Review of Short Messaging Service Security

Abstract

Short Message Service (SMS) has grown in popularity over the years and it has become a common way of communication. SMS is usually used to transport unclassified information, but with the rise of mobile commerce it has become a popular tool for transmitting sensitive information between the business and its clients. By default SMS does not guarantee confidentiality and integrity to the message content. Therefore SMS is not totally secure and reliable. The Short Messaging Service (SMS) is global wireless service that is used to send and receive the messages over Global System for Mobile Communication (GSM).There is no built –in procedure to authenticate and offer security for text transmitted over GSM network. The reason behind it is most of the applications for mobile devices are designed and developed without taking security into consideration. This paper describes all the existing security mechanisms in SMS and security shortfalls and various attacks on GSM networks which include Authentication, Encryption, Equipment Identification and Subscriber Identity Confidentiality, Denial of service Attacks, Brute force attack, Replay Attack as well as the manifestation of network vulnerabilities including SMS attacks, encryption attacks and security measures to prevent GSM network from these attacks. KeywordsShort message service security, mobile communication, Global System for Mobile Communication, Wireless Messaging API Short Message Service (SMS) can be defined as any text, voice, sound or image message sent over a public communications network, which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient [1]. Although SMS was originally meant to notify users of their voicemail messages, it has now become a popular means of communication by individuals and businesses. Banks worldwide, including in South Africa, are using SMS to conduct some of their banking services [2]. For example, clients are able to query their bank balances via SMS. When sensitive information is exchanged using SMS, it is crucial to protect the content from eavesdroppers. By default, SMS content is sent over the Global System for Mobile communications (GSM) network in clear text form, or in a predictable format [3]. This allows an attacker with the right equipment to eavesdrop on the information that is being sent. Another problem with SMS is that the originating address (OA) field in the SMS header can be forged, thus allowing masquerading and replay attacks. Therefore SMS is not totally secure and cannot always be trusted. For example, there has been at least one case in the UK where SMS information has been abused by the operator employees [3]. SMS has become a popular wireless service throughout the world as it facilitates a user to be in touch with any mobile phone subscriber anywhere in the world, instantaneously and without any hassle [4].hence, it is important to prevent the SMS content from being illegally intercepted/interrupted by illegal sources as well as to ensure the origin of the message from the legitimate sender. Additionally, unencrypted SMS content during the transmission allows the mobile operator’s employee to read and modify the SMS content. Unfortunately, the SMS does not have any built in vetting procedure to authenticate the text or provide security for the data/text transmitted. All SMS facilities should incorporate some form of basic security mechanism in terms of confidentiality, integrity, authentication and non-repudiation of the messages before it can deemed suitable for use by the government, commercial and military services [5]. The Short Messaging Service, or SMS, is a bi-directional service to send text over wireless communication systems. It consists of a message that can be up to 160 alphanumeric characters in length. Though originally a GSM service, SMS messages are now a globally accepted service. The messages can be stored in that network until they are collected by the recipient’s terminal equipment II. SMS PACKET FORMAT An SMS packet contains a header and a payload (see Fig. 1). The header contains information that enables the cellular network to route the SMS message to the correct recipient. The originating address (the mobile phone number of the sender) is also included in the header. The payload is the message content that is displayed on the mobile handset. The size of the payload is 140 bytes, consisting of 160 seven-bit characters, or 140 eight-bit characters, depending on the Proc. of the Intl. Conf. on Advances in Computer Science and Electronics Engineering Editor In Chief Sahil Seth. Copyright © 2012 Universal Association of Computer and Electronics Engineers. All rights reserved. ISBN: 978-981-07-1403-1 doi:10.3850/978-981-07-1403-1 838