Secure SMS messaging using Quasigroup encryption and Java SMS API - - PowerPoint PPT Presentation

Secure SMS messaging using Quasigroup encryption and Java SMS API

Marko Hassinen, Smile Markovski

Marko.Hassinen@cs.uku.fi, smile@ii.edu.mk

University of Kuopio, Finland SS Cyril and Methodius University, Republic of Macedonia

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.1/18

Contents

Motivation Definition of the encryption method Application structure Performance figures Conclusions and Future Work

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.2/18

Motivation

SMS message can go to a wrong number

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.3/18

Motivation

SMS message can go to a wrong number Traffic is sometimes not encrypted

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.3/18

Motivation

SMS message can go to a wrong number Traffic is sometimes not encrypted The device with messages in it may get lost

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.3/18

Motivation

SMS message can go to a wrong number Traffic is sometimes not encrypted The device with messages in it may get lost The operator can have malicious employees

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.3/18

Motivation

SMS message can go to a wrong number Traffic is sometimes not encrypted The device with messages in it may get lost The operator can have malicious employees Authentication of receiver

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.3/18

Quasigroup encryption

A groupoid is a finite set

• that is closed with respect

to an operator

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.4/18

Quasigroup encryption

A groupoid is a finite set

• that is closed with respect

to an operator

A quasigroup is a groupoid with unique left and right inverses.

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.4/18

Quasigroup encryption

A groupoid is a finite set

• that is closed with respect

to an operator

A quasigroup is a groupoid with unique left and right inverses. A quasigroup can be characterised with a

that is an

matrix where each row and column is a permutation of elements of a set

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.4/18

Quasigroup encryption

A groupoid is a finite set

• that is closed with respect

to an operator

A quasigroup is a groupoid with unique left and right inverses. A quasigroup can be characterised with a

that is an

matrix where each row and column is a permutation of elements of a set The encryption primitive

• n sequence

is defined as

• ✠

where

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.4/18

Decryption

Decryption

• ✁

is defined as

• ✠

,where

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.5/18

Decryption

Decryption

• ✁

is defined as

• ✠

,where

As an example encrypting a bitsequence 10011100 with a quasigroup of order 4 (

• ☛

= 01):

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.5/18

Decryption

Decryption

• ✁

is defined as

• ✠

,where

As an example encrypting a bitsequence 10011100 with a quasigroup of order 4 (

• ☛

= 01):

01 11100100 00111001 10010011 01001110 10 01 11 00 00 10 10 11

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.5/18

Decryption

Decryption

• ✁

is defined as

• ✠

,where

As an example encrypting a bitsequence 10011100 with a quasigroup of order 4 (

• ☛

= 01):

01 11100100 00111001 10010011 01001110 10 01 11 00 00 10 10 11

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.5/18

Decryption

Decryption

• ✁

is defined as

• ✠

,where

As an example encrypting a bitsequence 10011100 with a quasigroup of order 4 (

• ☛

= 01):

01 11100100 00111001 01001110 10010011 10 01 11 00 00 10 10 11

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.5/18

Decryption

Decryption

• ✁

is defined as

• ✠

,where

As an example encrypting a bitsequence 10011100 with a quasigroup of order 4 (

• ☛

= 01):

01 11100100 00111001 10010011 01001110 10 01 11 00 00 10 10 11

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.5/18

Some words about security

Encryption is a composition of primitives

• and
• which are characterised by a variable length

passprhase.

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.6/18

Some words about security

Encryption is a composition of primitives

• and
• which are characterised by a variable length

passprhase. The amount of different latin squares of order

• is

• ✆

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.6/18

Some words about security

Encryption is a composition of primitives

• and
• which are characterised by a variable length

passprhase. The amount of different latin squares of order

• is

• ✆

There are at least 288 latin squares of order 4, but more than

• f order 16.

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.6/18

Some words about security

Encryption is a composition of primitives

• and
• which are characterised by a variable length

passprhase. The amount of different latin squares of order

• is

• ✆

There are at least 288 latin squares of order 4, but more than

• f order 16.

A Latin square of order 16 has 256 entries that can be stored in 128 bytes.

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.6/18

J2ME as an application environment

J2ME (Java 2 Micro Edition) is a runtime environment designed for devices with limited resources

DEVICE NATIVE SOFTWARE CLDC MIDP APPLICATIONS APPLICATIONS MIDP OEM SPECIFIC OEM SPECIFIC CLASSES NATIVE APPLICATIONS

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.7/18

J2ME as an application environment

Basic language features and libraries are in the CLDC (Connected Limited Device Configuration).

DEVICE NATIVE SOFTWARE CLDC MIDP APPLICATIONS APPLICATIONS MIDP OEM SPECIFIC OEM SPECIFIC CLASSES NATIVE APPLICATIONS

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.7/18

J2ME as an application environment

Mobile Information Device Profile (MIDP) provides additional functionality for a specific type of device.

DEVICE NATIVE SOFTWARE CLDC MIDP APPLICATIONS APPLICATIONS MIDP OEM SPECIFIC OEM SPECIFIC CLASSES NATIVE APPLICATIONS

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.7/18

Application requirements

The requirements for the application were to

• 1. Encrypt an SMS message using quasigroup

encryption and send it

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.8/18

Application requirements

The requirements for the application were to

• 1. Encrypt an SMS message using quasigroup

encryption and send it

• 2. Receive encrypted messages and decrypt them

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.8/18

Application requirements

The requirements for the application were to

• 1. Encrypt an SMS message using quasigroup

encryption and send it

• 2. Receive encrypted messages and decrypt them
• 3. Operate fast enough to provide acceptable service

in an environment with very limited processing power like a mobile phone

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.8/18

Application requirements

The requirements for the application were to

• 1. Encrypt an SMS message using quasigroup

encryption and send it

• 2. Receive encrypted messages and decrypt them
• 3. Operate fast enough to provide acceptable service

in an environment with very limited processing power like a mobile phone

• 4. Be compact enough for use in mobile phone

memory space

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.8/18

Architecture of CryptSMS software

SMSHandler.java NokiaSMSHandler.java WMASMSHandler.java SiemensSMSHandler.java QX.java Receiver.java OutgoingTextMessage.java NUMScreen.java OutgoingTextMessage.java QX.java DebugLog.java NokiaDebugLog.java SiemensDebugLog.java WMA WriteSMS.java CryptSMS.java PASScreen.java CommonLog.java Nokia Siemens SMSScreen.java

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.9/18

Storage memory and JAR size

MIDP application (MIDlets) are stored in the device as JAR (Java archive) files JAR sizes for our application are: Nokia: 16265 bytes Siemens: 17129 bytes WTK: 16167 bytes, WTK is the Wireless Toolkit provided by Sun MicroSystems. Through obfuscation the JAR size can be reduced by approximately 10

• .

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.10/18

Runtime memory

Runtime memory usage for each object was measured as follows:

int iAmount = 100; Object[] objects; long lFree = 0; long lUsed = 0;

• bjects = new SMSScreen[iAmount];

Runtime.getRuntime().gc(); lFree = Runtime.getRuntime().freeMemory(); for(int i = 0; i < iAmount; i++)

• bjects[i] = new SMSScreen(this, ‘‘TEST’’,1);

Runtime.getRuntime().gc(); lUsed = lFree - Runtime.getRuntime().freeMemory(); DebugLog.makeEntry(iAmount+‘‘ SMSScreen) used: ‘‘+lUsed); for(int i = 0; i < iAmount; i++)

• bjects[i] = null;

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.11/18

Name of the class Siemens Nokia WTK WTK* Remarks CommonLog.java N/A N/A N/A Abstract super class CryptSms.java 87 258

• DebugLog.java

N/A N/A N/A N/A Static class NokiaDebugLog.java N/A 41 N/A N/A NokiaSmsHandler.java N/A 264 N/A N/A NUMScreen.java 2595 1255 1465 104 OutgoingTextMessage.java 24 52 44 24 PASScreen.java 2590 1257 1469 108 QX.java 132 164 172 52 Receiver.java 20 N/A N/A N/A SiemensDebugLog 16 N/A N/A N/A SiemensSmsHandler 284 N/A N/A N/A SmsHandler.java N/A N/A N/A N/A Abstract super class SmsScreen.java 448 603 400

• WmaDebugLog.java

N/A N/A 12 12 WmaSmsHandler.java N/A N/A 128 48 WriteSmsScreen.java 2592 1254 1465 104

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.12/18

Encryption processing power

Time needed for encrypting or decrypting a message

• f a certain length was measured with following way:

long lMillis = System.currentTimeMillis(); // Operation that needs to be measured... long lTimeSpent = System.currentTimeMillis() - lMillis; DebugLog.makeEntry(‘‘Encryption time’’ + lTimeSpent);

A bit string with

bits can be encrypted in

• ✠

linear time An optimization can be achieved by sorting the latin square.

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.13/18

Encryption processing power (cont.)

As a result encryption takes time

• ✆

where

• is the

length of the passphrase. Sorting the latin square takes time

where

is the

• rder of the group.

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.14/18

Some experiment results

100 200 300 400 500 600 700 800 5 10 15 20 25 30 35 Time (msec) Number of characters Encryption and decryption times with 4 and 16 rounds 4*Encryption 4*Decryption 16*Encryption 16*Decryption

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.15/18

Conclusions

Quasigroup encryption is compact and fast enough to be used on a restricted mobile platform. Cryptocraphic security of quasigroup encryption needs to be studied more extensively Latencies, such as encryption can be easily hidden from the user with careful application design Device vendors have their own specific API:s in addition to MIDP and WMA. Not all of them implement WMA. For our purposes Siemens Java API proved to offer the best functionality.

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.16/18

Future work

Other cryptocraphic algorithms Public key encryption Authentication Signatures Data integrity Non repudation X.509 certificates Phonebook for keys and numbers Compression

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.17/18

Thank you

Questions?

SPLST 2003 Kuopio, Finland 17-18.6.2003 – p.18/18