Authenticated and secure end-to-end communication channel using SMS messages

Abstract EN

One of the key issues of modern cryptography is the problem of establishing a secure end-to-end communication over an insecure communication channel.

Short Message Service (SMS) is a hugely popular and easily adopted communications technology for mobile devices.

Users conduct business, disclose passwords and receive sensitive notification reports from systems using this communication technology.

SMSs by default are sent in clear text form within the serving GSM (Global System for Mobile communications) network, Over The Air (OTA), and potentially over the public Internet in a predictable format.

This allows anyone accessing the GSM system to read, and or modify the SMS content even on the fly.

In this paper, we present an approach mainly consists of two steps, first, SHA-1 authentication is used to generate a message digest that is combined with previous message digest and a shared secret key to form an initial key stream.

Secondly, this key will be used as input to a mathematical equation derived in prefix notation from randomly selected set of operators and functions supported by the software platform extracted from special table.

The final key stream is the output of this equation which is a one time pad to encrypt the original message text.

Lastly, encrypted SMS message will be sent and a randomized operation will be then applied to that table.

A one-time pad, considered to be the only perfectly secure cryptosystem, secures an SMS message for transport over any medium between a mobile device and the serving GSM network and through it too.