ACM Transactions on Computer Systems (TOCS)
Mobile Application Development with SMS and the Sim Toolkit
Mobile Application Development with SMS and the Sim Toolkit
The Logic of Authentication Protocols
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Mobile Networks and Applications - Security in mobile computing environments
Design and Implementation of a PKI-Based End-to-End Secure Infrastructure for Mobile E-Commerce
WISE '01 Proceedings of the Second International Conference on Web Information Systems Engineering (WISE'01) Volume 1 - Volume 1
A hybrid authentication protocol for large mobile network
Journal of Systems and Software
A Generic Authentication System based on SIM
ICISP '06 Proceedings of the International Conference on Internet Surveillance and Protection
Secured enterprise access with strong SIM authentication
EDOC '06 Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference
Advances in network smart cards authentication
Computer Networks: The International Journal of Computer and Telecommunications Networking
A new efficient authentication protocol for mobile networks
Computer Standards & Interfaces
An efficient remote use authentication scheme using smart cards
IEEE Transactions on Consumer Electronics
On certificate-based security protocols for wireless mobile communication systems
IEEE Network: The Magazine of Global Internetworking
A secure energy-efficient m-banking application for mobile devices
Journal of Systems and Software
SMSCrypto: A lightweight cryptographic framework for secure SMS transmission
Journal of Systems and Software
SecureSMS: A secure SMS protocol for VAS and other applications
Journal of Systems and Software
| Hi-index | 0.01 |
Since the first SMS (Short Message Services) message was sent in the UK in 1992, the SMS has become a mass communication tool and has been broadly used in mobile business applications. But the security issue of the SMS has often been considered as a crucial barrier to its application in many fields that need strong authentication and confidentiality, such as mobile-commerce. The Subscriber Identity Module (SIM) inside mobile phones is a tamper resistant device which contains strong authentication mechanism and has been used in remote user authentication system, e.g. WIM card in Wireless Application Protocol (WAP). In this contribution, we design and realize a secure SIM card, named PK-SIM card, which is a standard SIM card with additional PKI functionality; based on the PK-SIM card, we present a security framework offering solutions for the development of secure mobile business applications using SMS as bearer. The security framework consists of a client device, in which a PK-SIM card is used to store security credentials, a Secure Access Gateway (SAG) which is used to receive and send secure SMS messages, a trusted third-party, Certification Authority (CA), which provides a public-key certification service and a Mobile Operator which provides the communication infrastructure for the SMS. Then we propose an authentication and session key distribution protocol which provides end-to-end security between the PK-SIM card and the SAG, and give a formal security analysis to the proposed protocol based on BAN authentication logic. Lastly, we provide a typical application of the security framework in Mobile Police Information System. The evaluations of the system have proved that the security framework is suitable for actual needs both in speed and security.