| Abstract: |
The exponential growth of the Short Message Service (SMS) use has led this service to an indispensable tool for social, marketing and advertising messaging. Moreover, mobile devices such as smartphones, handsets and PDAs represent an enabling factor for distributing digital content. Mobile devices are quickly becoming Personal Trust Device (PTD); mobile devices embed personal data, which allow sending/receiving confidential information from/to the PTD. This paper aims to introduce Trusted-SMS, a novel framework to exchange secure SMS. This system is composed by three main entities: the Service Supplier, which publishes and delivers services; the End User, which choices and eventually pays for a specific service, that belongs to the service-set offered by a Service Supplier; the Certification Authority (CA) which represents the trusted entity shared by the Service Supplier and the End User. The CA plays the role of the Certification Authority. The main requirements of the overall system are strictly non-repudiability, user friendliness and platform portability. The security requirement includes customer transaction authentication, confidentiality, integrity and non repudiation, in an environment composed of heterogeneous networks and devices, with different security weaknesses. Trusted-SMS allows exchanging SMS digitally signed with Elliptic Curve Digital Signature Algorithm. SMS digitally signed are useful in many scenarios, such as commercial transaction, production of delegation from a remote site and provisioning of e-healthcare services. The signature is fully contained in a single SMS; the size of a digital signature amount to fifty bytes leaving more than one hundred bytes (110 bytes) for the SMS payload. Moreover the application of Elliptic Curve Integrated Encryption Schema cryptographic algorithm, which is based on the same credentials needed by the digital signature algorithm, allows protecting the payload from intrusions. |