An Android Application for Secured SMS Messaging

Suman Sourav Indian Statistical Institute, Kolkata smnsourav@gmail.com

Abstract SMS (Short Message Service) is a widely used service for brief communication. Occasionally the data sent using SMS services is condential in nature and is desired not to be disclosed to a third party. SecureSMSMessaging is a Messaging application which is meant to provide this service through which one can send as well as recieve encrypted SMS messages. Messages can be sent to a person who has this SecureSMSMessaging app and to a person who does not has this app, but the message can be read correctly by one using the app. The app uses AES(128 bit) as the encryption scheme.There is also an option for changing the encryption key which correspondingly needs to be changed at the recievers end for correct decryption. As a sister application, Authenticated-Messaging was also created which provides authentication and stronger assurance of data integrity than a checksum or an error detecting code, using CMAC as a mode of operation.

Introduction

SMS messages are sometimes used for the interchange of condential data such as social security number, bank account number, password etc. A typing error in selecting a number when sending such a message can have severe consequences if the message is readable to any receiver. Most mobile operators encrypt all mobile communication data, including SMS messages but sometimes this is not the case, and even when encrypted, the data is readable for the operator. Among others these needs give rise for the need to develop additional encryption for SMS messages, so that only accredited parties are able to engage communication. Our approach to this problem is to develop an application that can be used in mobile devices to encrypt messages that are about to be sent. Naturally decryption for encrypted messages is also provided. The encryption and decryption are characterised by a secret key that all legal parties have to posses.

ANDROID

2
2.1

Android
Reasons for using Android
Open software platform for mobile development. A complete stack OS, Middleware, Applications. An Open Handset Alliance (OHA) project. Powered by Linux operating system. Open source under the Apache 2 license Open software platform for mobile development. A complete stack OS, Middleware, Applications. An Open Handset Alliance (OHA) project. Fast application development in Java. Open source under the Apache 2 license.

3
3.1

Technologies
Java

Java is a programming language and computing platform rst released by Sun Microsystems in 1995. It is the underlying technology that powers stateof-the-art programs including utilities, games, and business applications. The Java Virtual Machine (JVM) provides Java platform core classes, and supporting Java platform libraries.

Software Requirements

Eclipse is a multi-language software development environment comprising an integrated development environment (IDE) and an extensible plug-in system.

PROJECT STRUCTURE

Android Development Tools (ADT) is a plugin for the Eclipse IDE that is designed to give you a powerful, integrated environment to build Android applications. ADT extends the capabilities of Eclipse to let us quickly set up new Android projects, create an application UI, add components based on the Android Framework API, debug your applications using the Android SDK tools, and even export signed (or unsigned) .apk les in order to distribute your application . ADT provides tool integration, custom XML editors, and debug output pane. The Android SDK provides the tools and APIs necessary to begin developing applications on the Android platform using the Java programming language.

5
5.1

Project Structure
Types of Files
Android Manifest le- It names the Java package for the application. It describes the components of the application and which processes will host application components. It declares the minimum level of the Android API that the application requires and lists the libraries that the application must be linked against. Each activity that is described by a java le is to be declared in the Android Manifest File. .java les User created-These les are created by the user to perform the specied function. Auto Generated-The auto generated le that is R.java is generated internally with respect to the android working environment. .xml les Layout les - The xml les describe about the Layout. The layouts can be relative or absolute. Values - It includes the sting values. Menu Files -The menu les are used to describe the main menu contents and the GUI with respect to it. .apk le - An .apk le extension denotes an Android Package (APK) le. This le format, a variant of the JAR format, is used for distributing and installing bundled components onto the Android operating system.

SMS ENCRYPTION

5.2

Android Details

The android specication used in the application is as follows: Target Name API Level Minimum SDK Version Image Type Used ADT IDE Memory Required on Android Device Android 2.2 (Froyo) 8 8 .png Version 0.9.7 Eclipse Java EE 1.2MB

SMS Encryption

Common model for SMS securing is to use a symmetric cryptography. For SMS encryption, there is commonly used the symmetric algorithm AES. AES is based on a design principle known as a substitution-permutation network, and is fast in both software and hardware. AES is the NIST standard, a variant of Rijndael which has a xed block size of 128 bits, and a key size of 128, 192, or 256 bits (Here we have used a 128 bit key).

SMS AUTHENTICATION

6.1

High-level description of the Algorithm

1. KeyExpansion : Round keys are derived from the cipher key using Rijndaels key schedule. 2. Initial Round AddRoundKey : each byte of the state is combined with the round key using bitwise XOR. 3. Rounds SubBytes : A non-linear substitution step where each byte is replaced with another according to a lookup table. ShiftRows : A transposition step where each row of the state is shifted cyclically a certain number of steps. MixColumns : A mixing operation which operates on the columns of the state, combining the four bytes in each column. AddRoundKey 4. Final Round (no MixColumns) SubBytes ShiftRows AddRoundKey

SMS Authentication

Here the authorized party applies the MAC generation process to the data to be authenticated to produce a MAC for the data. Subsequently, any authorized party can apply the verication process to the received data and the received MAC. Successful verication provides assurance of data authenticity and, hence, of integrity. The CMAC algorithm depends on the choice of an underlying symmetric key block cipher, here AES. The key is the same key used in AES. To generate an -bit CMAC tag (t) of a message (m) using a b-bit block cipher (E) and a secret key (k), one rst generates two b-bit sub-keys (k1 and k2) using the following algorithm (this is equivalent to multiplication by x and x2 in a nite eld GF(2b)). Let signify a standard left-shift operator: 1. Calculate a temporary value k0 = Ek(0). 2. If msb(k0) = 0, then k1 = k0 1, else k1 = (k0 1) C; where C is a certain constant that depends only on b. (Specically, C is the nonleading coecients of the lexicographically rst irreducible degree-b binary polynomial with the minimal number of ones.)

HANDLING SMS IN ANDROID 3. If msb(k1) = 0, then k2 = k1 1, else k2 = (k1 1) C.

The CMAC tag generation process is as follows: 1. Divide message into b-bit blocks m = m1 mn1 mn where m1, , mn1 are complete blocks. (The empty message is treated as 1 incomplete block.) 2. If mn is a complete block then mn = k1 mn else mn = k2 (mn 1002). 3. Let c0 = 0002. 4. For i = 1,, n, calculate ci = Ek(ci1 mi). 5. Output t = msb(cn).

8
8.1

Handling SMS in Android

Sending SMS Messages

Android uses a permission-based policy where all the permissions needed by an application need to be specied in the AndroidManifest.xml le. By doing so, when the application is installed it will be clear to the user what specic access permissions are required by the application. For example, as sending SMS messages will potentially incur additional cost on the users end, indicating the SMS permissions in the AndroidManifest.xml le will let the user decide whether to allow the application to install or not. In the AndroidManifest.xml le,we add the two permissions - SEND SMS and RECEIVE SMS. Next, in the SecureSMSMessaging activity, we wire up the Button view so that when the user clicks on it, we will check to see that the phone number of the recipient and the message is entered before we send the message using the sendSMS() function. To send an SMS message, we would require the use the SmsManager class. Unlike other classes, we do not directly instantiate this class; instead we call the getDefault() static method to obtain an SmsManager object. We obtain the SMS to be sent from the editext box of the GUI and perform the required operation on it (Encrypt it for the rst application and generating tag bits in the second application) The sendTextMessage() method then sends the SMS message (either encrypted or with tag bits) with a PendingIntent. The PendingIntent object is used to identify a target to invoke at a later time. For example, after sending the message, we can use a PendingIntent object to display another activity. In this case, the PendingIntent object (pi) is simply pointing to the same activity (SMS.java), so when the

HANDLING SMS IN ANDROID

SMS is sent, nothing will happen. Our code uses a PendingIntent object (sentPI) to monitor the sending process. When an SMS message is sent, the rst BroadcastReceivers onReceive event will re. This is where we check the status of the sending process. The second PendingIntent object (deliveredPI) monitors the delivery process. The second BroadcastReceivers onReceive event will re when an SMS is successfully delivered. When an SMS is sent successfully, it will display a SMS sent message. When it is successfully delivered, it will display a SMS delivered message.

8.2

Receiving SMS Messages

Besides programmatically sending SMS messages, we also intercept incoming SMS messages using a BroadcastReceiver object. In the AndroidManifest.xml le we add the receiver element so that incoming SMS messages can be intercepted by the SmsReceiver class. When SMS messages are received, the onCreate() method will be invoked. The SMS message is contained and attached to the Intent object (intent - the second parameter in the onReceive() method) via a Bundle object. The messages are stored in an Object array in the PDU format. To extract each message, you use the static createFromPdu() method from the SmsMessage class. The SMS message is then displayed using the Toast class.

8.3

Other Operations Involved

We also make use of android:exported which indicates that the SmsReceiver class must receive event not only from the application but also from the whole Android system and android:priority=999 which indicates that receiver has the highest priority and will catch the SMS event before the system. In the second application for SMS authentication we make use of this and modify the incoming SMS before putting it in the database by removing the tag and prevent reception of the message in case of an authentication failure. For viewing the decrypted message we have dened an onclick method which collects the message and displays it using a dialog box along with the option of Replying and Forwarding the message. We have also provided an option for changing the key used. The key needs to be same for the sender and reciever for correct decryption. The

CONCLUSION

key is stored inside the android OS internal memory such that a malicious user cannot alter it.

Conclusion

Going by the recent trend the android market is developing at 35%. This application will provide many users the security they desire in their messaging application. Here we have created two Android Applications for dealing with security and authenticity in which we have correctly implemented the AES algorithm for both encryption and decryption as well as the CMAC mode of implementation. Further we plan to make a more attractive user interface as well as test the application against more rigorous test cases.

References
[1] Wei-Meng Lee, Beginning Android Application Development. [2] Federal Information Processing Standards Publication 197 , Advanced Encryption Standard (AES) . [3] Morris Dworkin, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 [4] http://developer.android.com/. [5] http://www.android.com/. [6] http://www.barebonescoder.com/. [7] http://www.droidnova.com/.