International Journal of Technology Enhancements and Emerging Engineering Research (ISSN 2347-4289)

IJTEEE >> Volume 1 - Issue 3, October 2013 Edition

International Journal of Technology Enhancements and Emerging Engineering Research  
International Journal of Technology Enhancements and Emerging Engineering Research

Website: http://www.ijteee.org

ISSN 2347-4289

Security Perspectives For USSD Versus SMS In Conducting Mobile Transactions: A Case Study Of Tanzania

[Full Text]



Baraka W. Nyamtiga, Anael Sam, Loserian S. Laizer



Keywords : Authentication ; Encryption ; GSM; Mobile Banking; Security; SMS; USSD



ABSTRACT: Performing transactions using mobile devices is increasing rapidly in developing countries, Tanzania inclusive. USSD and SMS are among the technologies widely used in conducting mobile transactions. These two technologies have their strengths and weaknesses from perspectives of security of systems. They both utilize GSM Services and GSM Security is known to have inherent flaws in its encryption and authentication algorithms. A description for these platforms is given in this paper of what they are, their modes of operations, and an evaluation of their security as related to mobile banking systems. From the evaluations made; this paper suggests a method that is more secure for use in mobile banking systems. As a solution we propose some security features being added to the existing systems in order to improve data confidentiality, message integrity and user authenticity. The suggestions are based on the capabilities for the technology to accommodate these additional features to protect data that will supplement the protection offered by the GSM.



[1] Marvels, M. Mobile Marvels: The Economist. 2009 [cited 2013 11 August]; Available from: http://www.economist.com/node/14483896.

[2] Emmanuel, A. and B. Jacobs, Mobile Banking in Developing Countries: Secure Framework for Delivery of SMS-banking Services. 2007, Citeseer.

[3] Biryukov, A. and A. Shamir, Real time cryptanalysis of the alleged A5/1 on a PC. 1999.

[4] Barkan, E., E. Biham, and N. Keller, Instant ciphertext-only cryptanalysis of GSM encrypted communication, in Advances in Cryptology-CRYPTO 2003. 2003, Springer. p. 600-616.

[5] Toorani, M. and A. Beheshti. Solutions to the GSM security weaknesses. in The Second International Conference on Next Generation Mobile Applications, Services and Technologies, 2008. NGMAST'08. 2008: IEEE.

[6] Kaur, G., P. Kaur, and K.K. Saluja, A Review of Security issues and mitigation Measures in GSM. International Journal of Research in Engineering & Applied Sciences, 2012. Volume 2(Issue 2 (February 2012)): p. 16.

[7] Brown, J. and E. Cecchetti, Attacking the Phone. 2012.

[8] Zhang, F., H.-W. Yang, and C. Song. A security scheme of SMS system. in Asia-Pacific Optical Communications. 2005: International Society for Optics and Photonics.

[9] Van der Merwe, P.B., Mobile Commerce over GSM: A Banking Perspective on Security. 2003, University of Pretoria.

[10] Medani, A., et al., Review of mobile short message service security issues and techniques towards the solution. Scientific Research and Essays, 2011. 6(6): p. 1147-1165.

[11] Krugel, G.T., Mobile Banking Technology Options. FinMark Trust, 2007.

[12] Sanganagouda, J., USSD: A communication Technology to Potentially ouster SMS Dependency. 2011, ARICENT.

[13] Desai, S., Mitigating Security Risks in USSD-Based Mobile Payment Applications. 2011, AUJAS: Bangalore.

[14] Taskin, E., GSM MSC/VLR Unstructured Supplementary Service Data (USSD) Service. 2012, Uppsala University.

[15] Gupta, P., End to End USSD System. 2010, Tata Teleservices Ltd: India.

[16] Chong, M.K., Security of mobile banking: Secure SMS banking. Data Network Architectures Group. University of Cape Town, South Africa, 2006.