NJ Croft and MS Olivier, "Using an Approximated One-Time Pad to Secure Short Messaging Service (SMS)," in D Browne (ed), Southern African Telecommunication Networks and Applications Conference 2005 (SATNAC 2005) Proceedings, Vol 1, 71-76, Champagne Castle, South Africa, September 2005
Short Message Service (SMS) is a hugely popular and easily adopted communications technology for mobile devices. Yet due to a lack of understanding in its insecure implementation, it is generally trusted by people. Users conduct business, disclose passwords and receive sensitive notification reports from systems using this communication technology. SMS was an “after-thought” in the Global System for Mobile Communication (GSM) design which uses SS7 for signalling. SMSs by default are sent in cleartext form within the serving GSM’s SS7 network, Over The Air (OTA), and potentially over the public Internet in a predictable format. This allows anyone accessing the signaling system to read, and or modify the SMS content on the fly.
In this paper, we focus our attention on alleviating the SMS security vulnerability by securing messages using an approximate one-time pad. A one-time pad, considered to be the only perfectly secure cryptosystem, secures an SMS message for transport over any medium between a mobile device and the serving GSM network. Our approach does not alter the physical underlying GSM architecture.
GSM, SMS, Security
@INPROCEEDINGS(secsms,
AUTHOR={Neil J Croft and Martin S Olivier},
TITLE={Using an approximated One-Time Pad to Secure Short Messaging Service ({SMS})},
BOOKTITLE={Southern African Telecommunication Networks and Applications Conference
2005 (SATNAC 2005) Proceedings},
VOLUME={1},
EDITOR={David Browne},
ADDRESS={Champagne Castle, South Africa},
MONTH={September},
YEAR={2005},
PAGES={71--76} )
The full text may be downloaded from http://mo.co.za/open/secsms.pdf (PDF, 94K).
[Publications]
[Home]
Page maintained by
Martin Olivier
Last update: 10 November 2007