Security Systems related to SMS

Document Sample
Security Systems related to SMS Powered By Docstoc
					                                                                                                    Lars Schnake
                                                                                                     Sagem Orga

Security Systems related to SMS
This document tries to sum up some SMS related security systems to give an overview and to support a
valuation. But a real rating on terms of security of a mechanism seems to be too contextual and architecture
depending to be given here.

Cryptographic Basics
Information about cryptographic basics can be found here:

Estimated secure keylength (according to Lenstra/Verheul)

Year                          Length of sym. Key (bits)      Length of asym. Key (bits)
                              (IDEA, CAST, DES)              (RSA, Elgamal, DH)
2000                          70                             952
2002                          72                             1028
2005                          74                             1149
2010                          78                             1369
2015                          82                             1613
2020                          86                             1881
2023                          88                             2054
2025                          89                             2174
2026                          90                             2236
2030                          93                             2493
2035                          97                             2840
2040                          101                            3214

Newer estimations are becoming more conservative but as a first appraisal the following key length (related to
the context of usage) can be take as a raw suggestion:
                               Block Cipher (Bits)        RSA (Bits)
Commercial and private use 128                            1024
Commercial use (long term) 128                            2048

                                                                                         Lars Schnake
                                                                                          Sagem Orga

Taxonomy of communication systems related to SMS
Name                          Description                        Security
S/MIME (PKCS-7 RSA)           Cryptographic message syntax for    hybrit ciphering
                              e-mail sign and optional cipher.    Links an id (e-mail address) to
                                                                     a public/private keypair.
                                                                  CA based infrastructure
PGP                           Cryptographic message syntax for    hybrit ciphering
OpenPGP                       e-mail sign and optional cipher     Web-of-trust infrastructure
                                                                  Link an id (e-mail address) to
                                                                     a public/private keypair
                                                                  Optional trustdb
HTTP                          Transport protocol                  No data transport security
                                                                  weak identification security
HTTPS                         Transport security for HTTP         hybrit ciphering
                              connections.                        data transport security
                                                                  Authentication if CA is used.

Short Message Service (SMS)   Short text messages to mobile         no data security
                              devices send by the GSM network       no authentication of sender

                              Push-Message to establish MIDlet
                              download possible

                              Message can also be addressed to a
                              registered MIDlet or to a SIM card
53.048 coded Short Messages   Secured message to a SIM card         Strong block cipher with secret
(OTA)                         application.                           keys securely stored on SIM.
                              Remote file-system access             Access parties under control of
                              possible.                              the network operator.
Bluetooth                     Data exchange between two             Authentication often with
                              handsets or handset and PC             short PINs
                                                                    Data security with PIN based
                                                                     transport keys
                                                                    ‘Handmade’ key exchange
Near Field Communication      Wireless data transport for very      no defined security concept,
                              short distance                         focus on transport.
                                                                    Security by distance limitation
GSM/UMTS Communication        Telephony and data services           Strong authentication and data
                                                                    Strong block cipher with secret
                                                                     keys securely stored on SIM


Shared By: