Secure end-to-end SMS communication over GSM networks

In today´s GSM networks, security mechanisms provided by network operators are limited to the wireless links only, leaving the information traveling over the wired links insecure to a large extent. Moreover, the encryption algorithms used over the wireless links provide weak notion of security. Thus end-to-end security for SMS communication is not achieved in current GSM networks. An adversary is able to capture the traffic over the wireless link and decrypt it using specialized hardware. Short Message Service (SMS) is used widely all over the world which may contain sensitive and confidential information like financial transactions. SMS spoofing applications are widely available through which any sender ID can be set. The objectives of this research includes end-to-end confidentiality, authentication, message integrity and non-repudiation of SMS. The proposed scheme uses symmetric key and identity based techniques for encryption and key management. The overhead incurred due to addition of control information may increase the message length but the computational delay due to cryptographic operations is negligible on mobile devices with 1GHz+ processors. The proposed solution ensures end-to-end security even if the transmission is tapped, leaked or sniffed on either the wired or wireless links.