27th Brazilian Symposium on Computer

Networks and Distributed Systems - SBRC 2009 Recife, PE - Brazil 25-29 May 2009

11th Brazilian Workshop on Real-Time and

Embedded Systems – WTR

PROCEEDINGS

Published by Sociedade Brasileira de Computação (SBC)

Organizing Committee Carlos Montez (UFSC)

Francisco Vasques (University of Porto) Raimundo Macêdo (UFBA)

Rossana Maria de Castro Andrade (UFC) Paulo André da Silva Gonçalves (UFPE) Carlos André Guimarães Ferraz (UFPE)

Organization Centro de Informática (CIn)

Universidade Federal de Pernambuco (UFPE)

Promoted by Sociedade Brasileira de Computação (SBC)

Laboratório Nacional de Redes de Computadores (LARC)

Trusted SMS Communication on Mobile Devices

Juan Pablo Albuja1, Enrique V. Carrera1

1Department of Systems EngineeringUniversity San Francisco of Quito

P. O. Box 17-12-841, Quito, Ecuador

juanpaalbuja@gmail.com, vcarrera@usfq.edu.ec

Abstract. The exponential growth of the Short Message Service (SMS) use hastransformed this service in a widespread tool for social and commerce messag-ing. However, security concerns have been raised as applications become morecritical and complex. Thus, this paper introduces an SMS security framework,which allows programmers and users to exchange confidential, non-repudiableand digitally signed text messages. This framework can fit in many develop-ment scenarios, such as commercial transactions or bureaucratic delegations.In addition, the proposed framework is highly flexible and efficient, since pro-grammers can choose among several encryption algorithms according to thecomputational power and battery usage of each mobile device. Finally, this pa-per also analyzes the existing tradeoffs between security and performance inSMS applications running on mobile devices such as smart-phones and PDAs.

1. IntroductionWith about 3 billion subscribers around the world, mobile phones are spreading ubiqui-tously across the planet [Kalba 2008]. Although most mobile phones are used for theiroriginal intent (i.e., making telephone calls), these devices are also loaded with otherfeatures. One of those features that users have begun to fully exploit in recent years ismobile messages. In fact, mobile messaging is a fast growing and exciting industry. Gart-ner, Inc. forecasts 2.3 trillion messages sent across major markets worldwide in 2008,a 19.6% increase from the 2007 total of 1.9 trillion messages [Ingelbrecht et al. 2007].Similarly, mobile messages have generated revenues of US$ 130 billion worldwide in2008, and this figure is set to rise to a market value of US$ 224 billion by full year 2013[Portio Research Ltd. 2008].

Within mobile messages, SMS accounts for the majority of these numbers: therevenue generated by SMS in 2008 was US$ 89 billion. Hence, it is evident that SMS isbecoming a widely used communication mechanism for mobile phone users, seeing thatSMS facilitates person-to-person messaging, interactive information and entertainmentservices, and lately location-based services [Brown et al. 2007]. Based on this, PortioResearch also predicts that SMS will remain the most dominant mobile messaging formatfor most of the next decade [Portio Research Ltd. 2008].

However, the proliferation of the SMS use comes with growing security concerns,since SMS specifications [TIA 2002] do not define the mechanisms for ensuring integrityof the SMS content and authentication of the SMS sender. SMS specifications do not alsoprevent unauthorized access. Thus, the service is surprisingly insecure and many possibleattacks to the confidentiality, the integrity and non-repudiation of the messages can arise.

11th Brazilian Workshop on Real-Time and Embedded Systems 165

In particular, the ubiquity of mobile devices has attracted malware writers whichhave been adapted phishing and other attacks (e.g., spoofing become SMS-spoofing),based on social engineering techniques in order to trick recipients into divulging theirown private data [Van der Merwe et al. 2005]. There are also many sites, like FakeMy-Text.com, which do not encourage trust in the SMS services. In addition, text messagesstored on your mobile phone can be easily accessed by anyone who wants to find out moreabout who you are messaging and why.

Despite all these security concerns about the intrinsic nature of short messages,many companies have not been discouraged to consider SMS as an effective means of re-alizing transactions in the future [PrivyLink 2009, Ducos and Castillo 2008]. In this way,encryption-based mechanisms become a good alternative for increasing SMS security:digitally signed messages can be used to avoid SMS tampering, ensuring integrity and au-thentication of the sender [Pankratov and Kramarenko 2004], while encrypted messagesare useful for preventing unauthorized access to SMS content.

As long as encryption provides powerful tools for protecting sensitive communi-cations over a public network, it also imposes an overhead in terms of additional comput-ing. In fact, software-based encryption requires significant computational resources notreadily available to many mobile devices. This limitation could threaten the usability ofmobile devices with severe constraints on computational power, battery life and user la-tency, which impose limits on the amount of encryption operations that can be performedwithout a severe degradation of the device. Furthermore, the risk of storing cryptographickeys in the memory of mobile devices should be carefully assessed and is often difficultto mitigate.

Inspired by this, many applications and products have implemented their ownmechanisms for securing SMS messages. Unfortunately, every design is different fromeach other, presenting problems related to flexibility, portability, and interoperabilityamong products. In order to address the lack of a globally-accepted standard, this pa-per proposes a new framework for developing secure SMS applications. Our frame-work facilitate the exchange of SMS messages guaranteeing confidentiality, integrity,non-repudiation, and authentication of peers. Additionally, the proposed framework ishighly portable, flexible and efficient, since programmers can choose among several en-cryption algorithms depending on the computational power and battery usage of everymobile device.

Critical applications like Mobile Commerce (M-commerce) and SMS-banking[Ducos and Castillo 2008], or even simple ones like SMS polling, can benefit of a fast,flexible and proved development environment. This is even more important if we considerthat in the future, SMS applications will be much more complex and critical in terms ofsecurity. In this way, applications based on our framework could keep eavesdroppers,intruders, paparazzi, stalkers, law enforcement, and other “monitors” out-of-business.

Moreover, this paper also studies the existing tradeoffs between security and per-formance using two J2ME applications based on our framework and running on Nokia-3500 mobile phones. The study is based on performance and power consumption evalua-tions of each encryption mechanism provided by our J2ME implementation. The impactof our framework in the overall development process of real applications is also shown.

166 11th Brazilian Workshop on Real-Time and Embedded Systems

MH E

KRa

+ E

Ks

+

E

KUbSender

Digital signature Cryptography

MH

D

KUa

compare

D

KRb

D

Recipient

Digital signatureCryptography

Figure 1. Main process for securing SMS messages.

2. SMS Security Framework

Our proposal is a novel framework for exchanging confidential, non-repudiable SMS mes-sages in a PKI environment that can include X.800 certificates validated by CertificationAuthorities (CA). Since SMS message exchange is very similar to sending and receivingemails, our security framework is based on some ideas for securing email, specificallyPGP and S/MIME. In this way, the basic functionality provided by our framework in-cludes the following services:

1. Clear messages. Methods for sending and receiving text or binary messages with-out security. In order to overcome message size limitation, these methods performsegmentation and reassembly to handle messages of any size.

2. Signed messages. These methods implement a digital signature to provide peerauthentication and message integrity (Figure 1). The sender generates a hash code(H) of the message (M ) and encrypts (E) that code with its private key (KRa)before the result is prepended to the original message. On the other side, the re-cipient decrypts (D) the hash code with the sender’s public key (KUa) and simul-taneously computes a new hash code. If the two hash codes match, the message isaccepted as authentic.

3. Encrypted messages. Methods for encrypting the message in order to guaranteeits confidentiality (Figure 1). The sender starts generating a random session key(Ks) used to encrypt the original message. The session key is also encrypted withthe recipient’s public key (KUb) and prepended to the message. The receiver usesits private key (KRb) to recover the session key and decrypts the message. Wealso support a variation where the whole message is encrypted with the recipient’spublic key. The last option is mainly useful for messages smaller than shared keys.

4. Signed and encrypted messages. The concatenation of the two previous methodsallows to guarantee peer authentication and message confidentiality as showed infigure 1.

5. Public key exchange. These methods allow the exchange of public keys amongusers using a trust model (PGP) or X.509 certificates (S/MIME). In order to enable

11th Brazilian Workshop on Real-Time and Embedded Systems 167

Key size Key generation Encryption Decryption128 0.2 sec 2 ms 4 ms256 1.0 sec 5 ms 20 ms512 8.2 sec 13 ms 117 ms1024 79.2 sec 44 ms 873 ms2048 879.6 sec 164 ms 6752 ms

Table 1. Execution time of public key cryptography.

the exchange of public keys, the infrastructure also offers methods for generatingpairs of keys and certificates X.509v3 based on those pairs.

6. Application management. Additional methods for message queuing and threadmanagement, besides key-chain implementations facilities the development of ap-plications for sending and receiving SMS messages.

Any implementation of these services requires support for shared-key cryptogra-phy, public-key cryptography, hash codes, shared key generation, public key generation,and X.509 certificate handling. The particular algorithms used for each functionality arenot defined in the framework, but instead are defined by the implementation provider.

3. Java-based EvaluationThe current implementation of our SMS security framework achieves platform indepen-dent design by choosing proper Java (J2ME) technologies. We have built a Java librarythat can be included in any application development process. The library offers all theservices mentioned in section 2. Encryption mechanisms included in the library are basedon the Bouncy Castle provider.

3.1. Methodology

All our evaluations were made on mid-range Nokia-3500 Classic mobile phones. Thesephones are powered by an ARM9 family processor (32-bit RISC CPU) at 104 MHz. Their860 mAh Li-Ion (BL-4C) batteries have an officially stated life expectancy of 12 days instandby and about three hours in talk time mode. Besides WMA 2.0, the phone supportsCLDC 1.1 and MIDP 2.0.

Using the services offered by our Java library we have implemented 2 real appli-cations and several benchmarks for measuring performance and power consumption. Allthe applications and benchmarks were compiled on a Linux machine running NetBeansIDE 6.5 with WTK 2.5.2. The version of the Java virtual machine is 1.6.0 0 (IcedTea61.4). Time measurements were taken through Java timers included in the applications,while power measurements were taken using a set of high-precision Fluke multimeters.

3.2. Performance

Because of space limitations, we only present results for the most used algorithms work-ing under the most common options. Time measurements correspond to the average of 10executions.

Table 1 presents the results for public key cryptography. Those times correspondto the RSA algorithm applied on 32 bytes of random data (i.e., equivalent to a 256-bit

168 11th Brazilian Workshop on Real-Time and Embedded Systems

Algorithm Key size Key generation Encryption DecryptionDES 64 bits 1.8 ms 2.2 ms 2.8 ms

3DES 128 bits 2.1 ms 3.2 ms 3.4 ms3DES 192 bits 2.6 ms 3.6 ms 4.0 msAES 128 bits 2.1 ms 4.2 ms 5.8 msAES 256 bits 2.9 ms 5.4 ms 7.0 ms

Table 2. Execution time of shared key cryptography. (64 bytes)

Algorithm Execution timeMD5 7.6 msSHA1 5.6 ms

Table 3. Execution time of hash functions.

shared key). Note that the key generation time is very large for keys over 1024 bits, butthis functionality is used once in a lifetime. On the other hand, table 2 shows executiontimes for shared key cryptography. In this table, the key generation time correspondsto call the RandomBytesKeyGenerator method. Encryption and decryption times weremeasured using 64 bytes of random data. Because of the very short times and consideringsecurity as the main concern to cover, we recommend to use AES with a 256-bit key inall SMS exchanges.

Similarly, table 3 presents the execution times for two well known hash functions.The times were measured when the functions were applied to 64-byte messages. Theseexecution times are also very small when compared to public key cryptography. Becauseof the good performance and enhanced security, we recommend to use SHA1 for everySMS exchange. Finally, table 4 summarizes the execution times for sending and receivingan SMS message of 64 bytes using 512-bit RSA public keys, 256-bit AES shared keysand SHA1 as hash code. These execution times are short enough to allow the usage ofsecurity in every SMS exchange.

3.3. Power Consumption

Besides performance, power consumption is another important metric for mobile devices.We could see that any extra activity on the device increases its power consumption sig-nificantly. In fact, we have determined that the device consumes 573 mW on averagewhen the processor is executing pretty heavy computations and the screen server is notactivated. The energy consumed by some encryption algorithms and the whole processof sending a message is showed in table 5. The values presented in table 5 do not includethe energy spent by the device connecting to the network of the cellular provider. In allthe cases, the sending of messages considers 64 bytes of data, a 512-bit RSA public-keyencryption, a 256-bit AES shared-key encryption, and SHA1 as hash code.

4. ConclusionsThe SMS security framework proposed in this paper allows programmers and users toexchange confidential, non-repudiable and digitally signed text/binary messages. Thisframework can fit in many development scenarios, seeing that is highly flexible andefficient. In fact, SMS message exchange as any other communication mechanism re-

11th Brazilian Workshop on Real-Time and Embedded Systems 169

Type of service Send ReceiveSigned message 163 ms 27 msEncrypted message 40 ms 138 msSigned and encrypted message 181 ms 182 ms

Table 4. Sending and receiving of SMS messages.

Operation EnergyRSA encryption (512-bit keys) 37.2 mJAES encryption (256-bit keys) 3.1 mJSHA1 hash function (64 bytes) 3.2 mJSending SMS (signed) 54.5 mJSending SMS (encrypted) 51.0 mJSending SMS (signed+encrypted) 103.7 mJ

Table 5. Energy consumption for sending of SMS messages.

quires strong encryption techniques in order to guarantee confidentiality, integrity, non-repudiation and authentication of peers. Access control and availability can be accommo-dated by the cellular provider.

Our evaluation shows that security is not forbidden in devices with serious battery,processor, memory, and bandwidth constraints. Performance and power consumption areeven adequate for mid-range cellular phones.

ReferencesBrown, J., Shipman, B., and Vetter, R. (2007). SMS: The short message service. Com-

puter, 40(12):106–110.

Ducos, P. and Castillo, F. (2008). Secure digital money exchange using mobile devices.BE’s thesis, University San Francisco of Quito, Quito, Ecuador.

Ingelbrecht, N., Hart, T. J., Mitsuyama, N., Baghdassarian, S., Gupta, A., Gupta, M., andShen, S. (2007). Market trends: Mobile messaging, worldwide, 2006-2011. TechnicalReport G00152983, Gartner Dataquest.

Kalba, K. (2008). The adoption of mobile phones in emerging markets: Global diffusionand the rural challenge. International Journal of Communication, 2:631–661.

Pankratov, D. and Kramarenko, D. (2004). SMS spoofing - Q&A with CCRC staff.http://www.crime-research.org/interviews/sms-spoofing- intro.

Portio Research Ltd. (2008). Mobile messaging futures 2009-2013. LW1478.MMF09-13,Portio Research Limited.

PrivyLink (2009). Mobile-payment. http://www.privylink.com.sg/products.

TIA (2002). Short message services for spread spectrum systems. TIA/EIA-637-B,Telecommunications Industry Association.

Van der Merwe, A. J., Seker, R., and Gerber, A. (2005). Phishing in the system of systemssettings: Mobile technology. In Proceedings of the IEEE International Conference onSystems, Man and Cybernetics, volume 1, pages 492–498. IEEE.

170 11th Brazilian Workshop on Real-Time and Embedded Systems