SMS

What is it about?

Short message service (SMS) provides a wide channel of communication for banking in mobile commerce and mobile payment. The transmission of SMS is not secure in the network using global system for mobile communications or general packet radio service. Security threats in SMS restricted the use of SMS in mobile banking within certain limits. This paper proposed a model to address the security of SMS using elliptic curve cryptography. The proposed model provides end-to-end SMS communication between the customer and the bank through the mobile application. The main objective of the proposed model is to design and develop a security framework for SMS banking. Further, the protocol is verified for its correctness and security properties because most of the protocols are not having the facility to be verified by using the formal methods. Our proposed framework is experimentally validated by formal methods using model checking tool called automated validation of internet security protocols and Scyther tools. Security analysis shows that the proposed mechanism works better compared to existing SMS payment protocols for real-world applications.

Featured Image

Why is it important?

In this paper, we introduce a new SMS-based mobile banking protocol with formal verification. The proposed framework allows a payer to make payment to a mobile bank with an encrypted format. This protocol allows digital signatures, hash functions, symmetric, and asymmetric algorithms between the participating entities. It provides a bridge between payer and payee via PG using the concept of elliptic curve combining digital signature and encryption functions in mobile devices. This protocol is free from all the possible attacks like man-in-the-middle,26 replay, reflection attacks because the protocol is verified under the environment of AVISPA and ScytheR tools. Furthermore, the proposed SMS-based mobile banking protocol is compatible with existing SMS message infrastructure.