Enhancing Security System of Short Message Service for Banking Transaction
Keywords:security, SMS, banking, Indoneisa, encryption, cryptography
SMS banking still becomes a popular way to make transaction inquiry in Indonesia. The technology protocol used by the service provider is still not secure. The majority of local banks in Indonesia still use non-secure SMS protocols standard. Therefore, an SMS Banking protocol, providing information security service in the transactional message, is urgently in need. Information security can be achieved through some security mechanisms, i.e., encipherment, digital signature, data integrity, and key exchange. These mechanisms are applicable through the implementation of cryptography. SMS Banking security protocol in this research runs through two steps. The first step is the transmission of the transaction request, and the second step is the transaction process. The encipherment is conducted using 3DES symmetric cryptography. Digital signature and data integrity are conducted using ECDSA asymmetric cryptography. The key exchange is conducted using ECDH. The test result showed that the implementation of the protocol could conduct an SMS Banking service and provide protection over the PIN. In general, this protocol has fulfilled X.800 security services.
CISSReC, Cegah Pencurian Dana Nasabah, Perbankan Harus Perkuat Keamanan SMS Banking, 2015. [Online]. Available at: http://bit.ly/2XiRz53. (in Indonesian)
M. Hassinen, S. Markovski, Secure SMS Messaging using Quasigroup Encryption and Java SMS API, in P. Kilpeläinen & N. Päivinen, ed., ‘SPLST,’ University of Kuopio, Department of Computer Science, 2003, pp. 187.
V. Manoj, Bramhe, “SMS based secure mobile banking,” International Journal of Engineering and Technology, vol. 3, pp. 472–479, 2011.
R. Rayarikar, S. Upadhyay, P. Pimpale, “SMS encryption using AES algorithm on Android,” Foundation of Computer Science, vol. 50, no. 9, pp. 12-17, 2012. https://doi.org/10.5120/7909-1038.
Y. L. Ng, Short Message Service (SMS) Security Solution for Mobile Devices, Nanyang Technological University, Singapore, pp. 1-4, 2006.
D. Lisoněk, M. Drahanský, “SMS encryption for mobile communication,” Proceedings of the International Conference on Security Technology, 2008, pp. 198-201. https://doi.org/10.1109/SecTech.2008.48.
N. Qi, J. Pan, Q. Ding, “The implementation of FPGA-based RSA public-key algorithm and its application in a mobile-phone SMS encryption system,” Proceedings of the International Conference on Instrumentation, Measurement, Computer, Communication and Control, 2011, pp.700-703. https://doi.org/10.1109/IMCCC.2011.178.
N. Saxena, N.S. Chaudhari, “A secure digital signature approach for SMS security,” International Journal of Computer Aplication (IJCA), vol. 1, pp. 98–102, 2011.
N. Saxena, A. Payal, “Enhancing security system of short message service for M-Commerce in GSM,” International Journal of Computer Science & Engineering Technology (IJCSET), vol. 2, pp. 126–133, 2011.
A.K Nanda, L.K. Awasthi, SMS Security Using NTRU Cryptosystem for M-Commerce, Research Scholar, CSE Department National Institute of Technology, 2012, 17 p.
M. Toorani, A.A. Beheshti, “SSMS – A secure SMS messaging protocol for the M-Payment systems,” Proceedings of the 13th IEEE Symposium on Computers And Communications (ISCC’08), 2008, pp. 700–705. https://doi.org/10.1109/ISCC.2008.4625610.
Y.L. Ng, Short Message Service (SMS) Security Solution for Mobile Devices, Nanyang Technological University, Singapore, 2006, pp. 5-6.
A. Mehrotra, GSM System Engineering, Artech House, London, 1997, 472 p.
M.K. Chong, Security of Mobile Banking: Secure SMS Banking, Data Network Architectures Group Department of Computer Science University of Cape Town, Private Bag, Rondebosch 7701, South Africa, 2006, 69 p.
T. Clements, SMS – Short but Sweet, 2003, [online]. Available at: http://tinyurl.com/bvk6qoh.
K. Kohli, SMS in Banking Mitigating the Risks, Paladion Networks, Paladion Knowledge Series, 2004, 9 p.
W. Stallings, Cryptography and Network Security Principles And Practice Fifth Edition, Prentice Hall, New York, 2011, 752 p.
B. Schneier, Applied Cryptography Protocols, Algorithms, and Source Code in C, 2nd ed, John Wiley & Sons, inc., New York, NY, USA, 1995, 758 p.
G.J. Holzmann, Design and Validation of Computer Protocols, Prentice, Hall Software Series, Upper Saddle River, NJ, USA, 1991, 512 p.
A. Emmanuel, Mobile Banking in Developing Countries: Secure Framework for Delivery of SMS-banking Services, The Netherlands. Security of Systems, Radboud University Nijmegen, 2007, 53 p.
W.C. Barker, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, National Institute of Standards and Technology, Gaithersburg, 2012, MD 20899-8, 35 p. https://doi.org/10.6028/NIST.SP.800-67r1.
O.A. Hamdan, B.B. Zaidan, A.J. Hamid, M. Shabbir, Y. Al-Nabhani, “New comparative study between DES, 3DE, and AES within nine factors,” Journal of Computing, vol. 2, issue 3, pp. 152-157, 2010.
How to Cite
LicenseInternational Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:
• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.