Upload
syed-bahauddin-alam
View
217
Download
0
Embed Size (px)
Citation preview
8/3/2019 ems_SECU05703677
http://slidepdf.com/reader/full/emssecu05703677 1/4
Security Enhancement Protocol in SMS-Banking using Digital Watermarking Technique
Md. Nazmus Sakib1, A B M Rafi Sazzad2, Syed Bahauddin Alam3,Celia Shahnaz4, Shaikh Anowarul Fattah5
Bangladesh University of Engineering and Technology,
Dhaka-1000, Bangladesh
Email: 3baha [email protected]
Abstract—Banking service is a part and parcel in the reformisthuman society. Due to the proliferation of communication tech-nology, instead of conventional paper based banking system,sms-banking and m-banking are getting immense popularity.However, regardless of nature of transactions, maintainingsecurity is a major concern in this sector. In this paper, ashort message service (SMS) based m-banking protocol underGSM technology is presented. In view of ensuring a high levelof security during client authentication and data transmission,in the proposed SMS-banking scheme, a digital watermarking
technique is introduced. The proposed scheme, because of wide-spread use of cellular phones, offers an ease of implementationin conjunction with a high level of security.
Index Terms—M-commerce, e-commerce, sms-banking, dig-ital watermarking, text watermarking, supervised access, mo-bile banking service.
I. INTRODUCTION
Advancement in the field of information and communica-
tion technology (ICT) has flourished the idea of electronic
commerce or e-commerce worldwide. Financial institutions
these days greatly focus on transactions via electronic
means, a techno-economic trend which very much advocates
the idea of moving towards a cashless transaction basedsociety [1]. Ubiquitousness of cellular communication has
promoted the idea of transactions using mobile phones and
thus has evolved a new subset of e-commerce known as
mobile commerce or m-commerce. M-commerce is defined
as any transaction that involves the transfer of ownership or
rights of goods and/or services, which is initiated and/or
completed by using mobile access to computer-mediated
networks [2]. The features of non-localized services, high
penetration coefficients, full personalization and large avail-
ability offer the added benefits of m-commerce over e-
commerce [3].
In the context of developing countries, the SMS based
approach of m-commerce appears to be the more prospectiveone because of the low costs and bandwidth requirements,
simplicity, straightforwardness and easiness involved.
Considering SMS to be a business tool for m-commerce,
an idea of using steganography for improving mobile bank-
ing security has been proposed in [4]. In this method, the
information is hidden in a picture using a password and
later downloaded and extracted using the same. Internet
connectivity is a prerequisite here however as the picture
is stored online. Most systems today rely on static pass-
words to verify the user’s identity, making the user more
vulnerable to security breach. From this point of view, the
idea of using mobile phone as a tool for onetime password
(OTP) generation is given in [5]. Encryption of transaction
information for confidentiality and data integrity and public
key infrastructure (PKI) usage for providing customer cer-
tification are two potential security schemes. The usage of
RSA and GSM A8 algorithms have included data encryption
whereas digital signing for user authentication is done using
PKI framework in both the works. However, the method de-
scribed in is applicable to only a Mobile Information Device
Profile (MIDP)-enabled device whereas performance of the
proposed scheme in [6] is limited by memory capacity of
the subscriber’s identity module (SIM) and slow processing
power of the mobile set. Besides process generated overhead
limits the maximum character that can be sent by SMS to
130 instead of 160.
Though numerous works have been reported for strength-
ening the security of SMS based m-commerce, a proposal
missing in previous works is the incorporation of digital
watermarking. Digital watermarking, which is a well estab-
lished technology for copy control and media identification,
is an effective methodology for hiding one information(text, image, audio or video) into another [7]-[9]. The
common practice of digital watermarking suggests that the
information of interest is preferably hidden into an audio or
video [10]. However considering the present technological
infrastructure, bandwidth requirement and cost constraints,
we propose in this work a novel idea of hiding a text file
using another for the sake of security of m-commerce. The
proposed framework, which provides both user authenti-
cation and supervision, has been analyzed with respect to
different watermarking schemes for prototype transaction
information. Detailed performance analysis has been carried
out to reach at important conclusions regarding the viability
of digital watermarking for enhancing m-commerce.
II. PROPOSED SECURITY SCHEME
A SMS-enabled GSM network architecture is shown in
Fig 1. SMS services have some limitations about data length.
Data length of SMS is limited by the constraints of the
signaling protocol to precisely 140 octets (140 octets =
140 * 8 bits = 1120 bits). This means that depending on
which alphanumeric characters are being used, a single SMS
can support only 160 7-bit ASCII characters, 140 8-bit
UKSim Fourth European Modelling Symposium on Computer Modelling and Simulation
978-0-7695-4308-6/10 $26.00 © 2010 IEEE
DOI 10.1109/EMS.2010.107
170
UKSim Fourth European Modelling Symposium on Computer Modelling and Simulation
978-0-7695-4308-6/10 $26.00 © 2010 IEEE
DOI 10.1109/EMS.2010.107
170
8/3/2019 ems_SECU05703677
http://slidepdf.com/reader/full/emssecu05703677 2/4
Fig. 1. SMS-enabled GSM network architecture
Fig. 2. service request
characters or 70 16-bit characters (including spaces)[11]-
[17]. Our proposed scheme aims to enhance the security of
m-commerce by incorporating ideas of user authentication,
supervised access and digital watermarking. The major steps
of the proposed multilevel security scheme are shown in Fig
2.
A. Service Request and User Authentication
In order to carry out any transaction, the user has to send a
service request which must contain the user’s account (A/C)
no, the receiver’s A/C no, transaction amount and the static
password (which is user defined just as in emails). A model
SMS for service request is shown in Fig 3.
The security scheme is designed to allow transactions
only between authentic users. A SMS based authentication
technique which categorizes the user accounts into WAL
(white account list), KAL (known account list) and BAL
(black account list) depending on previous information, has
been reported in [18]. In accordance with this technique, the
banking server will first check the source and destination of
each transaction and would allow only those transactions for
which both the sender and the receiver are registered Theauthenticity of the sender and the receiver will be checked
by the banking server upon receipt of the service request
(Fig 3).
B. Data Transfer
The hidden information is sent to the BS via CN and the
business gateway. Watermarking ensures that the transaction
information is no longer transparent to an intruder or even
to the mobile operator.
Fig. 3. Flow Diagram of Supervised Access
Fig. 4. Transaction Procedure
C. Supervised Access
If the users are found authentic and if the service request is
within the user’s subscription, the banking server will grant
the user an access code for completing the transaction. This
access code is dynamic and is generated using the one time
password (OTP) generation algorithm described in [19]. The
steps of authentication and supervised access are shown in
Fig 4 using a flow diagram.
D. Digital Watermarking
Upon receipt of the access code, the SMS containing thetransaction information will be watermarked. The SMS to
be watermarked has the format as shown in Fig 5. This
operation is carried out by the SME using a predefined
template. Details of the watermarking methodology are
discussed in the subsequent section.
The hidden information is sent to the BS via CN and the
business gateway. Watermarking ensures that the transaction
information is no longer transparent to an intruder or even
to the mobile operator.
171171
8/3/2019 ems_SECU05703677
http://slidepdf.com/reader/full/emssecu05703677 3/4
Fig. 5. information exchange between the user
E. Information Extraction and Confirmation
The file received at the BS end has been watermarked
previously in accordance with the access code sent by the
BS. At the BS end, the same access code is used to extract
the transaction information (Fig 5) from the received file.
Finally on the basis of the extracted information, trans-
action processes are carried out and confirmation SMSs
are sent both to the sender and the receiver. The steps of
information exchange between the user, the cellular network
and the banking server are shown in Fig 6.
III. DIGITAL WATERMARKING IN THE
PROPOSED SCHEME
Commonly digital watermarking is used as a way of
proving the ownership and the authenticity of digital in-
formation, which might be an audio, image, video or text
file. However, digital watermarking in this work has been
used in a rather non-conventional way so as to enhance
the security of SMS based banking. The method proposed
here uses text watermarking for hiding the SMS containing
transaction information into another dummy text file (DTF)
in order to make the transactions unnoticeable to the intruder.
Digital watermarking methods for text are rather limited
because of the binary nature of text documents which lack
rich grayscale information [20]. The basic requirements to be
fulfilled for digital watermarking are imperceptibly, security,
and robustness. In this paper, we introduce a new idea where
a special emphasis is given on the robustness and security
of the information hidden rather than of the DTF. So unlike
conventional watermarking, the DTF is changed more or less
depending on the embedded information. This however does
not result any loss of information as the DTF can be easily
retrieved in accordance with the access code, which wassent from the BS in the first case. The DTF simply acts as
an imperceptible carrier of the SMS containing transaction
information. As specified by GSM 03.38, an SMS contains
7 bit default alphabet comprising of alphanumeric and other
special characters [21]. The SMS formats generally require
only digits (0-9) and separators (* and #) to form a self-
sufficient transaction information. According ASCII, only 6
bits are required for each separator or digit whereas 7 bits
are required to form each character from A to z. From this
Fig. 6. BER Vs. Bit index at different SNRs
perspective, the DTF is assumed to contain the characters
ranging from A-z and it is watermarked with the transaction
information that contains digits and separators of 6 bits each.
For watermarking, we have tested both full exhaust and
partial exhaust methods. In the full exhaust method, all
the bits of a character are used sequentially. On the other
hand, in the partial exhaust method not all the bits of each
character are used for embedding information. In this case
the assignment can be either direct sequencing or random
sequencing.
IV. PERFORMANCE ANALYSIS
An important concern in m-commerce is data integrity of
the transaction information. From this point of view, we have
analyzed here the immunity of different approaches of water-
marking against pseudorandom and flip noise. Considering
fixed sequencing, the impact of noise signals having different
signal to noise ratios (SNRs) are observed for the 7 possible
entries of the information bit (Fig 6). It is obvious that the
bit error rate (BER) decreases significantly if information
is hidden into the higher order bits of the DTF; i.e. noise
immunity becomes the highest for information embedded
into the MSB. The effects of flip noise are more severe
when compared with pseudorandom noise as flip noise com-
pulsorily changes an information bit. To analyse the impact
of flip noise, we have defined here a term ACCURACY=1-
BER. If information is hidden into the 1st bit, then flip noise
at LSB can completely destroy the information and hence
an accuracy of zero (Fig 7).
As the index of embedding information increases, so does
the robustness against flip noise. However for flip noise, the
accuracy can change abruptly from 100 to 0 if watermarkingis done using the direct sequencing method. A solution to
this abrupt change of accuracy is the application of the
dynamic sequencing.
In the partially exhaust method, the number of bits used
in each character of DTF vary between 1 to 6 whereas
for the full exhaust method, all the 7 bits of each DTF
character are used. In our analysis we have considered
a DTF of 160 characters, which is the maximum limit
for a single SMS at present. The percentage usage of the
172172
8/3/2019 ems_SECU05703677
http://slidepdf.com/reader/full/emssecu05703677 4/4
Fig. 7. Accuracy vs. flip noise
DTF for the number of bits used per character. The usage
of all the 7 bits per character refers to the full exhaust
method. The advantage of the full exhaust method is in
its lower bandwidth requirement. For e.g. for transmitting
12 bits of information, only 14 bits of the DTF are tobe sent, whereas in the partially exhausted method using
1 information bit per character, as much as 12*7=104 bits
are to be sent. This results the lower usability but higher
bandwidth requirement for partially exhausted method. The
bandwidth requirement and probability of security breach
are plotted as a function of the number of information bits
hidden in each character of the DTF. Probability of security
breach is expressed in terms of the logarithmic function.
The bandwidth requirement decreases if the number of
information bits embedded in each character of the DTF
increases. This however reduces the security as the informa-
tion hidden becomes more vulnerable to attack if the DTF
size is reduced. Again in the last described method whereDTF remains unchanged, the required bit for every character
is only 4 which reduces bandwidth requirement even less
than those described earlier. As well as unlike other meth-
ods here DTF remains perceptually unchanged hence any
intruder cannot even be slightest warned about embedded
information. From this point of view, the information can be
made even more imperceptible if it is hidden into an image
or audio files. This however imposes cost constraints and
additional bandwidth requirements considering the present
technological infrastructure of cellular communication.
V. CONCLUSIONS
This paper presents a simple but effective way of SMS-banking technique for M-commerce. One major advantage of
the proposed SMS-based scheme is that, it is suitable for de-
veloping as well as under-developed countries. The proposed
scheme guarantees a high level of security because of the
introduction of digital watermarking for client authentication
and data transmission. It is shown that the proposed scheme,
because of wide-spread use of cellular phones, offers an
ease of implementation in conjunction with a high level of
security.
REFERENCES
[1] Hany Harb, Hassan Farahat, and Mohamed Ezz , Secure SMS Pay:
Secure SMS Mobile Payment Model.[2] [5] page 33, Tiwari, R. and Buse, “The Mobile Commerce Prospects: A
Strategic Analysis of Opportunities in the Banking Sector”, Hamburg:
Hamburg University Press, 2007. Proc. ECOC00, 2000, paper 11.3.4,p. 109.
[3] Mohammad Shirali-Shahreza and M. Hassan Shirali-Shahreza, “MobileBanking Services in the Bank Area”, in Annual Conference KagawaUniversity, Japan, Sept. 17-20, 2007,
[4] Mohammad Shirali-Shahreza, “Improving Mobile Banking SecurityUsing Steganography”, in International Conference on InformationTechnology (ITNG’07), 2007.
[5] Fadi Aloul, Syed Zahidi, Wassim El-Hajj, “Two Factor AuthenticationUsing Mobile Phones”, 2009.
[6] Md. Asif Hossain, Sarwar Jahan, M. M. Hussain, M.R. Amin and S.H. Shah Newaz, “A Proposal for Enhancing The Security System of Short Message Service in GSM”, in 2nd International Conference on Anti-counterfeiting, Security and Identification, pages: 235 - 240, 20-23Aug. 2008.
[7] Frank Hartung and Friedhelm Ramme, “Digital Rights Managementand Watermarking of Multimedia Content for M-Commerce Applica-tions”, in Communications Magazine, IEEE , Volume: 38 , Issue: 11,
Page(s): 78 - 84, 2000.[8] Gwo-Chin Tai and Long-Wen Chang, “A Novel Public Digital Water-
marking for Still Images Based on Encryption Algorithm”, in IEEE
37th Annual International Carnahan Conference on Digital Object Identifier Security Technology, 2003, Page(s): 264 - 267, 2003.
[9] Sviatolsav Voloshynovskiy, Shelby Pereira, Thierry Pun, Joachim Eg-gers Jonathan K. Su, “Attacks on Digital Watermarks: Classification,Estimation-Based Attacks, and Benchmarks”, inIEEE Communications Magazine August 2001, Volume: 39 , Issue: 8 , Page(s): 118 - 126,2001.
[10] Valery Korzhik, Guillermo Morales-Luna, Dmitry Marakov, andIrina Marakova, “Watermarking of Binary Messages in Conditionsof an Additive Binary Noise Attack”, in IEEE Signal Processing
Letters,2003,Volume: 10 , Issue: 9 , Page(s): 277 - 279, 2003.[11] The WIKIPEDIA website . [Online]. Ava ilable:
http://en.wikipedia.org/ [12] The WIKIPEDIA website . [Online]. Ava ilable:
http://en.wikipedia.org/ [13] “ITU Internet Report 2006” ,Digital.life, Chapter 3, 2006.[14] Gwenae Le Bodic, John Wiley,“Mobile Messaging Technologies And
Services: SMS, EMS and MMS (Second Edition) , John Wiley & SonsLtd (p52-54), 2005.
[15] “Alphabets and language-specific information”, 3GPP TS 23.038.[16] Toorani, M.; Beheshti Shirazi, A.A, “SSMS - A Secure SMS Mes-
saging Protocol for the M-Payment Systems”, in Proceedings of the13th IEEE Symposium on Computers and Communications (ISCC’08),pp. 700-705, July 2008.
[17] The WIKIPEDIA website . [Online]. Ava ilable:http://en.wikipedia.org/
[18] Mohammed AlZomai, Audun Jsang, Adrian McCullagh, Ernest Foo,“Strengthening SMS-Based Authentication through Usability”, in In-
ternational Symposium on Parallel and Distributed Processing with Applications, 2008.
[19] C.Narendiran, S.Albert Rabara, N.Rajendran , “Performance Evalua-tion on End-to-End Security Architecture for Mobile Banking System”,
in IEEE Networking Conference, 2008.[20] Ding Huang and Hong Yan, “Interword Distance Changes Rep-
resented by Sine Waves for Watermarking Text Images”, in IEEE Transactions on Circuits and Systems for Video Technology , Volume:11 , Issue: 12 , Page(s): 1237 - 1245, 2001.
[21 ] The DERAM FABRIC website . [Online ]. Ava ilable:http://www.dreamfabric.com/
173173