Implementation of end-to-end secure SMS Using elliptic curve cryptography

Abstract

Short Message Services (SMS) is a communication service standardized in the GSM (Global Service for Mobile communication) systems, which is used mainly for personal communication as well as in many applications where the other party is an information system like mobile commerce. At the end of 2009, the annual universal SMS traffic volumes reached nearly 5.5 trillion SMS, and the global SMS incomes reached USD 102.3 billion. Where the total SMS traffic will exceed 6.6 trillion and the incomes will exceed USD 109 billion by the end of 2010 (Portioreserach, 2010). The powerful growth and vitality of SMS accentuates the demand to protect the confidential information transmitted using this service. Current messaging systems only encrypts the messages from the user mobile device to the operator network using weak algorithm, while messages still travel unencrypted within the service provider network. The research investigates the Elliptic Curve Cryptography (ECC) to resolve the security issues in the SMS. As the ECC present the most security cryptosystem of any known public-key systems, and use a 160-bit key size, which is the same level of cryptographic security as DSA or RSA with 1024-bit key size. Therefore, it is imperative to use ECC due to the smaller key size which resulting in small certificates size, save the bandwidth, faster implementations, and lower power requirements compared to DSA and RSA. This study aims to implement an Elliptic Curve Cryptosystem to provide an end-to-end secure mobile SMS for the provision of security services (Confidentiality, Integrity, Authentication, and non-repudiation). The scope of this research it to design and implement software for Java-enable mobile phones to encrypt the SMS using the Elliptic Curve Integrated Encryption Schema (ECIES) to provide confidentiality, as well as the Elliptic Curve Digital Signature Algorithm (ECDSA) to provide integrity, and a Certificate issued and signed by a Certificate Authority to provide authentication and non-repudiation.