Secure Encryption with Digital Signature Approach for Short Message Service Neetesh Saxena
Narendra S. Chaudhari
Department of Computer Sc. & Engineering Indian Institute of Technology, Indore, India
[email protected]
Department of Computer Sc. & Engineering Indian Institute of Technology, Indore, India
[email protected]
Abstract – As Short Message Service (SMS) is now widely used as business tool, its security has become a major concern for business organizations and customers. However, their security is a critical issue cumbering their application and development. This paper analyses the most popular digital signature algorithms such as DSA, RSA and ECDSA and compared these algorithms. These signature algorithms were implemented in Java with various different key sizes set. Experimental comparison results of the three signature algorithms were presented and analysed. The results show that ECDSA is more suitable to generate the signature and RSA is more suitable to verify the signature on mobile devices. The experimental results are presented to show the effectiveness of each algorithm and to choose the most suitable algorithm for SMS digital signature. Next, we propose a new algorithm for digital signature based on ECDSA. At the end, conclusion and future extension of this work is discussed. Keywords—SMS, ECDSA, RSA, DSA, digital signature
I. INTRODUCTION The mobile phone is already an integral part of the lives of more than 1.8 billion people worldwide [1]. With Internet rapidly developing, SMS with e-commerce plays an important role in business transactions and is conducting business communications and solutions over the networks and through computers and mobiles [2]. These networks may be wireless or wired in nature. Apart from this, digital signatures are important because they provide not only end-to-end message integrity guarantees but also authentication information about the originator of a SMS. In applications, they are suitable for signing message in e-commerce, e-voting, and other transactional activities. SMS is a store-and-forward, easy to use, popular, and low cost service [3]. But the problem is that the existing SMS is not free from the eavesdropping, but security is the main concern for any business company such as banks who are providing these mobile banking. Presently there is no such scheme which can give the complete SMS security [4]. II. RELATED WORK Many authors have used different encryption techniques to provide confidentiality to transmitted messages. Some of these works are presented in this section. In a study by Mary Agoyi and Devrim Seral [1] large key size algorithms are not suitable for SMS encryption due to small memory and low computational power of mobile phones. Elliptic curve’s ability of providing high security with smaller key size makes it very useful in resource-limited device such as mobile phone. This has put Elliptic curve at an advantage over the RSA and ELGamal in SMS encryption. In the paper of Alfredo De Santis, Aniello
978-1-4673-4805-8/12/$31.00©2012 IEEE
Castiglione and Umberto Ferraro Petrillo [2] the results seem to show that RSA and DSA cryptosystems perform generally better than ECDSA, except when using very large keys. Nassim Khozooyi, Maryam Tahajod and Peyman khozooyi [5] are discussed the security of mobile network protocol along with information security for governmental transactions. A new public key-based solution for secure SMS messaging (SSMS) is introduced by M. Toorani and A. Beheshti Shirazi [6]. It efficiently combines encryption and digital signature and uses public keys for a secure key establishment to be used for encrypting the short messages via a symmetric encryption. In a study of [7] the application for securing of SMS has been designed and implemented, which prevents tapping and also substituting. For securing, it has been chosen the asymmetric cipher RSA. Brutal force decryption of RSA cipher with a length of 1,024 bit keys has not been successfully implemented yet. In the paper of C. Narendiran, S. Albert Rabara and N. Rajendran [8] an end-to-end security framework using PKI for mobile banking is proposed. The security framework solution allows us to provide strong customer authentication and nonrepudiation by employing public-key cryptography for customer certificates and digital signatures. In the paper of Mohsen Toorani, Ali Asghar and Beheshti Shirazi [9], the security of the GSM network is evaluated, and a complete and brief review of its security problems is presented. Next the technical paper [10] describes the NextGen Short Message Gateway (NSMG) Architecture, which can support SMS over cellular, non-cellular generic IP networks and internetworking between the different messaging methods used in different networks. III. SMS AND GSM ARCHITECTURE This section discusses about the implementation of secure SMS exchange by using binary SMS messages rather than traditional textual messages. Each SMS message can hold a maximum of 140 bytes (equivalent to the 160 7-bit characters used for textual messages) [3]. 1 byte UDP Header
8 bytes UDP sender and receiver port
1 byte Msg Type
8 bytes 122 bytes Timestamp Data
Figure1. SMS payload
This total 140 bytes are partitioned as shown in Figure1. The first two fields represent the User Data Header (UDH), an extension to the GSM specifications that deliver the message to a specific application listening on a specific port at destination. Next, the subsequent 9 bytes are used to specify the message
803
1) 160 characters if 7-bit character encoding is used. (encoding Latin characters like English alphabets.) 2) 70 characters if 16-bit Unicode UCS2 (2-byte Universal Character Set) character encoding is used. (SMS text messages containing non-Latin characters like Chinese characters should use 16-bit character encoding.) IV. DATA ENCRYPTION AND INTEGRITY Both symmetric and asymmetric cryptography can be used to encrypt the message. But the main problem with symmetric key system is its secret key; anyone who knows the secret key can decrypt the message very easily [1]. So to prevent it, one answer is asymmetric encryption. In this paper, asymmetric algorithm like RSA is implemented with PKCS1 padding scheme and OAEP padding scheme with MD5 and SHA1 message digests based on hash function [4].
The hash code should be sufficiently small enough to be manageable in further manipulations and large enough to prevent an attacker from randomly finding a block of message that generates the same hash code [11]. V. DIGITAL SIGNATURE Digital signatures rely on the encryption process to ensure the authentication [12]. Digital signatures can provide the assurance of the evidence to provenance and identity approval by a signatory. Some common reasons are to for applying a digital signature to communications including Authentication, Integrity, and Non-repudiation [11]. In this section, we will discuss some popular digital signature algorithms like RSA, DSA and ECDSA. Digital Signature Generation Time (milliseconds) ---->
type (1 byte) and the timestamp (8 bytes). The Message Type field indicates the Encrypted approach used to process the current SMS and the key length used by that cipher. The Timestamp field stores the time when the SMS has been sent. Finally, data field is used by the chosen cryptosystem to carry the contents of SMS with public-keys and signatures [2]. One SMS message can contain at most 140 bytes (1120 bits) of data, so one SMS message can contain up to:
16.2 16 15.8 15.6 15.4 15.2 15 14.8 14.6 14.4
RSA with SHA1
160
2X160
3X160
4X160
5X160
Size of Message ---->
Figure 5. Digital Signature DSA and RSA Generation
RSA Implementation Time (milliseconds) ---->
DSA with SHA1
250
ECDSA Algorithm
200 RSA with PKCS1padding
150
RSA with MD5 and OAEP 100
RSA with SHA1 and OAEP
50 0 Key Generation
Encryption
The mathematical basis for the security of elliptic curve cryptosystems is the computational intractability of ECDLP and smaller parameters can be used in ECC than with DL systems with equivalent levels of security.
Decryption
Operations ---->
Digital Signature Verification
Time (milliseconds) ---->
RSA Key Generation 2500 2000 1500
DSRSA_MD5
1000
DSRSA_SHA1
25 20 15
DSA with SHA1
10
RSA with SHA1
5 0 160
500
2X160
3X160
4X160
Key Size-1024
Key Size-2048
Figure 6. Digital signature DSA and RSA verification
Key Size ----->
Figure 3. Digital Signature RSA with Key Generation RSA with Message Digest 250 200 150
DSRSA_MD5
100
DSRSA_SHA1
Select a rational point G on E(GF(p)) , called it base point, find n which is a prime number (E(GF(2n)) where 2n for binary) satisfies the formula n*G = O, and select a one-way secure Hash function h(m) (such as SHA-1). For each system user, he has a private key ‘d’, calculate the public key P = d*G. If user A wants to sign on the message m, the scheme can be described as: 1. User A selects an integer k randomly, 0 < k < n, calculate k*G = (x, y), r = x mod n; if r = 0, return to (1).
50 0 Key Encryption Decryption Verification Generation Opera tions ---->
-1
2. Calculate e h (m) , s k (e r * d) mod n , if s = 0, return to (1).
Figure 4. Digital Signature RSA with Message Digests
804
5X160
Size of Message ----> 0 Key Size-512
Time (milliseconds) ---->
Time (milliseconds) ---->
Figure 2. RSA Key Generation (1024 bits) with Encryption and Decryption
2012 World Congress on Information and Communication Technologies
3. Take (r, s, e) as the digital signature of message m by A. The verification of digital signature: -1
-1
1. Calculate e1 h (m1 ), u s e1 mod n, v s r mod n 2. Calculate X u * G v* P s-1 (e1 *G r *d *G) s-1(e r *d)G =
k * G (x 1 , y 1 ) 3. If X = 0, this signature is refused; else calculate r1 x 1 mod n ; if r = r1, the confirmer accepts this signature.
Time (milliseconds) ---->
Signature Generation: DSA vs. ECDSA 18 16 14 12 10 8 6 4 2 0
DSA with SHA1
Figure5 and figure6 explains the results of RSA and DSA signature generation and signature verification respectively. This shows that signature generation takes less time through DSA but it takes more time to verify the signature. Figure7 and figure8 shows the comparison between DSA and ECDSA. The result shows that ECDSA is better than DSA in signature generation and verification.
ECDSA with SHA1
VII. PROPOSED A NEW APPROACH 160
2X160
3X160
4X160
5X160
Size of Message ---->
Figure 7. Digital Signature DSA and ECDSA Generation Signature Verification: DSA vs. ECDSA 25 Time (millisonds) ---->
eration takes more time than the other scenarios but the encryption and decryption takes almost same time in all scenarios. Figure3 and figure4 shows the results for RSA as digital signature algorithm. Figure3 is having the result of total execution time to generate keys of size 512-bits, 1024-bits and 2048-bits while figure5 demonstrate the result of signature generation with encryption and signature verification with decryption; with key generation of 1024-bits. In figure5, two message digest algorithms are used, MD5 and SHA1. Out of these SHA1 provides more security as it has more complex structure than MD5.
20 15
DSA with SHA1
10
ECDSAS with SHA1
5 0 160
2X160
3X160
4X160
5X160
Size of Message ---->
Figure 8. Digital Signature DSA and ECDSA verification
Secure digital signatures are essential components of ITsecurity solutions, and several schemes, such as DSA and ECDSA must be used in order to implement secure digital signatures. The security of such schemes relies on the hardness of the discrete logarithm problem, either in the multiplicative group of a prime field or in a subgroup of points of an elliptic curve over a finite field. VI. IMPLEMENTATION AND RESULTS These results were obtained on computer machine with configuration pentium4 processor, 160 GB hard disk, 1 GB RAM and Windows7 operating system. The platform used is Java (JDK 1.6) and Java API for this work. Here, three observations have taken for each encryption and decryption process with various data size and finally the average of three is considered. Figure2 shows the RSA key generation with 1024 bits. Apart from this it also covers the encryption and decryption process with different padding schemes like PKCS5 padding and OAEP padding. For maintaining the integrity of message, the message digest algorithms like MD5 and SHA1 are also implemented. Out of these scenarios, RSA with SHA1 and OAEP padding provides the best security, although its key gen-
The security objective of ECDSA is unforgeable against a chosen message attack and itself has been proven secure by Brown [13] under the assumption that the underlying group is a generic group and the hash function employed is collision resistant. The possible attacks on ECDSA can be based on ECDLP and the hash function employed. Some of these attacks and their solutions have summarized in some algorithms [14], [15], [16], [17], [18], [19], [20], [21], [22], and [23]. As a security aspect, a variant of ECDSA is proposed. Select a rational point G on E(GF(p)) , called it base point, find n which is a prime number (E(GF(2n)) where 2n for binary) satisfies the formula n*G = O, and select a one-way secure Hash function h(m) (such as SHA-1). For each system user, he has a private key‘d’, calculate the public key P = d*G. If user A wants to sign on the message m, the scheme can be described as:
0 k1 , k 2 n , calculate k1 * G (x1 , y1 ), k 2 * G (x 2 , y 2 ) , r1 x1 mod n , r2 x 2 mod n ; if r1= r2 = 0, return (1). 1. User A selects two integer k randomly,
-1
2. Calculate e h (m);s k1 (e* k 2 (r1 r2 ) * d) modn , if s = 0, return to (1). 3. Take (r1, r2, s,k2, e) as digital signature of message m by A. The verification of digital signature: 1.
-1
Calculate e1 h (m 1 ) , u s * e 1 * k 2 mod n ,
and
-1
v s * (r1 r2 ) mod n 2. Calculate X (x 3 , y 3 ) =
u *G v* P = s (e1 * k 2 * G (r1 r2 ) * d * G) = s-1(e1 * k 2 (r1 r2 ) * d)* G = k1 *G -1
2012 World Congress on Information and Communication Technologies
805
3. If X = 0, this signature is refused; else calculates r3 x 3 mod n ; if r3 r1 , the confirmer accepts this signature. Security analysis In [24], authors discuss that an adversary can determine an integer k randomly, and use it to recover the private key of user d. Suppose that the same per-message secret k1 and k2 is used to generate ECDSA signatures (r, s1) and (r, s2) on 2 different messages m1 and m2. Then -1
s1 k 1 (e1 * k 2 (r1 r2 ) * d) mod n -1
s 2 k 1 (e 2 * k 2 (r1 r2 ) * d) mod n where, e1 and e2 are the message digest of some cryptographic algorithms like SHA. So, e1 = SHA(m1); and e2 = SHA(m2); then,
k 1 * s 1 (e 1 * k 2 (r1 r2 ) * d) mod n
k 1 * s 2 (e 2 * k 2 (r1 r2 ) * d) mod n k 1 * (s 1 - s 2 ) ((e1 - e 2 ) * k 2 ) mod n
k 1 ((s1 - s 2 ) -1 * (e1 - e 2 ) * k 2 ) mod n An adversary can’t determine the secret key k1 because k2 is unknown to the adversary. VIII. CONCLUSION AND FUTURE EXTENSION The approach for securing of SMS has been designed and implemented. Although, DSA and ECDSA are popular digital signature algorithms, but for the quantum computer environment, these algorithms must be strong enough in order to break or prove vulnerable. There is a need to analyze the existing algorithms and find a better algorithm for digital signature on some harder problems. We have proposed a variant of ECDSA algorithm which is stronger than the existing ECDSA by choosing the random number k twice. The future work carries the analysis of various proposed algorithms listed in section VII and develops a strong algorithm for digital signature based on ECDSA. ACKNOWLEDGMENT This work is supported by Tata Consultancy Services, India. REFERENCES [1] [2]
[3] [4]
806
Mary Agoyi, Devrim Seral, “SMS Security: An Asymmetric Encryption Approach”, Sixth International Conference on Wireless and Mobile Communications, 2010 IEEE, pp 448-452. Alfredo De Santis, Aniello Castiglione and Umberto Ferraro Petrillo “An Extensible Framework for Efficient Secure SMS” International Conference on Complex, Intelligent and Software Intensive Systems, 2010 IEEE, pp 843-850. Salman Firdaus bin Haji Sidek, “The Development of the Short Messaging Service (SMS) Application for the School Usage”, 978-14244-6716-7/10/$26.00, 2010 IEEE, pp. 1382-1386. Neetesh Saxena and Ashish payal, “Enhancing Security System of Short Message Service for M-Commerce in GSM”, International
Journal of Computer Science & Engineering Technology (IJCSET), ISSN: 2229-3345 Vol. 2 No. 4, April 2011, pp. 126-133. [5] Nassim Khozooyi, Maryam Tahajod, Peyman khozooyi, “Security in Mobile Governmental Transactions”, 2009 Second International Conference on Computer and Electrical Engineering, 2009 IEEE, pp 168-172. [6] M. Toorani and A. Beheshti Shirazi, “SSMS - A secure SMS messaging protocol for the m-payment systems”, in Computers and Communications, IEEE Symposium on, July 2008 IEEE, pp 700–705. [7] D. Lisonek and M. Drahansky, “SMS Encryption for Mobile Communication”, in Security Technology, SECTECH ’08. International Conference on, Dec. 2008 IEEE, pp 198–201. [8] C. Narendiran, S. Albert Rabara, N. Rajendran, “Performance Evaluation on End-to-End Security Architecture for Mobile Banking System”, 978-1-4244-2829-8/08/$25.00, 2008 IEEE. [9] Mohsen Toorani, Ali Asghar Beheshti Shirazi, “Solutions to the GSM Security Weaknesses”, the Second International Conference on Next Generation Mobile Applications, Services, and Technologies, 2008 IEEE, pp 576-581. [10] Muhammad Saleem, Kyung-Goo Doh, “Generic Information System Using SMS Gateway”, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology, 2009 IEEE, pp 861-866. [11] W. Stallings, “Cryptography and network security”, Prentice Hall, 2006, New Jersey, United State. [12] Yu Lei; Deren Chen and Zhongding Jiang, "Generating digital signatures on mobile devices",18th International Conference on in Advanced Information Networking and Applications, AINA 2004, Volume 2, pp. 532 – 535. [13] D. Brown, “The exact security of ECDSA”, Technical report CORR 2000-54, Dept. of C&O, University of Waterloo, 2000. Available from http://www.cacr.math.uwaterloo.ca [14] S. Pohlig and M. Hellman, “An improved algorithm for computing logarithms over GF(p) and its cryptographic significance”, IEEE Transactions on Information Theory, 24 (1978), 106-110. [15] J. Pollard, “Monte Carlo methods for index computation mod p”, Mathematics of Computation, 32 (1978), 918-924. [16] G. Frey and H. R¨uck, “A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves”, Mathematics of Computation, 62 (1994), 865-874. [17] A. Menezes, “Elliptic Curve Public Key Cryptosystems”, Kluwer Academic Publishers, Boston, 1993. [18] A. Menezes, T. Okamoto and S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field”, IEEE Transactions on Information Theory, 39 (1993), 1639-1646. [19] T. Satoh and K. Araki, “Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves”, Commentarii Mathematici Universitatis Sancti Pauli, 47 (1998), 81-92. [20] I. Semaev, “Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p”, Mathematics of Computation, 67 (1998), 353-356. [21] N. Smart, “The discrete logarithm problem on elliptic curves of trace one”, Journal of Cryptology, 12 (1999), 193-196. [22] R. Gallant, R. Lambert and S. Vanstone, “Improving the parallelized Pollard lambda search on binary anomalous curves”, to appear in Mathematics of Computation. [23] M. Wiener and R. Zuccherato, “Faster attacks on elliptic curve cryptosystems”, Selected Areas in Cryptography, Lecture Notes in Computer Science, 1556 (1999), Springer-Verlag, pp. 190-200. [24] Neetesh Saxena, Narendra S. Chaudhari, “A Secure Digital Signature Approach for SMS Security”, International journal of Computer Application (IJCA), ISBN: 978-93-80864-99-3, Special issues on IP Multimedia Communications, published by Foundation of Computer Science, New York, USA, Oct. 2011, pp. 98-102.
2012 World Congress on Information and Communication Technologies
