Security analysis of SMS and related technologies (original) (raw)

This thesis analyzes the security of Short Message Service (SMS) which is a permanent service on mobile networks. Mobile networks have evolved from GSM Technology for more than 20 years. Security is a headline issue these days and use of SMS service has become an extension of our lives and plays a paramount role in daily chores since its inception with most immediate and efficient form of communication. Due to the available functionality of the mobile networks, SMS are exposed to different kinds of attacks. SMS is one of the fundamental features of the mobile phone and is considered to be a fascinating area for attackers. For the increasing demand for secure SMS, it is important to perform vulnerability analysis of SMS implementation and finding out additional security vulnerabilities within the network, and smart-phones. With the existence of the mobile phone over the years, SMS has been widely embraced as a standard for quick and easy communication. SMS has proceeded from normal message service to two-factor authentication (2FA) scheme for account login and registering. Ever since the growing mindshare and outsized new security valuations to the users for their accounts, SMS service provides best possible forms such as one-time password (OTP) and mobile-Transaction Authentication Number (mTAN) for 2FA. The most important and challenging part of mobile communication is SMS security as attackers illegally access the sensitive data through messages and sometimes compromising the device. If these themes are not addressed adequately, through security controls and measures, the underlying threats could compromise the confidentiality, integrity and availability of SMS service. A detailed study of the mobile networks, SMS protocol structure, and various attack methods were investigated to understand the different properties of authentication and encryption methods that can be applied to counteract the exploits for the applicability of SMS messages in near future. Security Analysis of SMS and Related Technologies iii Acknowledgement I am grateful to numerous local and global peers who have contributed towards shaping this thesis. At the outset, I would like to express my sincere thanks to Berry Schoenmakers for his advice during my thesis work. As my supervisor, he has constantly encouraged me to remain focused on achieving my goal. His observations and comments helped me to establish the overall direction of the research and to move forward with some detailed investigations. He has helped me greatly and been a source of knowledge to me. I wish to extend my gratitude to Benne de Weger and Jerry den Hartog for accepting to be in the evaluation committee of my final examination of thesis. My sincere thanks to everyone who has provided me with kind words, a welcome ear, new ideas, useful criticism, or their invaluable time, I am truly indebted. My gratitude also goes out to my younger brother Sanket Chaudhari , my family and friends in Eindhoven and India who helped me all the way during my Master's and during the thesis with any technical problems on the way. I must acknowledge the academic resources that I have got from Technical Univeristy of Eindhoven. Last, but not the least, I would like to dedicate this thesis to my family, for their love, patience, and understanding. Security Analysis of SMS and Related Technologies v Contents Contents vii List of Figures ix List of Tables xi