SSMS - A Secure SMS Messaging Protocol for the M-payment Systems

TL;DR

This paper introduces SSMS, a secure application layer protocol for SMS in GSM networks, embedding confidentiality, integrity, authentication, and non-repudiation to enable secure mobile payment systems.

Contribution

It presents a novel elliptic curve-based protocol that enhances SMS security for m-payment applications with features like public verification and forward secrecy.

Findings

Efficient embedding of security attributes in SMS messages.

Use of elliptic curve cryptography for secure key exchange.

Enhanced security suitable for mobile payment systems.

Abstract

The GSM network with the greatest worldwide number of users, succumbs to several security vulnerabilities. The short message service (SMS) is one of its superior and well-tried services with a global availability in the GSM networks. The main contribution of this paper is to introduce a new secure application layer protocol, called SSMS, to efficiently embed the desired security attributes in the SMS messages to be used as a secure bearer in the m-payment systems. SSMS efficiently embeds the confidentiality, integrity, authentication, and non-repudiation in the SMS messages. It provides an elliptic curve-based public key solution that uses public keys for the secret key establishment of a symmetric encryption. It also provides the attributes of public verification and forward secrecy. It efficiently makes the SMS messaging suitable for the m-payment applications where the security is the great concern.