BVPSMS: A batch verification protocol for end-to-end secure SMS for mobile users

Abstract

Short Message Service (SMS) is a widely used communication medium for mobile applications, such as banking, social networking, and e-commerce. Applications of SMS services also include real-time broadcasting messages, such as notification of natural disasters (e.g., bushfires and hurricane) and terrorist attacks, and sharing the current whereabouts to other users, such as notifying urgent business meeting information, transmitting quick information in the battlefield to multiple users, notifying current location to our friends and sharing market information. However, traditional SMS is not designed with security in mind (e.g., messages are not securely sent). It is also possible to extract international mobile subscriber identity of the mobile user. In the literature, there is no known protocol that could enable secure transmission of SMS from one user to multiple users simultaneously. In this paper, we introduce a batch verification authentication and key agreement protocol, BVPSMS, which provides end-to-end message security over an insecure communication channel between different mobile subscribers. Specifically, the proposed protocol securely transmits SMS from one mobile user to many other users simultaneously. The reliability of the protocol is discussed along with an algorithm to detect malicious user requests in a batch. We then evaluate the performance of the proposed protocol in terms of communication and computation overheads, protocol execution time, and batch and re-batch verification times. The impacts of the user mobility, and the time, space and cost complexity analysis are also discussed. We then present a formal security proof of the proposed protocol. To the best of our knowledge, this is the first provably-secure batch verification protocol that delivers end-to-end SMS security using symmetric keys.