GSM systems are vulnerable to an unauthorized access and eaves droppings when compared with the traditional fixed wired networks due to the mobility of its users. The main idea of this project is to develop an application device to secure mobile banking over unsecure GSM network. It is important to mention here that, mobile banking is a term used for performing balance checks, account transactions, payments, credit applications and many other online applications. But unfortunately, the security architecture for cellular network is not entirely secure. As a matter of fact, GSM network infrastructure is proved to be insecure and many possible attacks have well documented in the literature. Security was never considered in the initial stages therefore sending protective banking information across an open mobile phone network remains insecure. Consequently, this project focuses entirely on the developing and designing security techniques to asses some security issues within mobile banking through cellular phone network (GSM). The main aim of this project was to investigate and examine the following:
1. Security issues in each level of the mobile network architecture.
2. Messages and signals exchanged between user’s cellular phone and mobile network at each level.
3. The overall security architecture of GSM flaws.
4. Some existing security measures for mobile transactions.
5. The current security within SMS banking and GPRS banking.
Finally, two folded simulation in MATLABT were performed using OFDM which is a broadband multicarrier modulation method that provides a high performance operation to transmitted and received data or information. In other words, it is the most customary single that uses carrier modulation that gives high speed function in microwave frequency. Therefore, the first program was concerned with generating transmission and receiving the OFDM signal without channel noise effect. The second program was concerned with the effects of high power amplifier and channel noise on the OFDM signals. It is to be noticed here that the OFDM is a modulation that is especially suitable for wireless communication. Consequently, the suggested programme succeeded in achieving a limited noise or interference in the signal as the users complained and suffered constantly from this noise and from losing the data or the information.
Table of Contents
Chapter 1: Overview of mobile banking security
Introduction
Chapter 2: GSM security issues
Literature review
2.1 GSM network architecture and GSM security
2.2 Mobile Banking and security
2.3 SMS/GPRS banking services
2.4 End to End security architecture for mobile banking system
Chapter 3: The focus of study
3.1 Theoretical section
3.1.1 GSM and GPRS security architecture
3.1.2 Security mechanism in GSM network
3.1.2.1 GSM authentication centre
3.1.2.2 Authentication procedure
3.1.3 Issus with GSM network system
3.1.3.1 Problems with A3/A8 authentication algorithm
3.1.3.2 A5 algorithm problems
3.1.3.3 Attack on RAND value
3.1.4 Current mobile banking
3.1.4.1 Current SMS banking services in Oman
3.1.4.2 Wireless Application WAP
3.1.4.3 Issus in mobile banking in Oman
3.1.4.4 Security problems with GPRS using WAP Implementations
3.1.4.5 Security problems connected with using the GPRS network
3.1.5 Secure SMS solution
3.1.5.1 Secure SMS protocol
3.1.5.2 Message structure
3.1.5.3 Protocol sequences
3.1.6 Generation and sending secure SMS messages
3.1.6.1 Security of secure SMS protocol
3.1.7 Secure GPRS solution
3.1.7.1 Protocol message components
3.1.7.2 Client protocol Initialization
3.1.7.3 SGP handshake for Client
3.1.7.4 Server protocol initialization
3.1.7.5 SGP handshake for server
3.1.7.6 Keys and certificates storage in the bank server
3.1.7.7 Secure GPRS protocol
Chapter 4: Simulation Results
4. Results of the project
Chapter 5
5. Conclusion & Future work
Objectives and Research Focus
The primary objective of this project is to investigate and improve the security of mobile banking services operating over GSM and GPRS networks. The work aims to identify inherent security flaws in current mobile network architectures and develop more robust, secure protocols for mobile transactions through simulation and analysis.
- Analysis of security vulnerabilities in mobile network architectures.
- Evaluation of current SMS and GPRS banking security protocols.
- Development of a secure SMS protocol incorporating improved message structures and authentication sequences.
- Design of a new secure GPRS protocol using advanced encryption and handshaking mechanisms.
- Performance validation via MATLAB simulation of signal transmission using OFDM techniques.
Excerpt from the Book
3.1.6.1 Security of secure SMS Protocol
The Secure SMS protocol conforms to the general security requirements through the means of confidentiality, integrity, authentication, non-repudiation and availability:
1. Confidentiality can be achieved by encrypting the message via using a symmetric secret one -time password shared only between the user and bank server. The strength of confidentiality depends on the security strength of password generation algorithm used and that of the ciphering algorithm. Otherwise, there will not be any confidentiality.
2. Integrity: As we mention in the previous part, the message digest is the hashed value of the message content calculated server application and mobile phone application. If the content has been changed through the transmission of data, the hashing algorithm will generate different digest value on the receiver side. Mismatched digests mean that the message is not secure. Therefore, providing high security depends on the strength of the algorithm encryption as well as on the digest value.
3. Authentication: To authenticate the user, the user needs to show his authentication detail to the receiver. This process is performed by validating the message PIN with the receiver PIN saved in the mobile banking account.
4. Non- Repudiation: The one time password is only held by the account holder and the bank server. In addition, the bank server cannot generate more than one time password for the sake of high security. Therefore, the onetime password is designed for a single user so that the user cannot deny not sending the message, because every user had a unique password and a sequence number to encrypt the message.
5. Availability: The cellular network is based on the availability of this protocol. The time which a message takes to be delivered depends on the quality of network operation towers. Therefore, each server has their capability to deal with a number of users.
Summary of Chapters
Chapter 1: Overview of mobile banking security: Provides an introduction to the rapid growth of GSM technology and the fundamental security challenges associated with mobile banking in modern telecommunications.
Chapter 2: GSM security issues: Reviews existing literature regarding GSM network architecture, security vulnerabilities, and current mobile banking payment models.
Chapter 3: The focus of study: Details the theoretical foundation for proposed security solutions, including the design of secure SMS and GPRS protocols to mitigate identified threats.
Chapter 4: Simulation Results: Presents a comparative analysis between existing mobile banking solutions and the proposed secure architectures, backed by simulation data.
Chapter 5: Conclusion & Future work: Summarizes the findings of the security investigations and suggests future research directions, including the use of more complex programming environments.
Keywords
GSM, GPRS, Mobile Banking, Security, Encryption, Authentication, SMS, OFDM, MATLAB, WAP, Protocols, Integrity, Confidentiality, Non-repudiation, Network Architecture
Frequently Asked Questions
What is the core focus of this research?
This research focuses on identifying and addressing security vulnerabilities in mobile banking systems that operate over inherently insecure GSM and GPRS networks.
Which specific areas of mobile banking are examined?
The study covers the security architecture of mobile networks, the vulnerabilities in current SMS and GPRS banking implementations, and the design of robust protocols to secure these transactions.
What is the primary goal of the proposed security solutions?
The primary goal is to ensure end-to-end security for mobile banking transactions, specifically addressing issues like data integrity, authentication, and protection against unauthorized eavesdropping.
Which scientific method is utilized in this project?
The project employs both a theoretical analysis of existing security standards and a practical simulation approach using MATLAB to model signal transmission and evaluate security improvements.
What key topics are covered in the main body of the work?
The main body treats the evaluation of existing GSM security, the development of a secure SMS protocol, the design of a secure GPRS solution, and the simulation of signal performance using Orthogonal Frequency Division Multiplexing (OFDM).
What keywords best represent this work?
The work is characterized by terms such as GSM, GPRS, Mobile Banking, Encryption, Authentication, SMS, and OFDM.
How is the security of the SMS protocol improved?
The improved SMS protocol uses a symmetric secret one-time password and message digests to ensure that even if a message is intercepted, it cannot be tampered with or used by unauthorized parties.
How does the proposed SGP handshake contribute to security?
The SGP (Service General Packet) handshake ensures that both the client and the bank server are authenticated, using digital signatures and encrypted keys to protect account information.
What role does MATLAB play in this study?
MATLAB is used to simulate signal transmission and test the performance of the communication channel with and without noise, thereby validating the robustness of the proposed signal processing techniques.
- Quote paper
- Ali Raheem (Author), 2011, Development and Implementation of secure GSM algorithm for Mobile Banking, Munich, GRIN Verlag, https://www.hausarbeiten.de/document/200701
