| With extensively use of GSM system, some of its security flaws are being revealed gradually: the authentication process is a single directional process, which may be attacked by middleman; the encryption is not an end-to-end but a point-to-point process, so short messages transmit in the fixed network in the form of plain text, which could be easily accessed; the A5 algorithm used for encryption in GSM has been cracked, so it can't provide enough security any more; lacking of data integrity checking, and so on. As a result of these increasingly serious security issues, services carried by short message service perform an increasing lacking of enough security, which results in limitation of short message application in some fields those relate to confidential information, such as information system of police department, short message bank service of bank system. In this circumstance, it's an urgent demand to supply short message service with an additional security protection.Aiming at security flaws of current GSM system, considering security demands of three entities in short message service: system, user and short message, a design solution of short message security sytem which based on application layer secure short message protocol is put forward, implemented and tested. Problems wait to settle and system's object are confirmed by researching on the GSM network's security actuality, which, is to provide short message service with three security services: bi-directional authentication based on ECC, encryption based on AES, integrity checking based on HASH, implement approach of each security service is expounded later. With comparing advantages and disadvantages of various kinds of solutions of system, a design solution which based on secure short message protocol and GSM modem is brought forword, taking into account the actual condition. Design of secure short message protocol is also expatiated, which focuses on structurizing the user data field of short message, to implement system access, bearing of three security services and other interactive functions. On implement of system's modules, a guiding ideology of object oriented and reusability is adopted, algorithm library is organized with abstract factory pattern, three security services are coupling with algorithm library by bridge pattern, in order to make modules perform high cohesion and loose coupling, consequently, reusability and expansibility of program are improved. At last, security and capability of the system are evaluated with methods of qualitative analysis and quantitative analysis; ways to enhance system's performance are also discussedThe main research results of this article are as follows: a solution including three security services to settle short message security threatens; discussing on algorithm set which includes ECC, AES, HASH, describing implement of the three security services by using the algorithm set; design and implement of secure short message protocol; modularizing design and coupling research between modules with guiding ideology of object oriented and reusability; put forward an design of short message engine which is used for encapsulation operations of short message. Among them, idea of application layer access based on protocol and modules reusability design are more representative of original creation. |
PDF Full Text Request