Sie sind auf Seite 1von 8 www.chetanasprojects.




It is predicted that mobile applications and devices will become an integral part of communication and personal management in our lives by the turn of the new decade. The present generation of mobiles is not equipped with sufficient security features for use in sensitive communications such as mobile payment and private data transfers. This paper proposes a new method of data connectivity utilizing existing protocols to execute high-end tasks like e-commerce and mobile banking in a secure and efficient manner. It proposes the merger of two existing security protocols, RSA encryption with short message service (SMS), and the resulting communication mode, made secure with techniques such as obfuscation and random key generation to materialize into an integrated application. The resulting application is utilized to ensure secure transfer of sensitive and confidential data in applications like mobile payment, secure message broadcast and secure data storage in mobile communications. The same technique can also be incorporated into future generations of mobile devices as a parallel mode of secure data transfer. It is envisaged that the success of such a project would radically change the arena of mobile banking and mobile commerce.

Such a scenario would also involve financial transactions and other sensitive communications to be carried out on the integrated mobile device (IMD). Privacy and data authentication are the core requirements of such data transfers. The present generation mobile communications mostly involve mobile phones, which are used primarily for voice calls. The processing power inside the mobile phone is limited and by no means large. On the other hand, the mobile devices which use connectivity with the internet have high processing power and large data storage capacity which makes them expensive and in the reach of very few. The number of mobile phones, which utilize Internet to carry out financial transactions, is further very less. Hence, very few mobile phones have the capability to utilize electronic commerce. However, the present day mobile phones connect to the web through indirect means like the Short Messaging Service. The advent of commerce and banking into the World Wide Web has created a window of opportunity for people across the world. Internet banking is changing the way in which businesses operate. However, the security of transactions on the web has repeatedly come into open question. Many firms that provide security for computers have acknowledged the presence of security threats in financial transactions involving the Internet. Sensitive and private data such as the data transferred in financial transactions need to be protected. The organizations that provide electronic banking and commerce on the web presently utilize encryption techniques to provide security to their data.

I. Introduction As the world progresses towards a more connected society, the role of mobile devices like the mobile phone, Personal Digital Assistant (PDA), etc., is set to increase multifold. It is predicted that an integrated mobile device, which would perform multiple tasks of communication, data storage and entertainment, would be developed. However, this level of security requires high amount of data storage and processor capabilities. Mobile banking or Mobile commerce needs a much less resource consuming and more secure method of data transmission. This paper aims to analyze the methods in which a high security encryption technique be incorporated into a mobile device such as a mobile phone utilizing the minimalist resources and blend the mobile device into utilizing the power of electronic commerce. II ENCRYPTION. 1. Overview The technique of encryption is an old concept. It basically involves the morphing of the input data (original data) to an intermediate form (encrypted data), which can be transmitted to the destination. At the destination, a known rule or formula can retrieve the input data from the encrypted data. The strength of the encryption depends on the toughness of the encryption to decipher. That is, tapping into the data transfer alone would not be able to produce information regarding the data that is transmitted. The encrypted data can only be retrieved when the key (cipher), is available to the person who decrypts the data. 2. RSA Encryption Encryption widely popular in todays electronic data transmission is the RSA encryption. The algorithm was described in 1977 by Ron Rivest, Adi Shamir and Len Adleman at MIT. RSA uses exponentiation modulo, a product

of two large primes to encrypt and decrypt, performing both public key encryption and public key digital signature, and its security is based on the presumed difficulty of factoring large integers [4]. This encryption is widely used in transmitting sensitive data such as passwords, account details and online transactions on the Internet. The strength of an RSA encryption is represented in bits. Higher the strength of encryption, higher is the bit number of the encryption. The following flowchart gives the encryption algorithm. 3. RSA encryption: an illustration a.) Encryption Start Input prime numbers p, q, and data to be encrypted m. Calculate

Assume some integer

d e = mod( (n))

Compute d such that

encrypt ( m) = m e m od( n) = x

Transmit encrypted data, n, e. Stop. Figure-1

a =b m od( c ) means that the difference

encryption. Hence, for high security, the prime numbers p and q need to be very large. be noted that The encryption process is demonstrated in a small example given below: 4. An illustrative example. Assume the two prime numbers p and q to be 61 and 53. Then, n = 3233 Assume e = 17 Then, d = 2753 Put m= 123 Now on encryption,
x = 123 17 mod 3233 = 855



between two integers a and b is an integral multiple of another integer c. The following flowchart describes the process of decryption in the RSA algorithm.

b.) Decryption Start

Input encrypted data, n, and e.

decrypt ( x ) = x mod( n) = m

This encrypted data 855 is sent over the to the destination. On receiving the encrypted data, the receiver decrypts the data using the logic mentioned above.
m = 855 2753 mod( 3233 ) = 123

Compute m

Stop Figure-2 Evidently, to calculate d from the available data n requires a complex calculation involving factors of several numbers. The example given is not implemented using such small numbers, as they can be easily calculated. The strength of the RSA encryption depends on the number of possible keys to a piece of encrypted data. The higher number of possible keys, the more difficult it is to break the

Hence the data is decrypted. However, the example numbers taken in the above example are hypothetically small and are only for illustrative purposes. The actual encryption is carried out on much larger numbers, often numbers which have number of digits in it in higher powers of two. This ensures the encryption is not broken by brute force attacks to recover the cipher key [5]. 5. Encryption strength. The encryption of RSA is limited by only the ability to perform very large computational calculations. Typically, a 128-bit encryption using RSA keys is equivalent to a 40-bit encryption using conventional symmetric encryption techniques. The number 128 bit indicates that there are 2128 possible keys for decryption [4]. Hence, higher the bit number, higher the security. This form of encryption has a distinct advantage that it is highly secure and for a fixed cipher formula, it consumes relatively low resources. III. MOBILE NETWORKS 1. Modes of data transmission. Mobile networks transfer data within their network by different ways. Some of them include general voice transmission, short messaging service (SMS), multimedia messaging service (mms) etc.; all the methods utilize encryption to a certain extent. Every call is made secure by an authentication key for the mobile phone, an authentication key for the mobile network and a session key. An algorithm known as A5 encrypts the actual voice signal. This encryption is available only in GSM networks. A8 and A3 algorithms encrypt the authentication and session keys. The higher the number, higher is its encryption strength. However, the encryption in mobiles is weak and there have been reports that the encryption has been deciphered [3]. 2. SMS. The networks in several mobile services have an indirect method of connecting the mobile phones in their network to the Internet. The mobile phones use short messaging service to connect to a pre-defined address, which could be a server or a port to the Internet. The communication in a mobile network through sms is insecure, but is very efficient in terms of processing and transfer efficiency. The communication of mobile networks with fixed ports

greatly enhances the ability of the mobile phone as a data organizer. Presently, SMS encryption is available to a select range of mobiles to ensure privacy during data transfer [2]. 3. Connectivity to the Internet. Mobile phones that use GPRS, EGDE and other modes of connecting to the Internet have application software built into them. The applications are based on a computer based connection to the Internet and hence posses the insecurity inherent to communications between two computers. The mobile phones, which use these applications, require high processing power to enable the communication to be carried out in a secure manner. The mobile networks that offer services to the mobiles mentioned above, need to offer considerable speeds to achieve stable data transfer. Hence, multiple factors like these adversely affect the efficiency of operating a mobile connected to the Internet in much same way as the desktop computer for communication and data transfer. IV. ENCRYPTION NETWORKS IN MOBILE

1. Challenges in the application of encryption in mobile devices. Encryption in mobile devices face two important challenges. First, the resources offered by a mobile phone are low compared to conventional processors. Since mobiles are highly integrated devices, the processing power of the mobiles is limited and is by no means large. Conventional desktop computers on which RSA is generally used have a typical processor speed in the order of GHz. Mobile phones on the other hand; have the speeds in the order of a few hundred MHz. Even the advanced mobiles offered by the manufacturers have a processor speed of 220 MHz [6]. The memory available for access is also very low usually below 50 MB of RAM (random access memory). Hence, the program that uses encryption on mobile phones has to be resource efficient to a very high extent. The question of security on a mobile network needs to be addressed. Mobile phones operate on a definite band of frequency. Encryption algorithms such as A8, A5 and A3 provide data security to mobile networks. However, in practice, authentication is seldom invoked and the session key remains unaltered for several days for a mobile phone [3]. Even the A5, A8 algorithms are not hugely difficult to decrypt. Recent reports indicate that mobile phone conversations have been tapped with relative ease and private data compromised [2].

V. A PROCESS FOR INTEGRATION OF ENCRYPTION INTO MOBILE COMMUNICATIONS. The following process is proposed for the integration of RSA encryption into mobile devices and its subsequent specifications. The first step involves the linking up of online bank accounts and other commercial enterprises including merchandise to a distributed network of servers that serve as ports for the mobile network in order to connect to the individual networks [1]. A centralized server is discouraged because of inherent security flaws and lower efficiency in terms of resource utilization. The second step is to seed the RSA encryption technique into the mobile phones. In order to achieve this, java applications and applets currently in vogue need to be incorporated into the mobile device. The program should be highly resource efficient, for, Encryption requires high processing power. The third step is to solve the problem of resource management and efficiency without compromising security. This is perhaps the single most important function of the proposed application. Taking note of the low resources of the mobile device, it is necessary to encrypt the data at low bit encryptions such as 64,128 or at the most 256 bit encryption. This could compromise security of the data if it is low enough for breaking the encryption. Hence, indirect measures to ensure

The actual challenge will be to incorporate a software application that utilizes the resources present on a mobile phone to the maximum extent and provide high data security to sensitive data. This paper proposes a five-step process for a successful integration of advanced web technologies such as e banking and commerce into mobile phones of the present day. privacy of data are needed. Methods such as random key generation for the actual RSA key itself and random session key generation are suggested. Non-linear time variant keys are to be generated to ensure the key to RSA key is not compromised. Such measures enhance the data security, without using huge amount of resources. It is however inevitable that the speed of operation would be comparatively low in mobile phones compared to conventional computers. The fourth step is to ensure that the mobile networks implement security measures in accordance with the RSA encryption standard. It is to be noted that the RSA encryption demands a higher level of security as the data transferred in this case is very sensitive. It is advisable to replace the existing A5, A8and A3 algorithms which algorithms of better strength such as RSA or Elliptic curve cryptography for encryption of sensitive data transfers. It is to be noted that the servers or ports which participate in the process have very high security and four digit bit encryption to ensure security. The final step is to ensure privacy of data on the mobile phone itself. Since the mobile device is used for storing private data, the private data on the device needs to be encrypted. This is achieved again by utilizing RSA. The actual java application also needs to be encrypted. The process is known as Obfuscation, which makes the java application unreadable for humans and ciphering requires brute force attack using a powerful computer [4]. However the security here can be lower, owing to the fact that excessive encryption adversely affects the speed of operation and the protection against the attempts to

access the device itself are more physical in nature. VI. APPLICATIONS OF ENCRYPTED DATA TRANSFER IN MOBILE COMMUNICATIONS. The applications of an encrypted data transfer enabled in a mobile phone have a large range of possibilities for applications. The foremost is mobile banking, where transactions involving large finances can be carried out with ease and in a secure method [1]. Second, the possibilities for mobile merchandise are present. Hence, the scope of mobile device as a communication tool is enlarged to a very large extent. Third, the encryption can be used to transfer private and confidential information securely over the mobile network. The fourth application is to use the device for securing personal information for security reasons.

VII. CONCLUSION The next generation of mobile devices that are expected to come into production perform multiple tasks of communication, data storage and entertainment. The estimated cost of such devices is relatively very high compared to the present day mobile phones. The successful implementation of the aforesaid process to upgrade the existing mobile phones to a mobile financial transaction assistant will go a long way in ensuring the security and privacy of confidential information to be transferred. The banking and commerce applications are expected to be successful because of the ease with which transactions can be performed on the mobile device. Analogous to the technology which uses the mobile to download ring tones in the present day mobiles, the mobile banking or m banking and mcommerce will further one more step in mans quest for progress. REFERENCES 1. [1] Mobile payment: A journey through existing procedures and standardization initiatives, Stamatis karnouskos and Fraunhofer fokus, IEEE communication surveys,4th quarter 2004 vol 6, no.4. 2. [2] Secure SMS messaging using Quasigroup encryption and java

SMS API, marko hassineni and sinile markovski. 3. [3] Security in the GSM systems, Gereme Quirke 4. [4] RSA encryption, wikipedia, 5. [5] An introduction to cryptography, Richard Mollin 6. [6] Specifications page, nokia, http://