sms security android app

7/31/2019 SMS Security Android App

1/8

An Android Application for Secured SMS

Messaging

Suman Sourav

Indian Statistical Institute, Kolkata

[email protected]

Abstract

SMS (Short Message Service) is a widely used service for brief com-munication. Occasionally the data sent using SMS services is con-dential in nature and is desired not to be disclosed to a third party.SecureSMSMessaging is a Messaging application which is meant toprovide this service through which one can send as well as recieve en-crypted SMS messages. Messages can be sent to a person who hasthis SecureSMSMessaging app and to a person who does not has thisapp, but the message can be read correctly by one using the app. Theapp uses AES(128 bit) as the encryption scheme.There is also an op-tion for changing the encryption key which correspondingly needs tobe changed at the recievers end for correct decryption. As a sister

application, Authenticated-Messaging was also created which providesauthentication and stronger assurance of data integrity than a check-sum or an error detecting code, using CMAC as a mode of operation.

1 Introduction

SMS messages are sometimes used for the interchange of confidential datasuch as social security number, bank account number, password etc. Atyping error in selecting a number when sending such a message can havesevere consequences if the message is readable to any receiver. Most mobileoperators encrypt all mobile communication data, including SMS messages

but sometimes this is not the case, and even when encrypted, the data isreadable for the operator. Among others these needs give rise for the needto develop additional encryption for SMS messages, so that only accreditedparties are able to engage communication.

Our approach to this problem is to develop an application that can beused in mobile devices to encrypt messages that are about to be sent. Nat-urally decryption for encrypted messages is also provided. The encryptionand decryption are characterised by a secret key that all legal parties haveto posses.

1


2/8

2 ANDROID 2

2 Android

2.1 Reasons for using Android

Open software platform for mobile development.

A complete stack OS, Middleware, Applications.

An Open Handset Alliance (OHA) project.

Powered by Linux operating system.

Open source under the Apache 2 license Open software platform formobile development.

A complete stack OS, Middleware, Applications.

An Open Handset Alliance (OHA) project.

Fast application development in Java.

Open source under the Apache 2 license.

3 Technologies

3.1 Java

Java is a programming language and computing platform first released bySun Microsystems in 1995. It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications.The Java Virtual Machine (JVM) provides Java platform core classes, andsupporting Java platform libraries.

4 Software Requirements

Eclipse is a multi-language software development environment comprisingan integrated development environment (IDE) and an extensible plug-insystem.


3/8

5 PROJECT STRUCTURE 3

Android Development Tools (ADT) is a plugin for the Eclipse IDE

that is designed to give you a powerful, integrated environment to buildAndroid applications.

ADT extends the capabilities of Eclipse to let us quickly set up newAndroid projects, create an application UI, add components based on theAndroid Framework API, debug your applications using the Android SDKtools, and even export signed (or unsigned) .apk files in order to distributeyour application . ADT provides tool integration, custom XML editors, anddebug output pane.

The Android SDK provides the tools and APIs necessary to begin de-veloping applications on the Android platform using the Java programminglanguage.

5 Project Structure

5.1 Types of Files

Android Manifest file- It names the Java package for the applica-tion. It describes the components of the application and which pro-cesses will host application components. It declares the minimum levelof the Android API that the application requires and lists the librariesthat the application must be linked against. Each activity that isdescribed by a java file is to be declared in the Android Manifest File.

.java files-

User created-These files are created by the user to perform thespecified function.

Auto Generated-The auto generated file that is R.java is gener-ated internally with respect to the android working environment.

.xml files-

Layout files - The xml files describe about the Layout. The lay-outs can be relative or absolute.

Values - It includes the sting values.

Menu Files -The menu files are used to describe the main menucontents and the GUI with respect to it.

.apk file - An .apk file extension denotes an Android Package (APK)file. This file format, a variant of the JAR format, is used for distribut-ing and installing bundled components onto the Android operatingsystem.


4/8

6 SMS ENCRYPTION 4

5.2 Android Details

The android specification used in the application is as follows:

Target Name Android 2.2 (Froyo)

API Level 8

Minimum SDK Version 8

Image Type Used .png

ADT Version 0.9.7

IDE Eclipse Java EE

Memory Required on Android Device 1.2MB

6 SMS Encryption

Common model for SMS securing is to use a symmetric cryptography. ForSMS encryption, there is commonly used the symmetric algorithm AES.

AES is based on a design principle known as a substitution-permutationnetwork, and is fast in both software and hardware. AES is the NISTstandard, a variant of Rijndael which has a fixed block size of 128 bits, anda key size of 128, 192, or 256 bits (Here we have used a 128 bit key).


5/8

7 SMS AUTHENTICATION 5

6.1 High-level description of the Algorithm

1. KeyExpansion : Round keys are derived from the cipher key usingRijndaels key schedule.

2. Initial Round

AddRoundKey : each byte of the state is combined with theround key using bitwise XOR.

3. Rounds

SubBytes : A non-linear substitution step where each byte isreplaced with another according to a lookup table.

ShiftRows : A transposition step where each row of the state isshifted cyclically a certain number of steps.

MixColumns : A mixing operation which operates on the columnsof the state, combining the four bytes in each column.

AddRoundKey

4. Final Round (no MixColumns)

SubBytes

ShiftRows

AddRoundKey

7 SMS Authentication

Here the authorized party applies the MAC generation process to the datato be authenticated to produce a MAC for the data. Subsequently, anyauthorized party can apply the verification process to the received dataand the received MAC. Successful verification provides assurance of dataauthenticity and, hence, of integrity.

The CMAC algorithm depends on the choice of an underlying symmetrickey block cipher, here AES. The key is the same key used in AES. To

generate an -bit CMAC tag (t) of a message (m) using a b-bit block cipher(E) and a secret key (k), one first generates two b-bit sub-keys (k1 and k2)using the following algorithm (this is equivalent to multiplication by x andx2 in a finite field GF(2b)). Let signify a standard left-shift operator:

1. Calculate a temporary value k0 = Ek(0).

2. If msb(k0) = 0, then k1 = k0 1, else k1 = (k0 1) C; where C is acertain constant that depends only on b. (Specifically, C is the non-leading coefficients of the lexicographically first irreducible degree-bbinary polynomial with the minimal number of ones.)


6/8

8 HANDLING SMS IN ANDROID 6

3. If msb(k1) = 0, then k2 = k1 1, else k2 = (k1 1) C.

The CMAC tag generation process is as follows:

1. Divide message into b-bit blocks m = m1 mn1 mn where m1, , mn1are complete blocks. (The empty message is treated as 1 incompleteblock.)

2. If mn is a complete block then mn = k1 mn else mn = k2 (mn 1002).

3. Let c0 = 0002.

4. For i = 1,, n, calculate ci = Ek(ci1 mi).

5. Output t = msb(cn).

8 Handling SMS in Android

8.1 Sending SMS Messages

Android uses a permission-based policy where all the permissions neededby an application need to be specified in the AndroidManifest.xml file. Bydoing so, when the application is installed it will be clear to the user whatspecific access permissions are required by the application. For example, assending SMS messages will potentially incur additional cost on the users

end, indicating the SMS permissions in the AndroidManifest.xml file will letthe user decide whether to allow the application to install or not.

In the AndroidManifest.xml file,we add the two permissions - SEND SMSand RECEIVE SMS. Next, in the SecureSMSMessaging activity, we wire upthe Button view so that when the user clicks on it, we will check to see thatthe phone number of the recipient and the message is entered before we sendthe message using the sendSMS() function.

To send an SMS message, we would require the use the SmsManagerclass. Unlike other classes, we do not directly instantiate this class; instead

we call the getDefault() static method to obtain an SmsManager ob ject. Weobtain the SMS to be sent from the editext box of the GUI and perform therequired operation on it (Encrypt it for the first application and generat-ing tag bits in the second application) The sendTextMessage() method thensends the SMS message (either encrypted or with tag bits) with a Pending-Intent. The PendingIntent object is used to identify a target to invoke at alater time. For example, after sending the message, we can use a Pending-Intent object to display another activity. In this case, the PendingIntentobject (pi) is simply pointing to the same activity (SMS.java), so when the


7/8

8 HANDLING SMS IN ANDROID 7

SMS is sent, nothing will happen.

Our code uses a PendingIntent object (sentPI) to monitor the sendingprocess. When an SMS message is sent, the first BroadcastReceivers on-Receive event will fire. This is where we check the status of the sendingprocess. The second PendingIntent object (deliveredPI) monitors the deliv-ery process. The second BroadcastReceivers onReceive event will fire whenan SMS is successfully delivered. When an SMS is sent successfully, it willdisplay a SMS sent message. When it is successfully delivered, it willdisplay a SMS delivered message.

8.2 Receiving SMS Messages

Besides programmatically sending SMS messages, we also intercept incom-ing SMS messages using a BroadcastReceiver object. In the AndroidMani-fest.xml file we add the receiver element so that incoming SMS messagescan be intercepted by the SmsReceiver class.

When SMS messages are received, the onCreate() method will be in-voked. The SMS message is contained and attached to the Intent object(intent - the second parameter in the onReceive() method) via a Bundleobject. The messages are stored in an Object array in the PDU format.To extract each message, you use the static createFromPdu() method from

the SmsMessage class. The SMS message is then displayed using the Toastclass.

8.3 Other Operations Involved

We also make use of android:exported which indicates that the SmsRe-ceiver class must receive event not only from the application but also fromthe whole Android system and android:priority=999 which indicates thatreceiver has the highest priority and will catch the SMS event before the sys-tem. In the second application for SMS authentication we make use of thisand modify the incoming SMS before putting it in the database by removingthe tag and prevent reception of the message in case of an authenticationfailure.

For viewing the decrypted message we have defined an onclick methodwhich collects the message and displays it using a dialog box along with theoption of Replying and Forwarding the message.

We have also provided an option for changing the key used. The keyneeds to be same for the sender and reciever for correct decryption. The


8/8

9 CONCLUSION 8

key is stored inside the android OS internal memory such that a malicious

user cannot alter it.

9 Conclusion

Going by the recent trend the android market is developing at 35%. This ap-plication will provide many users the security they desire in their messagingapplication.

Here we have created two Android Applications for dealing with securityand authenticity in which we have correctly implemented the AES algorithmfor both encryption and decryption as well as the CMAC mode of imple-mentation. Further we plan to make a more attractive user interface as well

as test the application against more rigorous test cases.

References

[1] Wei-Meng Lee, Beginning Android Application Development.

[2] Federal Information Processing Standards Publication 197 , AdvancedEncryption Standard (AES) .

[3] Morris Dworkin, Recommendation for Block Cipher Modes of Operation:The CMAC Mode for Authentication. Computer Security Division In-

formation Technology Laboratory National Institute of Standards andTechnology Gaithersburg, MD 20899-8930

[4] http://developer.android.com/.

[5] http://www.android.com/.

[6] http://www.barebonescoder.com/.

[7] http://www.droidnova.com/.

sms security android app

Documents