Secure SMS Based Automatic Device Pairing Approach for Mobile Phones Shoohira Aftab1, Amna Khalid1, Asad Raza2,*, and Haider Abbas1,3 1
National University of Sciences and Technology, Islamabad, Pakistan Faculty of Information Technology, Majan University College, Muscat, Oman
[email protected] 3 Center of Excellence in Information Assurance, King Saud University, Saudi Arabia
[email protected],
[email protected] 2
Abstract. Bluetooth is recognized as one of the efficient way of data transmission at short distances wirelessly. Despite the fact that Bluetooth is widely accepted wireless standard for data transmission, there are also some security issues associated with Bluetooth. The pairing of Bluetooth and secure sharing of the Bluetooth pairing key is the challenge faced by the Bluetooth infrastructure today. This paper proposes the use of Out Of Band (OOB) channel for key exchange; hence proposing the use of security strengths of Global System for Mobiles (GSM) to securely communicate the encryption keys between the mobile devices, even if the users are not in the visibility range of each other. Once users accept the request to pair their devices, keys are exchanged between them and are used to set a secure communication channel between the mobile devices. The keys are exchanged via Short Message Service (SMS a service provided by GSM) and are automatically delivered to the Bluetooth pairing procedure by eliminating the need to manually communicate the Keys. Keywords: Mobile Device Pairing, Out Of Band (OOB) Channel, Global System for Mobiles (GSM), Short Messaging Service (SMS).
1
Introduction
Mobile cell phones are nowadays equipped with Bluetooth and Wi-Fi technology that is used to share confidential data like pictures and documents among various users. Due to broadcast nature of Bluetooth and Wi-Fi it is quiet easy to intercept the communication between the devices. Therefore there is a need for a secure channel to be established between the devices for such communication. As these devices lack high computation power so the protocol and the algorithm need not to be cumbersome and at the same time secure enough to protect against attacks. Pairing of two mobile phones requires a trusted channel to exchange keys. Most common approach is to enter the PIN(Personal Identification Number) on both devices and then that PIN is used to derive session keys. This mechanism of authentication *
Corresponding author.
D.-S. Huang et al. (Eds.): ICIC 2013, LNAI 7996, pp. 551–560, 2013. © Springer-Verlag Berlin Heidelberg 2013
552
S. Aftab et al.
through PIN; requires both the users to share the PIN through verbal communication. Another method is to use a cable as Out Of Band (OOB) channel to secure paring. Sharing the PIN through verbal communication can be easily eavesdropped by the attacker in range. Medium range for Bluetooth is 10m but to transfer the key by speaking, user needs to be less than 2-3 meter [8], otherwise it would be similar to broadcasting the key. Attacker could also intercept the key if one user is telling the other at the max distance. Using cable as OOB to sure exchange of PIN is comparatively a better solution but it affects the sole purpose of Bluetooth communication which is based on wireless. It also requires the users to be at a closer distance. Hence, both the options have drawbacks for establishing a secure channel. Motivated by the fact that cost of SMS, provided by GSM network has been reduced drastically with time [15]. All mobile phone has the capability of SMS. The paper proposes solution to use SMS to transfer the key securely to other device. The process would require minimum user interaction .General overview is described in Fig. 1.
Fig. 1. General Overview
The device pairing mechanism depicted in Fig.1 has the following contributions: • • •
SMS based automatic key transfer method. This method does not require comparison or entering number while most of the methods require this. This proposed method assumes that GSM network offers secure / encrypted communication [10]. This method doesn’t require user to be at closer distance in audio visual range of other mobile device user.
The paper is organized as follows. Section 2 provides an overview of the cryptographic protocols and device pairing methods, which are relevant to this approach. Section 3 explains the problem and requirements associated with the area. Section 4 describes our approach to use GSM network for secure key exchange.
Secure SMS Based Automatic Device Pairing Approach for Mobile Phones
553
Section 5 explains the algorithm of the proposed approach. Section 6 describes the GSM packet and the proposed packet format. Section 7 shows the result of the survey based on this approach. Section 8 provides conclusions and future work.
2
Background and Related Work
This section presents an overview of the relevant key cryptographic protocols, exchange methods, device pairing methods and security of GSM network. 2.1
Cryptographic Protocols
Balfanz [3] uses public key cryptography to secure the key exchange. The protocol works in the following fashion. Public key of A (Pka) and Public Key of B (Pkb) are exchanged over the insecure channel and their respective hashes H(Pka) and H(Pkb) over OOB channel to make sure that the public keys are not forged [3]. This protocol requires hash function to be collision resistant and requires at least 80 bits of data to be transferred over OOB channel in each direction. MANA protocol [4] use k bits OOB data and limiting the attacker success probability to 2-k. However they doesn’t cater for the possibility that attacker can delay or replay OOB messages. Another approach is to use Short Authentication String (SAS) protocol presented by F. Stajano and R. J. Anderson in [5].The protocol prevent the attack probability to 2-k for k bit of OOB message. SAS protocols are usually based on two things i.e. 1). Use of OOB channel to transmit SAS from one device to another, or 2). the user compare two values generated by the devices involved in pairing. Password Authenticated Key exchange (PAK) protocols [1] require users to generate or select a secret random number and somehow enter in both devices. Authenticated key exchange is then performed using the secret random number as authentication [2]. 2.2
Device Pairing Methods
Based on many proposed cryptographic protocols, a number of pairing methods have been proposed. The methods are proposed by keeping in mind the wide variety of devices involved in the process of pairing. Based on different limitation of devices methods have been proposed. These methods use different available OOB channel and thus offer varying degree of security, reliability and usability. A method named “Resurrecting Duckling” is proposed to counter the Man in The Middle (MiTM) attack [5]. It uses the standardized physical interfaces and cables. Due to wide variety of devices available today this method is now almost obsolete. Another reason is that use of the cable voids the advantages of wireless communication. “Talking to Stranger” [6] was another one of the initial approaches to counter MiTM attack. It uses infrared (IR) communication as OOB channel to authenticate and establish a secure channel. This method requires line of sight for communication via infrared which not only raises the issue of close distance but it is also prone to MiTM attack.
554
S. Aftab et al.
Another approach is based on synchronization of audio visual signal [7]. This method uses blink or beep to synchronize two devices. This method was suitable for devices which lack the display and input capability. As it require only two LEDs or a basic speaker. However all of them require users comparing audio/visual patterns. “Loud and clear” [8] uses audio OOB channel along with vocalized sentence as a digest of information that is transmitted over wireless channel. Although the methods explained in this section provide certain level of trust but they also limit in terms of OOB, distance and MiTM. On the contrary, the paper proposed an approach which uses the GSM security to handle some problems identified in existing solutions.
3
Problem Setting
The problem is to establish a secure channel between two mobile phones that require transferring key to both devices. After successful transfer of key the device can use that to derive session keys to provide confidentiality of data. Requirement for the solution are as follows: • • •
4
Reliability: User can rely on the process to establish a secure channel. Usability: User should find the pairing process as easy-to-use. Automation: The process for secure key exchange should not require any manual configurations. Once the secret key is exchanged securely, secure communication channel should be established between devices.
SMS Based Key Transfer
This section presents SMS based key exchange mechanism. The proposed solution takes the advantage of security provided by GSM networks. By using SMS service both the parties are authenticated to each other. The proposed scheme overcomes limitations of existing schemes. This section will present complete algorithm and packet format for this scheme. The possession of symmetric secret key confirms the authentication process. For data transfer the key can be used to provide confidentiality of data. The only information known to both the user is the cellular mobile number so that they can exchange the key. The proposed solution is as follows: • • •
User selects the object to be sent via Bluetooth. A random bit string of variable length is generated. Variable length key means that key length of desired security can be generated. 256 bit key is considered to provide enough protection.[14] User enters the other user’s cellular number or can select from phonebook. As in most of the cases, one has already the number of the person, he wants to share data with. Even if the Cellular Identification (ID) needs to be told it is considered as a public entity and doesn’t affect the security. There is a possible scenario that if someone doesn’t want to share his/her mobile number with other user. Later in
Secure SMS Based Automatic Device Pairing Approach for Mobile Phones
• •
555
this paper we have conducted a survey to further support this approach that most of the users have no problem in sharing their cellular ID with the people they wish to exchange data/information via Bluetooth. Using SMS; these random numbers are transferred to the other device. By combining both numbers first initiator and then acceptor a common secret is securely exchanged between mobile phones. Now this key can be used directly to encrypt the data and provide integrity check or can be used to generate further keys for this process. By combining both number reduces the chance of guessing. Even if one user’s random numbers are guessed by the attacker, even then the other user’s random number are to be find out.
This scheme also facilitate the discovery process even if the device is made invisible to everyone a secure connection can establish without turning it visible to all. This would avoid denial of service attack in which the attacker tried to exhaust the device by sending repeated connection requests. There is also an optional feature to automatically switch on the Bluetooth device on receiving data. This option is kept optional as the survey results shows that quite a large percentage of people want to switch on Bluetooth manually, although higher percentage preferred this process to be automatic. The sequences of events are shown in Fig. 2.
Fig. 2. Sequence Diagram
5
Algorithm
The algorithm for SMS based automatic device pairing is described in this section. Fig. 3 explain the algorithm sequence of events, when device A wants to share data with device B.
556
• • • • • • • • • •
S. Aftab et al.
Device A selects an object to be sent via Bluetooth and select Cellular ID of Device B. Device A generates a random bit string RAND_A (256 bit long) and composes a GSM Packet which contains RAND_A and pairing request identifier. Device A Device B (Secure GSM network) Device B receive request to pair via SMS. Device B accepts Device A’s request to pairing by conforming the Cellular number to Device A’s ID. Device B generates another Random bit string RAND_B (256 bit) and compose a GSM Packet which contain RAND_B and pairing conform identifier. Device B Device A (secure GSM network) Device B calculate key as RAND_A||RAND_B Device A receives RAND_B with conform identification Device A calculate key RAND_A||RAND_B
Fig. 3. Algorithm
Secure SMS Based Automatic Device Pairing Approach for Mobile Phones
6
557
Proposed SMS Packet
GSM is the second generation protocol used to transmit and receive digitally modulated voice and data signals. In this paper, the concern is with the Short Message Service provided by GSM. It was considered to be the OOB channel for the key exchange during the Bluetooth pairing procedure. GSM provides sufficient security on the SMS packet. It provides A3, A5 and A8 security features. Our objective is to send the random number via SMS and it is received in the Bluetooth bucket. For this matter it was not needed to suggest changes in the GSM SMS format however it is needed to add new parameters to the GSM SMS invoking and delivering Uniform Resource Locator. Since every SMS is sent via URL; these URLs define the destination, port and the type of the data in the SMS packet. The problem in automating Bluetooth pairing procedure by an SMS was to redirect an SMS packet to the Bluetooth modem, because if the normal SMS is sent , it will be delivered to the inbox port of the receiving device and the user have to manually transfer the Random number from the received message (in the inbox) to the Bluetooth pairing procedure. However in order to automate, it should be received at the Bluetooth modem. Here it is needed to add changes into the SMS URL not the SMS packet frame. Each SMS is delivered via URLs. These URL describe parameters through the network. For example “http://127.0.0.1:8800/?PhoneNumber=xxxxxxxx&…” 127.0.0.1 is the gateway, 8800 is the port number and after ‘?’ are the parameters. As in example there is a Phone number; that cannot be written as +923214004499 rather following the syntax and write it as %2B923214004499 [15]. Here is another example URL that can send a text message to the desired Phone number provided the sender knows the IP address of the gateway it is connected through [15]. http://127.0.0.1:8800/?PhoneNumber=xxxxxxxx&Text=this+is+my+message This is the basic URL format and the parameters define: where to send the packet, either acknowledgement is required or not, what is the type of packet. All these questions are answered in the SMS URL parameters. The Short Message Service Center (SMSC) is the body that reads these parameters and route the SMS to the path described in the parameters. There are certain HTTP parameters that route the packet through a specific SMSC. The HTTP interface supports SMSCRoute parameter, identified by a route name (Route name can be added by making amendments to SMSGW.IN) for example Bluetooth modem [5]. By defining the SMSCRoute to Bluetooth modem the particular SMS would be delivered on the Bluetooth modem. Therefore the message containing the random number is directly received by the Bluetooth hence making it automated because user is neither involved in random number generation nor in number transmission.
7
Results
The results of this paper are survey based. A Questionnaire based survey was initiated on a social networking platform (Facebook) and the people from different backgrounds (IT and non-IT professionals) polled for the answers. These people were not
558
S. Aftab et al.
influenced by any social or political pressures from any individual or organization having any concerns with the writing or reading of this paper. Following questions Q1,Q2,Q3 were asked as shown in Fig.4, Fig.5 and Fig.6: Q.1. The people you share data with (on Bluetooth) are listed in your phonebook?
Fig. 4. 64.8% Yes+8.1% No+24.3% May be
Out of a total of 74 people; 48 people said ‘Yes’, they already have the phone numbers of the people they usually share data with. 6 people said ‘No’, they don’t have the cell numbers of the people they are sharing data with and 18 people said May be i.e., sometimes they have the cell number sometimes don’t. Q.2. Do you mind sharing your cell number with the people you share data (on Bluetooth) with?
Fig. 5. 12.6% Yes+ 83.78% No+ 4.02% May be
Out of a survey of 74 people 9 said Yes they would mind sharing their cell numbers with people they are sharing data on Bluetooth with. 62 said No, They don’t have any objection on sharing the cell number and 3 people said sometime, they may object sharing cell number sometime they may not. Q.3. Would you like to automatically receive the data after accepting the pairing request?
Fig. 6. 59.4% Yes+ 40.5 No+ 0 May be
Secure SMS Based Automatic Device Pairing Approach for Mobile Phones
559
When this question was presented to 74 different people the result came out to be; 44 people said Yes, we would like to get rid of that frequent acceptance of every file. 30 said No, it should ask me before transferring a file. According to the survey people usually have the cell numbers already listed in their phonebooks with whom they are going to share data with, and most of the people don’t mind sharing their cell number and most of the people want to get rid of the per file acceptance decision notification.
8
Conclusion
The paper presents a possible solution to transfer the PIN between the two mobile devices without extra effort of exchanging pairing keys manually through SMS. It inherits the GSM technology’s security needed for the initial key derivation between the devices. Once the secure channel is set, the communication can be carried out privately. There are some limitations associated with the approach which can be further improved. This method is dependent on GSM security. If GSM network is not available then this method can’t function properly. The paper also presents the survey results of using SMS as Bluetooth key exchange to get an opinion of the users. The survey results show that most of the people are willing to communicate the cell number (already a public entity) instead of the private entities like pairing code. The future direction of this research is to develop a mechanism to encrypt the key with extra shield using Bluetooth technology.
References 1. Boyko, V., MacKenzie, P.D., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000) 2. Alfred, K., Rahim, S., Gene, T., Ersin, U., Wang, Y.: Serial hook-ups: a comparative usability study of secure device pairing methods. In: Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS 2009) (2009) 3. Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks. In: Proc. NDSS 2002: Network and Distributed Systems Security Symp. The Internet Society (February 2002) 4. Gehrmann, C., Mitchell, C.J., Nyberg, K.: Manuall authentication for wireless devices. RSA CryptoBytes 7(1), 29–37 (2004) 5. Stajano, F., Anderson, R.J.: The resurrecting duckling: Security issues for ad-hoc wireless networks. In: Security Protocols Workshop (1999) 6. Perrig, Song, D.: Hash visualization: a new technique to improve real-world security. In: International Workshop on Cryptographic Techniques and E-Commerce (1999) 7. Margrave, D.: GSM Security and Encryption, http://www.hackcanada.com/ blackcrawl/cell/gsm/gsm-secur/gsm-secur.html (last Accessed on September 12, 2012)
560
S. Aftab et al.
8. Ameen, Y.: Pakistan has the lowest SMS cost In The World: Research Report, http://www.telecomrecorder.com/2011/01/14/pakistan-has-thelowest-sms-cost-in-the-world-research-report/ (last Accessed on May 12, 2012) 9. Stepanov, M.: GSM Security : Available at, Helsinki University of Technology, http://www.cs.huji.ac.il/~sans/students.../GSM%20Security.ppt (last Accessed on May 12, 2012) 10. Brute force attack, http://en.citizendium.org/wiki/Brute_force_ attack/Draft (last Accessed on May 18, 2012) 11. SMS URL Parameters for HTTP, http://www.nowsms.com/doc/ submitting-sms-messages/url-parameters (last Accessed on July 17, 2012) 12. Suominen, M.: GSM Security, Helsinki University of Technology, http://www.netlab.tkk.fi/opetus/s38153/k2003/Lectures/ g42GSM_security.pdf (last Accessed on April 17, 2012) 13. Brookson, C.: GSM & PCN Security Encryption, http://www.kemt.fei.tuke.sk/predmety/KEMT414_AK/_materialy/ Cvicenia/GSM/PREHLAD/gsmdoc.pdf (last Accessed on April 14, 2012) 14. Hwu, J.S., Hsu, S.F., Lin, Y.B., Chen, R.J.: End-to-end Security Mechanisms for SMS. International Journal of Security and Networks 1(3/4), 177–183 (2006) 15. Routing SMS messages to a Specific SMSC Route, http://www.nowsms.com/ routing-sms-messages-to-a-specifc-smsc-route (last Accessed on February 14, 2012)
