SMS Encryption Scheme for Smartphones Based on Trusted Hardware

doi:10.3969/j.issn.1006-2475.2016.04.007

Abstract

Abstract:

SMS has become a common used method in twofactor authentication, which is widely used for website login, mobile payment, bank transfer and other critical applications. However, many malicious applications take use of mobile operating system vulnerabilities to eavesdrop and intercept SMS for users’ authentication code, which brings a great threat on the security of the user’s property. To defend such malicious applications, many SMS encryption applications based on symmetric key encryption algorithm or public/private key system have been started using, which bring great convenience to the users. However, such solutions cannot guarantee the confidentiality of the SMS plaintext or even the seeds when the mobile OS is compromised. This paper presents TrustSMS(Trusted Short Message Service), a secure SMS encryption scheme by using ARM TrustZone technology. TrustSMS can not only protect the confidentiality of the SMS against a malicious mobile OS, but also guarantee reliable end-to-end SMS transmission. A prototype of TrustSMS is developed on Samsung Exynos 4412. The experimental results show that TrustSMS has small impacts on the mobile OS and its performance overhead is less than 1%.

Key words:

text-indent: 21pt">SMS encryption, ARM TrustZone technology, NTRU publicmso-ascii-font-family: 'Times New Roman', mso-hansi-font-family: 'Times New Roman'">key cryptosystem, mobile security

CLC Number:

TP309 ','1');return false;" target="_blank"> text-indent: 21pt">TP309

MA Ming-yang.

SMS Encryption Scheme for Smartphones Based on Trusted Hardware[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2016.04.007.

References

［1］ Amani N. Using SMS as a business communication tools for SMES［C］// The 6th Regional Innovation System and Innovation Clusters, 2009.
［2］ Symantec. Whitepaper: Two-factor Authentication: A TCO Viewpoint［EB/OL］. https://www4.symantec.com/mktginfo/whitepaper/user_authentication/whitepaper-twofactor-authentication.pdf, 2015-12-15.
［3］ Babu K S, Saleems A F. SMS encryption for mobile communication［J］. International Journal of Scientific Engineering and Technology Research, 2013,2(17):1965-1972.
［4］ Mueller R, Schrittwieser S, Fruehwirt P, et al. Security and privacy of smartphone messaging applications［J］. International Journal of Pervasive Computing and Communications, 2015,11(2):132-150.
［5］ Rayarikar R, Upadhyay S, Pimpale P. SMS encryption using AES algorithm on Android［J］. International Journal of Computer Applications, 2012,50(19):12-17.
［6］ Agoyi M, Seral D. SMS security: An asymmetric encryption approach［C］// 2010 6th International Conference on Wireless and Mobile Communications (ICWMC). 2010:448-452.
［7］ Qi Na, Pan Jing, Ding Quan. The implementation of FPGA-based RSA public-key algorithm and its application in mobile-phone SMS encryption system［C］// 2011 1st International Conference on Instrumentation, Measurement, Computer, Communication and Control. 2011:700703.
［8］ Abdellatef B A, Ahmed A A, Mahfouz A, et al. Hybrid compression encryption technique for securing SMS［J］. International Journal of Computer Science and Security, 2010,3(6):473-481.
［9］ Lin Chiachi, Li Hongyang, Zhou Xiaoyong, et al. Screenmilker: How to milk your Android screen for secrets［C］// The 21st Annual Network and Distributed System Security Symposium (NDSS). 2014.
［10］〖JP3〗Arzt S, Rasthofer S, Bodden E. Instrumenting Android and Java applications as easy as abc［C］// Runtime Verification(The 4th International Conference RV20B). 2013,8174:364-381.
［11］Alves T, Felton D. TrustZone: Integrated hardware and software security［J］. ARM White Paper, 2004,3(4):18-24.
［12］Shen Xiaoyu, Du Zhenjun, Chen Rong. Research on NTRU algorithm for mobile Java security［C］// International Conference on Scalable Computing and Communications/8th International Conference on Embedded Computing. 2009:366-369.
［13］Kaur E A, Singh E N. SMS encryption using NTRU algorithm［J］. International Journal of Advanced Research in Computer & Technology, 2015,3(2):96-100.
［14］TrustKernel Team.TrustKernel［EB/OL］. http://trustkernel.org/, 2015-12-14.
［15］Whyte W, Etzel M, Jenney P. Open source NTRU Public key Cryptography Algorithm and Reference Code［EB/OL］. https://github.com/NTRUOpenSourceProject/ntru-crypto, 2015-12-14.
［16］Aututu.Antutu Benchmark ［EB/OL］. http://www.antutu.com/en/Ranking.shtml, 2015-12-14.
[17] Ubuntu Wiki.Booting the Android LXC Container［EB/OL］. https://wiki.ubuntu.com/Touch/ContainerArchitecture, 2015-12-14.

[1]	LI Jin-hua1, ZHEN Hui2, HUANG Hai1, YAO Jian3. Android Client for Dynamic ECG Monitoring System Based on BLE [J]. Computer and Modernization, 2016, 0(4): 114-122.
[2]	WANG Xiao-xi1, WU Gang1, WANG Hao2. Architecture Design and Business Implementation of High Concurrency High Availability Retail O2O Trade System [J]. Computer and Modernization, 2016, 0(4): 100-108.
[3]	HU Lei， JIANG Guo-hua. A Control Method of Runtime Verification Overhead Based on Prediction [J]. Computer and Modernization, 2016, 0(4): 94-99.
[4]	JI Zhong-xiao, JIANG Guo-hua. A Positioning Method of Safety Critical Function Based on FTA and FDG [J]. Computer and Modernization, 2016, 0(4): 85-89+122.
[5]	ZHU Ya-hui, CHEN Dan, ZHUANG Yi. Virtual Machine Scheduling Algorithm Based on Energy-Aware in Cloud Data Center [J]. Computer and Modernization, 2016, 0(4): 74-78.
[6]	CAI Yi-qing, ZHANG Ya, ZHANG Song. Design of Magazine Counter Based on MSP430F149 [J]. Computer and Modernization, 2016, 0(4): 50-53.
[7]	ZHAI Shi-wei1， SHEN Shi-gen2,3， CAO Qi-ying1. Wireless Mesh Networks Admission Control Based on Non-Cooperative Game [J]. Computer and Modernization, 2016, 0(4): 45-49+78.
[8]	CHEN Shu，WANG Ming-jia. An Equally Distributed Cluster Heads Algorithm Based on Fuzzy Logic [J]. Computer and Modernization, 2016, 0(4): 40-44+58.
[9]	LIU Zhi-peng1, YUAN Min2. An Improved Indoor Positioning Method Based on WiFi Fingerprinting [J]. Computer and Modernization, 2016, 0(4): 36-39.