fad585de8bc450bba0e5216edab54f97ae2958b96a558587ddde2ddf6a8c8c2b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2008</creationdate><topic>Cryptography</topic><topic>Data integrity</topic><topic>Mobile devices</topic><topic>Network security</topic><topic>Protocol</topic><topic>Protocols</topic><topic>Service introduction</topic><topic>Small Message Service</topic><topic>Studies</topic><topic>Text messaging</topic><topic>Wireless Messaging API</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Lo, Johnny Li-Chang</creatorcontrib><creatorcontrib>Bishop, Judith</creatorcontrib><creatorcontrib>Eloff, J.H.P.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers &amp; security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Lo, Johnny Li-Chang</au><au>Bishop, Judith</au><au>Eloff, J.H.P.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>SMSSec: An end-to-end protocol for secure SMS</atitle><jtitle>Computers &amp; security</jtitle><date>2008-10-01</date><risdate>2008</risdate><volume>27</volume><issue>5</issue><spage>154</spage><epage>167</epage><pages>154-167</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><coden>CPSEDU</coden><abstract>Short Message Service is usually used to transport unclassified information, but with the rise of mobile commerce it has become an integral tool for conducting business. However, SMS does not guarantee confidentiality and integrity of the message content. This paper proposes a protocol called SMSSec that can be used to secure an SMS communication sent by Java's Wireless Messaging API. The physical limitations of the intended devices such as mobile phones, made it necessary to develop a protocol which would make minimal use of computing resources. SMSSec has a two-phase protocol with the first handshake using asymmetric cryptography which occurs only once, and a more efficient symmetric nth handshake which is used more dominantly. What distinguishes this work from conventional protocols is the ability to perform the secure transmission with limited size messages. Performance analysis showed that the encryption speed on the mobile device is faster than the duration of the transmission. To achieve security in the mobile enterprise environment, this is deemed a very acceptable overhead. Furthermore, a simple mechanism handles fault tolerance without additional overhead is proposed.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2008.05.003</doi><tpages>14</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0167-4048
ispartof Computers & security, 2008-10, Vol.27 (5), p.154-167
issn 0167-4048
1872-6208
language eng
recordid cdi_proquest_miscellaneous_35543345
source Elsevier ScienceDirect Journals
subjects Cryptography
Data integrity
Mobile devices
Network security
Protocol
Protocols
Service introduction
Small Message Service
Studies
Text messaging
Wireless Messaging API
title SMSSec: An end-to-end protocol for secure SMS
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-18T18%3A58%3A43IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=SMSSec:%20An%20end-to-end%20protocol%20for%20secure%20SMS&rft.jtitle=Computers%20&%20security&rft.au=Lo,%20Johnny%20Li-Chang&rft.date=2008-10-01&rft.volume=27&rft.issue=5&rft.spage=154&rft.epage=167&rft.pages=154-167&rft.issn=0167-4048&rft.eissn=1872-6208&rft.coden=CPSEDU&rft_id=info:doi/10.1016/j.cose.2008.05.003&rft_dat=%3Cproquest_cross%3E35543345%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=207397455&rft_id=info:pmid/&rft_els_id=S0167404808000151&rfr_iscdi=true