Design and Development of Light Weight Asymmetric Cryptographic Algorithm – An Implementation of...
-
Upload
rachel-wheeler -
Category
Documents
-
view
213 -
download
0
Transcript of Design and Development of Light Weight Asymmetric Cryptographic Algorithm – An Implementation of...
-
7/29/2019 Design and Development of Light Weight Asymmetric Cryptographic Algorithm An Implementation of SMS Banking System
1/6
-
7/29/2019 Design and Development of Light Weight Asymmetric Cryptographic Algorithm An Implementation of SMS Banking System
2/6
31
Mobile banking applications are: SMS service, unstructured supplementary service delivery (USSD), WAP
or GPRS service, phone based application and SIM Application Tool Kit. With the help of SIM application
toolkit SMS messages are generated to perform bank transactions. This concept is known as SMS banking. It is a
SIM card in which the encryption keys are loaded with banks application [7]. Of the above said means SIM
application tool kit mode and SMS banking is supposed to be more secure. Here in this paper a reliable and moresecured light weight asymmetric encryption algorithm is proposed for using in SIM application tool kit. An
overview of SMS banking and its Security aspects are discussed thoroughly in Section 2. A brief discussion on
symmetric algorithms used in SMS banking is presented in Section 3. A new light weight asymmetric
cryptographic algorithm for SMS banking is proposed in Section 4. A comparative study of both symmetric
versus asymmetric cryptographic algorithms is conducted in Section 5. Conclusions are given in section 6.
2. SMS Banking
Figure 1: Basic data flow in an SMS Banking Application
SMS banking is a type of mobile banking, a technology-enabled service offering from banks to its
customers, permitting them to operate selected banking services over their mobile phones using SMS messaging
with the aid of SIM application toolkit [18]. Services provided through SMS banking are performed by sending
messages either by the bank or by a request initiated by the customer. The basic flow of data in an SMS banking
application is shown in Fig1. Messages between the bank and customers are categorized as Push SMS message
and Pull SMS message. Push SMS message is the one sent by the bank to customer on particular events like asalary deposit, fund transaction or a withdrawal alert. On the other hand, Pull SMS message is a request initiated
by the customer for retrieving information about his bank account. Examples of these messages are balance
enquiry, recent transactions made and account statements etc.
Convenience factor is the major parameter that drives SMS banking to great extent irrespective of the security
concerns it has. But the only skepticism about SMS Banking is the lack of encryption on SMS messages and
even if available is considered to be insecure encryption mechanisms, which are discussed in the next section.
Vikas et al [8] quoted that lack of encryption on SMS messages is an area of great concern. Fadi Aloul et al [9]
proposed a two factor authentication for mobile phones. But it requires a GSM modem for real time application,
which may not be feasible with all mobiles, and it is more expensive.
3. Symmetric Algorithms in SMS Banking
Rajendra Dave et al [4] expressed that an end-to-end key based encryption technology for SMS plugs the
gaps in the transit security of SMS. Gurjeet Kaur et al [5] highlighted the necessity of an encrypted air interface
for data traffic and control channels. Also, they said that the A5 algorithm used for encryption in GSM
communication is proven to be vulnerable for attacks. Kelvin et al [6] proposed a secure SMS solution in which
specified fields of SMS message are encrypted using a symmetric algorithm and key distribution requires
specialized hardware to generate same one time password both on the server and user side. Manoj V et.al [7] also
used a symmetric algorithm for their SMS based secure mobile banking. Hassan et al [10] proposed a secure
cryptographic system with AES symmetric encryption, but was found to be inconvenient for mobile devices if
the message length is more than 256 characters. Raghavendra Prasad.V et al [12] emphasized that secure SMS
with identity based cryptography is helpful but have to allocate additional space for both signature and security
parameters.
-
7/29/2019 Design and Development of Light Weight Asymmetric Cryptographic Algorithm An Implementation of SMS Banking System
3/6
32
Despite of the above said symmetric approaches, a few authors tried to achieve security in mobile
communications using public key cryptography. Sameer Hasan Al-Bakri et al [13] proposed a public key
cryptography solution for mobile communications. However, that solution was restricted to non-server model
and the complexity of computational cost and storage of keys is present. Ranbir [14] has proposed an API for
mobile SMS banking security. Security of ECC is appreciated in this paper. But, it is felt that although the
solution is preferred for implementation on devices with reduced resources, a light weight cryptographic
algorithm would be more appropriate.
4. Light Weight Asymmetric algorithms in SMS Banking
Light Weight Cryptography is designed for constrained devices, which have constraints in terms of speed,
processing, memory space, power consumption, area, energy, size etc. Example of constrained devices includes
mobile phones, RFID tags, smart cards etc [20].
The light weight asymmetric algorithm, proposed here, focuses on the usage of this algorithm in a mobile
application where the memory and computation is constrained. Light weight Asymmetric algorithm may be the
only one of this kind which can be used for resource constrained devices and can be widely used for one time
message sending rather than a continuous conversation. Asymmetric-ness of this algorithm helps the customer
to do it more effectively.
The proposed scheme is used to encrypt the SMS message such that over the air trade attacks are mainly
avoided. It consists of five steps namely: Key generation;, Conversion of message to elliptic curve point,
Encryption, Decryption and Conversion of elliptic curve point to message. The details of the algorithm step-
wise are given below. Data flow in the proposed algorithm is also depicted in fig.2.
Algorithm:
Step 1 : Key Generation
Key Generation phase generates the pair of public and private keys:
Let E be an elliptic curve defined over Zp(p is a prime, p>3), such that E contains a cyclic subgroup H inwhich the discrete log problem is intractable.
define K= {(E,,a,) : =a}; where E.
Here and are public keys and a is a private key.
Step 2: Convert Message to elliptic curve point
SMS message is taken as Plain text (x) and converted to a point (x1, x2) on elliptic curve E.
EC (x)E = (x1,x2)
Step 3: Encryption of the elliptic curve point
For the obtained elliptic curve point, encryption is done as follows:
ek(x,k) = (y0,y1,y2) where
y0= k,
(c1,c2) = k
y1= c1x1 mod p and
y2=c2x2 mod p
Step 4: Decryption of the elliptic curve point
For cipher text y= (y0,y1,y2), decryption is done as follows :
dK(y) = (y1c1-1
mod p, y2c2-1
mod p), where ay0=(c1,c2)
Step 5 : Convert the elliptic curve point to message
The so obtained elliptic curve point (x1,x2) is again converted to plain text message x which is nothing but
customers SMS message.
-
7/29/2019 Design and Development of Light Weight Asymmetric Cryptographic Algorithm An Implementation of SMS Banking System
4/6
33
5. Results and Discussion
The time complexity of present algorithm is computed and compared with symmetric and asymmetric
algorithms along with available light weight symmetric algorithm for different attacks namely algebraic attack,
chosen cipher text attack, side channel attack and brute force attack. Algebraic attack is a technique in which a
number of equations are framed with the key bits as unknown variables from the cipher text. Here known
variables are filled to solve the equation but the real challenge lies in solving non-linear equations of higher
degree. A chosen cipher text attack is one where the adversary will have some cipher text and some
corresponding plain text information [19]. Side channel attack is an attack based on side channel informationgained from physical implementation of the system such as the timing information, power consumed,
electromagnetic leaks, and sound. Brute force attack is another popular attack in which the strategy is to check
all the possible keys until correct keys are found. In the worst case, attacker may have to check the entire key
space because longer keys are exponentially more difficult to crack than the shorter keys. The different time
complexities of the above said algorithms for different attacks for a given key size of 64bits is computed and
tabulated below:
Attacks/
Algorithms
Symmetric Light Weight
Symmetric
Asymmetric Light
Weight
Asymmetric
Algebraic 64*64 40 128*128 log128
Chosen Cipher
Text 64 40 128 log64
Brute Force2
642
40log2
128log2
64
Side Channel 64*64 40log40 256 log 256
Table 1: Tabular representation of Comparison of Time Complexities with existing algorithms
Fig2: Data Flow in SMS Banking Light Weight Asymmetric Algorithm
-
7/29/2019 Design and Development of Light Weight Asymmetric Cryptographic Algorithm An Implementation of SMS Banking System
5/6
34
Graphical representation of the above results in table1 are represented in fig 3
Fig3 : Graphical representation of Comparison of Time Complexities with existing algorithms
In the graph presented in Fig 3 X-axis represents the time and y-axis the number of attacks. Blue color
represents the results given for symmetric algorithm, red for light weight symmetric algorithm, green for
asymmetric algorithm and violet for the present light weight asymmetric algorithm. It can be seen from the graph
that the light weight symmetric algorithm represented by the violent color is below to all the other lines and
hence it can be concluded that it involves less no. of attacks in the same time. It is evident that the light weight
asymmetric algorithm has the greatest feasibility of minimizing all the popular attacks listed above.
7. Conclusion
SMS banking is gaining more prominence because of the pervasiveness of its application.. Security is one
such major concern involved in SMS banking. Sending a SMS message without encryption in an open channel
may lead to an over the air trade attacks and the present algorithm tried to resolve such attacks which aptly suitsfor resource constrained environment. Asymmetric algorithm makes it a bit harder to break the key than the
symmetric algorithms and doesnt involve the same key for every message sent making it much stronger. In the
case of quantum computing attacker may have a access to super computers and the key is likely to be retrieved in
a very short time. But it is to be noted that it is very unlikely to have such a computer in a resource constrained
pervasive environment. The present algorithm focuses this problem effectively.. Also, in the present algorithm
random keys are generated for each message making it impossible to do any cryptanalysis by the attackers.
Randomness of the key is another strengthening factor of the present algorithm making it relatively more secure.
References
[1] Nigel Prince, The Evolution of Mobile Banking, The Pennyslavania association of community bankers133
rdannual convention, June 2010
[2] Evolution of Mobile Banking Finacle from Infosys[3] Raksha Chouhan, Dr.Vijay Singh Rathore,E-Banking Security and Authentication Issues, International
Referred Research Journal, August, 2011
[4] Rajendra Dave, XMS Technology to Counter SMS Vulnerabilities, Network security solutions, NSSMSC SDN BHD 2006
[5] Gurjeet Kaur, Dr.Krishan Kumar Saluja, Review of short Messaging Service Security, UACEEInternational Journal of Advances in Computer Networks and its Security - Volume 2 : Issue 1
[6] Kelvin Chikomo, Ming Ki Chong, Alaapan Arnab, Andrew Hutchison, Security of Mobile Banking,[7] Manoj V, Bramhe, SMS based secure Mobile Banking ,International Journal of Engineering and
Technology Vol.3 (6), 2011, 472-479
[8] Vikas Chandra Pandey, Pooja Agrawal, Suresh Kashyap, Minakshi Agrawal , SMS Banking in E-Governanace,International Journal of Computer Science and its Applications
0
50
100
150
200
250
300
symmetric
Light weight
symmetric
Asymmetric
Light weight
asymmetric
-
7/29/2019 Design and Development of Light Weight Asymmetric Cryptographic Algorithm An Implementation of SMS Banking System
6/6
35
[9] Fadi Aloul, Syed Zahidi, Wassim El-Hajj ,Two factor authenatication using mobile phones IEEE/ACSInternational Conference on Computer Systems and Applications, 2009. AICCSA 2009.10-13, May2009, PP:641-644
[10] Hassan Mathkour, Ghazy Assassa, A.Al-Muharib, A.Jumah, A Secured Cryptographic messagingsystem, 2009 International Conference on Machine Learning and Computing IPCSIT vol.3 (2011),
Singapore
[11] Shubat S, Ahmeda And Ashrafnm.Ali Edwila, Secure Protocol for Short Message Service, WorldAcademy of Science, Engineering and Technology ,25, 2009
[12] V.Raghavendra Prasad, M.Sunanda, V.Maruthi Prasad, Secure SMS with Identity based cryptography inmobile telecommunication networks,International Journal of Computer Science and Technology, Vol. 2,
Issue 4, Oct . - Dec. 2011
[13] Sameer Hasan Al-Bakri, M.L.Mat Kiah, A.A. Zaidan, B.B.Zaidan, Gazi Maahabubul Alam, Securingpeer-to-peer mobile communications using public-key-cryptography: New Security strategy,International
Journal of the Physical Sciences Vol. 6(4), pp. 930-938, 18 February, 2011
[14] Ranbir Soram, Mobile SMS Banking Security using ECC,International Journal of Computer Science andNetwork Security, Vol. 9 No. 6 pp. 30-38
[15] Vivek Katiyar, Kamlesh Dutta, Syona Gupta, A Survey on Ellipic curve Cryptography for Pervasivecomputing Environment, International Journal of Computer Applications, Volume 11 No.10,
December 2010[16] Ahmad H.Omari, Basil M, Al-Kasasbeh, Rafane.Al-Quatish And Mohammad I.Muhairat, DEA_RTA: ADynamic Encryption Algorithm for the Real -Time Applications, International Journal of Computers,
Issue 1, volume 3,2009
[17] http://en.wikipedia.org/wiki/Mobile_banking[18] http://en.wikipedia.org/wiki/SMS_banking[19] Alfredj.Menezes, Handbook of Applied cryptography, CRC Press, Inc. Boca Raton, FL, USA 1996
ISBN:0849385237
[20] RukmaRekha N, Prasad Babu MS, On some security issues of pervasive computing, InternationalJournal on Computer Science and Engineering, Vol. 4 No. 02 February 2012