Design and Development of Light Weight Asymmetric Cryptographic Algorithm – An Implementation of...

7/29/2019 Design and Development of Light Weight Asymmetric Cryptographic Algorithm An Implementation of SMS Banking System

1/6


2/6

31

Mobile banking applications are: SMS service, unstructured supplementary service delivery (USSD), WAP

or GPRS service, phone based application and SIM Application Tool Kit. With the help of SIM application

toolkit SMS messages are generated to perform bank transactions. This concept is known as SMS banking. It is a

SIM card in which the encryption keys are loaded with banks application [7]. Of the above said means SIM

application tool kit mode and SMS banking is supposed to be more secure. Here in this paper a reliable and moresecured light weight asymmetric encryption algorithm is proposed for using in SIM application tool kit. An

overview of SMS banking and its Security aspects are discussed thoroughly in Section 2. A brief discussion on

symmetric algorithms used in SMS banking is presented in Section 3. A new light weight asymmetric

cryptographic algorithm for SMS banking is proposed in Section 4. A comparative study of both symmetric

versus asymmetric cryptographic algorithms is conducted in Section 5. Conclusions are given in section 6.

2. SMS Banking

Figure 1: Basic data flow in an SMS Banking Application

SMS banking is a type of mobile banking, a technology-enabled service offering from banks to its

customers, permitting them to operate selected banking services over their mobile phones using SMS messaging

with the aid of SIM application toolkit [18]. Services provided through SMS banking are performed by sending

messages either by the bank or by a request initiated by the customer. The basic flow of data in an SMS banking

application is shown in Fig1. Messages between the bank and customers are categorized as Push SMS message

and Pull SMS message. Push SMS message is the one sent by the bank to customer on particular events like asalary deposit, fund transaction or a withdrawal alert. On the other hand, Pull SMS message is a request initiated

by the customer for retrieving information about his bank account. Examples of these messages are balance

enquiry, recent transactions made and account statements etc.

Convenience factor is the major parameter that drives SMS banking to great extent irrespective of the security

concerns it has. But the only skepticism about SMS Banking is the lack of encryption on SMS messages and

even if available is considered to be insecure encryption mechanisms, which are discussed in the next section.

Vikas et al [8] quoted that lack of encryption on SMS messages is an area of great concern. Fadi Aloul et al [9]

proposed a two factor authentication for mobile phones. But it requires a GSM modem for real time application,

which may not be feasible with all mobiles, and it is more expensive.

3. Symmetric Algorithms in SMS Banking

Rajendra Dave et al [4] expressed that an end-to-end key based encryption technology for SMS plugs the

gaps in the transit security of SMS. Gurjeet Kaur et al [5] highlighted the necessity of an encrypted air interface

for data traffic and control channels. Also, they said that the A5 algorithm used for encryption in GSM

communication is proven to be vulnerable for attacks. Kelvin et al [6] proposed a secure SMS solution in which

specified fields of SMS message are encrypted using a symmetric algorithm and key distribution requires

specialized hardware to generate same one time password both on the server and user side. Manoj V et.al [7] also

used a symmetric algorithm for their SMS based secure mobile banking. Hassan et al [10] proposed a secure

cryptographic system with AES symmetric encryption, but was found to be inconvenient for mobile devices if

the message length is more than 256 characters. Raghavendra Prasad.V et al [12] emphasized that secure SMS

with identity based cryptography is helpful but have to allocate additional space for both signature and security

parameters.


3/6

32

Despite of the above said symmetric approaches, a few authors tried to achieve security in mobile

communications using public key cryptography. Sameer Hasan Al-Bakri et al [13] proposed a public key

cryptography solution for mobile communications. However, that solution was restricted to non-server model

and the complexity of computational cost and storage of keys is present. Ranbir [14] has proposed an API for

mobile SMS banking security. Security of ECC is appreciated in this paper. But, it is felt that although the

solution is preferred for implementation on devices with reduced resources, a light weight cryptographic

algorithm would be more appropriate.

4. Light Weight Asymmetric algorithms in SMS Banking

Light Weight Cryptography is designed for constrained devices, which have constraints in terms of speed,

processing, memory space, power consumption, area, energy, size etc. Example of constrained devices includes

mobile phones, RFID tags, smart cards etc [20].

The light weight asymmetric algorithm, proposed here, focuses on the usage of this algorithm in a mobile

application where the memory and computation is constrained. Light weight Asymmetric algorithm may be the

only one of this kind which can be used for resource constrained devices and can be widely used for one time

message sending rather than a continuous conversation. Asymmetric-ness of this algorithm helps the customer

to do it more effectively.

The proposed scheme is used to encrypt the SMS message such that over the air trade attacks are mainly

avoided. It consists of five steps namely: Key generation;, Conversion of message to elliptic curve point,

Encryption, Decryption and Conversion of elliptic curve point to message. The details of the algorithm step-

wise are given below. Data flow in the proposed algorithm is also depicted in fig.2.

Algorithm:

Step 1 : Key Generation

Key Generation phase generates the pair of public and private keys:

Let E be an elliptic curve defined over Zp(p is a prime, p>3), such that E contains a cyclic subgroup H inwhich the discrete log problem is intractable.

define K= {(E,,a,) : =a}; where E.

Here and are public keys and a is a private key.

Step 2: Convert Message to elliptic curve point

SMS message is taken as Plain text (x) and converted to a point (x1, x2) on elliptic curve E.

EC (x)E = (x1,x2)

Step 3: Encryption of the elliptic curve point

For the obtained elliptic curve point, encryption is done as follows:

ek(x,k) = (y0,y1,y2) where

y0= k,

(c1,c2) = k

y1= c1x1 mod p and

y2=c2x2 mod p

Step 4: Decryption of the elliptic curve point

For cipher text y= (y0,y1,y2), decryption is done as follows :

dK(y) = (y1c1-1

mod p, y2c2-1

mod p), where ay0=(c1,c2)

Step 5 : Convert the elliptic curve point to message

The so obtained elliptic curve point (x1,x2) is again converted to plain text message x which is nothing but

customers SMS message.


4/6

33

5. Results and Discussion

The time complexity of present algorithm is computed and compared with symmetric and asymmetric

algorithms along with available light weight symmetric algorithm for different attacks namely algebraic attack,

chosen cipher text attack, side channel attack and brute force attack. Algebraic attack is a technique in which a

number of equations are framed with the key bits as unknown variables from the cipher text. Here known

variables are filled to solve the equation but the real challenge lies in solving non-linear equations of higher

degree. A chosen cipher text attack is one where the adversary will have some cipher text and some

corresponding plain text information [19]. Side channel attack is an attack based on side channel informationgained from physical implementation of the system such as the timing information, power consumed,

electromagnetic leaks, and sound. Brute force attack is another popular attack in which the strategy is to check

all the possible keys until correct keys are found. In the worst case, attacker may have to check the entire key

space because longer keys are exponentially more difficult to crack than the shorter keys. The different time

complexities of the above said algorithms for different attacks for a given key size of 64bits is computed and

tabulated below:

Attacks/

Algorithms

Symmetric Light Weight

Symmetric

Asymmetric Light

Weight

Asymmetric

Algebraic 64*64 40 128*128 log128

Chosen Cipher

Text 64 40 128 log64

Brute Force2

642

40log2

128log2

64

Side Channel 64*64 40log40 256 log 256

Table 1: Tabular representation of Comparison of Time Complexities with existing algorithms

Fig2: Data Flow in SMS Banking Light Weight Asymmetric Algorithm


5/6

34

Graphical representation of the above results in table1 are represented in fig 3

Fig3 : Graphical representation of Comparison of Time Complexities with existing algorithms

In the graph presented in Fig 3 X-axis represents the time and y-axis the number of attacks. Blue color

represents the results given for symmetric algorithm, red for light weight symmetric algorithm, green for

asymmetric algorithm and violet for the present light weight asymmetric algorithm. It can be seen from the graph

that the light weight symmetric algorithm represented by the violent color is below to all the other lines and

hence it can be concluded that it involves less no. of attacks in the same time. It is evident that the light weight

asymmetric algorithm has the greatest feasibility of minimizing all the popular attacks listed above.

7. Conclusion

SMS banking is gaining more prominence because of the pervasiveness of its application.. Security is one

such major concern involved in SMS banking. Sending a SMS message without encryption in an open channel

may lead to an over the air trade attacks and the present algorithm tried to resolve such attacks which aptly suitsfor resource constrained environment. Asymmetric algorithm makes it a bit harder to break the key than the

symmetric algorithms and doesnt involve the same key for every message sent making it much stronger. In the

case of quantum computing attacker may have a access to super computers and the key is likely to be retrieved in

a very short time. But it is to be noted that it is very unlikely to have such a computer in a resource constrained

pervasive environment. The present algorithm focuses this problem effectively.. Also, in the present algorithm

random keys are generated for each message making it impossible to do any cryptanalysis by the attackers.

Randomness of the key is another strengthening factor of the present algorithm making it relatively more secure.

References

[1] Nigel Prince, The Evolution of Mobile Banking, The Pennyslavania association of community bankers133

rdannual convention, June 2010

[2] Evolution of Mobile Banking Finacle from Infosys[3] Raksha Chouhan, Dr.Vijay Singh Rathore,E-Banking Security and Authentication Issues, International

Referred Research Journal, August, 2011

[4] Rajendra Dave, XMS Technology to Counter SMS Vulnerabilities, Network security solutions, NSSMSC SDN BHD 2006

[5] Gurjeet Kaur, Dr.Krishan Kumar Saluja, Review of short Messaging Service Security, UACEEInternational Journal of Advances in Computer Networks and its Security - Volume 2 : Issue 1

[6] Kelvin Chikomo, Ming Ki Chong, Alaapan Arnab, Andrew Hutchison, Security of Mobile Banking,[7] Manoj V, Bramhe, SMS based secure Mobile Banking ,International Journal of Engineering and

Technology Vol.3 (6), 2011, 472-479

[8] Vikas Chandra Pandey, Pooja Agrawal, Suresh Kashyap, Minakshi Agrawal , SMS Banking in E-Governanace,International Journal of Computer Science and its Applications

0

50

100

150

200

250

300

symmetric

Light weight

symmetric

Asymmetric

Light weight

asymmetric


6/6

35

[9] Fadi Aloul, Syed Zahidi, Wassim El-Hajj ,Two factor authenatication using mobile phones IEEE/ACSInternational Conference on Computer Systems and Applications, 2009. AICCSA 2009.10-13, May2009, PP:641-644

[10] Hassan Mathkour, Ghazy Assassa, A.Al-Muharib, A.Jumah, A Secured Cryptographic messagingsystem, 2009 International Conference on Machine Learning and Computing IPCSIT vol.3 (2011),

Singapore

[11] Shubat S, Ahmeda And Ashrafnm.Ali Edwila, Secure Protocol for Short Message Service, WorldAcademy of Science, Engineering and Technology ,25, 2009

[12] V.Raghavendra Prasad, M.Sunanda, V.Maruthi Prasad, Secure SMS with Identity based cryptography inmobile telecommunication networks,International Journal of Computer Science and Technology, Vol. 2,

Issue 4, Oct . - Dec. 2011

[13] Sameer Hasan Al-Bakri, M.L.Mat Kiah, A.A. Zaidan, B.B.Zaidan, Gazi Maahabubul Alam, Securingpeer-to-peer mobile communications using public-key-cryptography: New Security strategy,International

Journal of the Physical Sciences Vol. 6(4), pp. 930-938, 18 February, 2011

[14] Ranbir Soram, Mobile SMS Banking Security using ECC,International Journal of Computer Science andNetwork Security, Vol. 9 No. 6 pp. 30-38

[15] Vivek Katiyar, Kamlesh Dutta, Syona Gupta, A Survey on Ellipic curve Cryptography for Pervasivecomputing Environment, International Journal of Computer Applications, Volume 11 No.10,

December 2010[16] Ahmad H.Omari, Basil M, Al-Kasasbeh, Rafane.Al-Quatish And Mohammad I.Muhairat, DEA_RTA: ADynamic Encryption Algorithm for the Real -Time Applications, International Journal of Computers,

Issue 1, volume 3,2009

[17] http://en.wikipedia.org/wiki/Mobile_banking[18] http://en.wikipedia.org/wiki/SMS_banking[19] Alfredj.Menezes, Handbook of Applied cryptography, CRC Press, Inc. Boca Raton, FL, USA 1996

ISBN:0849385237

[20] RukmaRekha N, Prasad Babu MS, On some security issues of pervasive computing, InternationalJournal on Computer Science and Engineering, Vol. 4 No. 02 February 2012

Design and Development of Light Weight Asymmetric Cryptographic Algorithm – An Implementation of...

Documents

Transcript of Design and Development of Light Weight Asymmetric Cryptographic Algorithm – An Implementation of...