digital signature for SMS security
1 like1,413 views
This document discusses a secure digital signature approach for SMS security using ECDSA algorithm. It begins with an introduction to digital signatures and their technical details. It then discusses the legal recognition of digital signatures in India according to the Information Technology Act 2000. It describes SMS architecture and vulnerabilities. The document proposes using ECDSA algorithm to add non-repudiation to SMS through digital signatures. It analyzes the security of this approach and discusses checking it for vulnerabilities before concluding and citing references.
![REFERENCES
• [1] Mary Agoyi, Devrim Seral, “SMS Security: An Asymmetric
Encryption Approach”, Sixth International Conference on Wireless
and Mobile Communications, 2010@IEEE, pp. 448-452.
• [2] Neetesh Saxena, Narendra S. Chaudhari, “A Secure Digital
Signature Approach for SMS Security”, Department of Computer Sc.
& Engineering Indian Institute of Technology, Indore, India, A
Special Issue from IJCA - www.ijcaonline.org
• [3] Digital Signatures A cryptovision whitepaper Version 1.0
cryptovision GmbH Munscheidstr. 14 45886 Gelsenkirchen](https://image.slidesharecdn.com/paperpresentation-140612002231-phpapp01/85/digital-signature-for-SMS-security-18-320.jpg)
digital signature for SMS security
- 1. A SECURE DIGITAL SIGNATURE APPROACH FOR SMS SECURITY By: Nileshwari Desai Roll Num: A 216
- 2. CONTENTS • Introduction • Technical details • Law • SMS • SMS architecture • SMS vulnerability & security • Approach- ECDSA algorithm • Alternate approach • Security analysis • Conclusion • References
- 3. INTRODUCTION So, what is a digital signature? • A Digital Signature is the electronic or digital equivalent of a physical signature. Just as a physical signature on a paper document establishes the origin of that document, a digital signature affixed to a digital document (computer file) establishes the origin of that digital document.
- 4. TECHNICAL DETAILS (SIMPLIFIED DESCRIPTION) • A Digital Signing Certificate contains what is known as a „key-pair‟ comprising a private key & a corresponding public key. • The process of signing a document involves finding the „hash value‟ of the document and then using the hash value and the private key to generate the digital signature which is affixed to the document along with the public key of the signer.
- 5. LAW • Digital Signatures are considered equivalent to physical signatures by law in most countries around the world, including US, European countries and India. • In India, the Information Technology Act 2000 provides the legal sanctity for using Digital Signatures. • The entire act can be found on the internet. However section 4 and section 5 should be drawn some attention to.
- 6. Section 4. Legal recognition of electronic records. • Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is— ▫ rendered or made available in an electronic form; and ▫ accessible so as to be usable for a subsequent reference.
- 7. 5. Legal recognition of digital signatures. • Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.
- 8. SMS • SMS messages are currently one of the most widespread forms of communication. We have seen many unusual or strange applications, such as devices which allow the switching on and off of house heating systems using an SMS. • Alternatively, through SMS, whenever the temperature of a refrigerator exceeds a certain threshold, it is possible to automatically communicate the problem. • Indeed, through SMS, fridges can even signal when they are running out of beer.
- 10. SMS SECURITY ISSUES AND VULNERABILITIES Two important aspects for any entity using consumer technologies such as SMS for business purposes: • SMS is not a secure environment. • Security breaches often occur more easily by concentrating on people rather than technology. SMS is vulnerable to – 1. Snooping: - On device, at the store and forward network elements . 2. SMS Interception:- Over the air, in wired network. 3. Spoofing: - Using commercial tools, own SMS gateway. 4. Modification: - Using conventional hacking techniques. 5. Attacks on GSM, the SMS Carrier Technology: - Often the weakest link in security is the mobile phone itself. Even leaving the mobile phone unattended inadvertently could expose your private and confidential messages to snooping.
- 11. SMS SECURITY • Secrecy • Integrity • Availability • Authenticity
- 12. APPROACH FOR SMS SECURITY • To protect the SMS contents, we usually do the encryption. • It may be symmetric or asymmetric encryption. But our focus here is on the non-repudiation. • If a SMS has sent by user „A‟ to user „B‟, „A‟ must not deny that he has sent SMS. This feature can be achieved by imposing digital signature. • The popular digital signature algorithms are DSA and elliptic curve based ECDSA. • The bit size of the public key believed to be needed for ECDSA is about twice the size of the security level, in bits. By comparison, at a security level of 80 bits, meaning an attacker requires the equivalent of about 280 signature generations to find the private key.
- 13. ECDSA ALGORITHM • User A selects an integer k randomly, 0 < k < n, calculate k*G = (x, y), r = x mod n; • Take (r, s) as the digital signature of message m by A. • The verification of digital signature: 1. Calculate e1 =h(m1), u= s -1 * e1 mod n, v= s -1 * r mod n. 2. Calculate X= u*G + v*P = s -1 ( e1 * G + r * d * G) = s -1 (e + r * d) * G = k * G = (x1 , y1 ) 3. If X = 0, this signature is refused; else calculates r1 , x1 mod n.
- 14. POSSIBLE ATTACK • The per-message secrets k used to sign two or more messages should be generated independently of each other. • In particular, a different per-message secret k should be generated for each different message signed; otherwise, the private key d can be recovered. • If a secure random or pseudorandom number generator is used, then the chance of generating a repeated k value is negligible.
- 15. 5. SECURITY ANALYSIS • In the typical digital signature schemes such as ECDSA, a public key only corresponds to one secret key. • Given the secret key d, let the public key P be derived according to the equation P=dB, and let the signature T be derived using a random number ‘k’ following the equation T = k*B. • If an attacker attempts to derive the secret-key from the public key, he has to encounter the difficulty of solving the ECDLP.
- 16. VULNERABILITY WITH SAT • It‟s necessary to check the vulnerability of the existing elliptic curve based digital signature algorithms. • These algorithms are based on the hardness of elliptic discrete logarithm problem which is still a NP-Complete problem. • For this purpose we prefer to do it using Boolean Satisfiability Problem (SAT), as we have polynomial time solution for 2-SAT and 3-SAT.
- 17. CONCLUSION & FUTURE WORK • The elliptic curve discrete logarithm problem is significantly more difficult than the integer factorization problem. For the most part, the well-known RSA system must use 1024 bit keys, only then can it attain computationally reasonable security where as the ECC needs only 160 bit keys. So, at the same level of security, the speed of ECC is several times faster than RSA system; it can also saves on key storage space. • Elliptic curve discrete logarithm problem based systems are considered as secure systems but in quantum computer‟s environment these systems may not be secured. • In future, it‟s necessary to check the vulnerability of the system (attempt to break) and develop a secure environment.
- 18. REFERENCES • [1] Mary Agoyi, Devrim Seral, “SMS Security: An Asymmetric Encryption Approach”, Sixth International Conference on Wireless and Mobile Communications, 2010@IEEE, pp. 448-452. • [2] Neetesh Saxena, Narendra S. Chaudhari, “A Secure Digital Signature Approach for SMS Security”, Department of Computer Sc. & Engineering Indian Institute of Technology, Indore, India, A Special Issue from IJCA - www.ijcaonline.org • [3] Digital Signatures A cryptovision whitepaper Version 1.0 cryptovision GmbH Munscheidstr. 14 45886 Gelsenkirchen