Enhancing Security System of Short Message Service for Banking Transaction (original) (raw)

A Secure Protocol For End To End Security To SMS Banking

— Short Message Service (SMS) is a very popular and easy-to-use communication medium for mobile phone users. Using SMS mobile user send some confidential information such as password , account number , banking information in the form of text message from one mobile to another mobile,. The information send in plaintext format the hacker easily read this information and privacy will not be maintained. Nowadays SMS is used for many value added services as mobile banking and e-commerce but due to lack of security this application rarely used. For this purpose we provide a solution that provides end to end security of the message with authentication, confidentiality, integrity. Hence we present a secure model for SMS mobile banking services tailored to suit mobile cellular phone users.

A Security Protocol for mobile-banking and payment using SMS and USSD in Ethiopia

Advaita Innovative Research Association, 2016

mobile phone devices. Originally, these services were not designed to transmit secured data, so the security was not an important issue during its design. Yet today, it is widely used to exchange sensitive information between communicating parties i.e. HelloCash, Ethio Gebeta, Lehulu, CBE M-banking, 8100, 8400 and so much more. Due to the vulnerable nature of SMS and USSD this paper proposes an alternative solution that provides a client-server SMS and USSD security protocol that guarantees provision of confidentiality, authentication, integrity, non-repudiation, and file compression security services. A hybrid cryptographic scheme is used which combines the Identity Based Encryption (IBE) and AES-Rijndael algorithms without key distribution servers and certificate authorities to achieve more robust functionality. HMAC-SHA256 hashing algorithm will be used to generate a message digest. IBE will be used to digitally sign the message and to encrypt the encryption key used on AES. LZW compression will be used to compress the SMS. Unlike any previous works that involve certificate authority and key management, this protocol is proposed to be used in mobile banking and payment once a user successfully subscribes to the service.

A Survey on Secure SMS Transmission and authentication at user end

2015

Short message service (SMS) is most important communication medium in many daily life applications, including healthcare monitoring, mobile banking, mobile commerce, and so on. when a SMS send an from one mobile phone(MS) to another MS (Mobile subscriber), the information contained in the SMS transmit as plain text. Sometimes this information may be confidential like account numbers, passwords, license numbers, and so on, and it is a major drawback to send such information through SMS while the traditional SMS service does not provide encryption to the information before its transmission, However telecom service providers are ensuring at server end some security provided as Using A3,A8 and Kc algorithms, but not providing during the message transformation .In this paper, we propose an efficient and secure protocol called User End secure SMS along with integrity key check, which provides end-to-end secure communication through SMS between end users. The working of the protocol is pre...

SSMS - A secure SMS messaging protocol for the m-payment systems

Proceedings International Symposium on Computers and Communications, 2008

The GSM network with the greatest worldwide number of users, succumbs to several security vulnerabilities. The short message service (SMS) is one of its superior and well-tried services with a global availability in the GSM networks. The main contribution of this paper is to introduce a new secure application layer protocol, called SSMS, to efficiently embed the desired security attributes in the SMS messages to be used as a secure bearer in the m-payment systems. SSMS efficiently embeds the confidentiality, integrity, authentication, and non-repudiation in the SMS messages. It provides an elliptic curve-based public key solution that uses public keys for the secret key establishment of a symmetric encryption. It also provides the attributes of public verification and forward secrecy. It efficiently makes the SMS messaging suitable for the m-payment applications where the security is the great concern.

Chaudhai “An Approach for SMS Security using Authentication Functions

2016

Asymmetric algorithm like Diffie-Hellman can be used to encrypt the SMS message in M-commerce or mobile banking system. Password key exchange protocol based on Diffie-Hellman key exchange algorithm allows users to exchange a secret key that can be used in message encryption. The security of this protocol can be increased by using the MAC (message authentication code) or hash function with the encryption. These functions act as an error detecting code or checksum. This paper throws a light on the comparative analysis of both the authentication functions separately in password key exchange protocol. By analyzing some of the security issues viz. (i) brute force attach and (ii) cryptanalysis, it can be very well shown that the MAC function is more secure than hash.

An Extended Approach for SMS Security using Authentication Functions

2012

Nowadays, security of SMS is a crucial aspect because it plays an important role in value added services and mobile commerce. Asymmetric algorithm like Diffie-Hellman can be used to encrypt the SMS message in M-commerce or mobile banking system. We use authentication functions to maintain the integrity of data. Password key exchange protocol based on Diffie-Hellman algorithm generates a secret shared key which can be used in message encryption and in MAC function. MAC (message authentication code) or hash functions are used maintain the integrity of message and can be used with the encryption. These functions also act as an error detecting code or checksum. This paper discusses the comparative analysis of both the authentication functions separately for password key exchange protocol by analyzing some of the security issues. The discussion of this paper concludes that MAC functions are more secure than hash function, but having greater complexity and take more to execute. So, it's better to use hash function for maintaining the integrity of message over a network where the transmitted amount of message is very small (SMS). Here, digital signature is generated with RSA to show the functionality of MD5 and SHA1, which prevents SMS from message modification and non-repudiation attack.

A Localized and Secure Method for Transferring Bank Information by SMS for Persian Banks

Journal of Multimedia, 2008

Nowadays m-banking (mobile banking) is widely used in many banks. It has embarked upon supply of various services based on different systems and with the aid of various services such as the Short Message Service (SMS). However in developing countries such as Iran, m-banking is facing some challenges. One of these challenges is the issue of language of this system, because the main language of this system, in both side of bank system and customer mobile phone, is English. Also one of the main issues in m-banking services is the security of the systems. For solving the above problems, we proposed a method in this paper. By this method we send secure banking messages as well as Persian SMS for mobile phones even they are lacking the support of Persian language. In this method, the Persian SMS message is changed into an SMS picture message and this picture is sent to the customer. Therefore any mobile phone can receive the message correctly in Persian language and also the security of sending the message is increased. This project is written in J2ME language (Java 2 Micro Edition) and has been implemented on Nokia mobile phones, models N71, 6680 and 3310.

Enhancing Security System of Short Message Service for M-Commerce in GSM

IJCSET, 2011

Global System for Mobile (GSM) is a second generation cellular standard developed to cater voice services and data delivery using digital modulation. Short Message Service (SMS) is the text communication service component of mobile communication systems, using standardized communications protocols that allow the exchange of short text messages between mobile phone devices. SMS will play a very vital role in the future business areas whose are popularly known as m-Commerce, mobile banking etc. For this future commerce, SMS could make a mobile device in a business tool as it has the availability and the effectiveness. The existing SMS is not free from the eavesdropping, but security is the main concern for any business company such as banks who will provide these mobile banking. Presently there is no such scheme which can give the complete SMS security. Now, a new security scheme for improving the SMS security is proposed here. At first plaintext of SMS would be made as cipher text with the help of existing GSM encryption technology, then this cipher text would be digitally signed with the help of public key signature. These will be made compatible to existing infrastructure of GSM security. The proposed scheme will give total authenticity, data integrity, confidentiality, authorization and non-repudiation which are the most essential issues in m-commerce or mobile banking and in secure messaging.

Securing ATM and Card Transactions using SMS-Based Security

ATM cards and systems have changed the lives of people. Now they have access to money all round the clock. This ease of access to money has brought forth a serious problem as well. There has been an increase in the amount of credit card frauds caused due to impersonating as the owner of the card in shops and also obtaining the PIN (Personal Identification Number) of the customer through some illegal means. The system proposed here ensures that only the authorized user can do any kind of banking transactions both in ATMs and in shops. The customers must initiate a transaction request from their mobile phones using the SMS (Short Message Service) feature that is present in all mobile phones. The customer sends a message to the bank server before he actually performs an actual banking transaction. After that he will approach either an ATM system or a shop that accepts card payments. The transaction request is sent to the bank server and hence authenticated.

An Approach for SMS Security using Authentication Functions

IJCA, Published by Foundation of Computer Science, New York, USA, 2012

Asymmetric algorithm like Diffie-Hellman can be used to encrypt the SMS message in M-commerce or mobile banking system. Password key exchange protocol based on Diffie-Hellman key exchange algorithm allows users to exchange a secret key that can be used in message encryption. The security of this protocol can be increased by using the MAC (message authentication code) or hash function with the encryption. These functions act as an error detecting code or checksum. This paper throws a light on the comparative analysis of both the authentication functions separately in password key exchange protocol. By analyzing some of the security issues viz. (i) brute force attach and (ii) cryptanalysis, it can be very well shown that the MAC function is more secure than hash.