Building secure user-to-user messaging in mobile telecommunication networks

Short Message Service (SMS) and Multimedia Message Service (MMS) are popularly used and will be more popular in the future. However, the security of SMS and MMS messages is still a problem. There is no end-to-end security (including integrity, confidentiality, authentication, and non- repudiation) in these services. This hinders service providers to provide some services that require communication of high-level security. There have been some solutions proposed for this issue in literature, but these are not suitable for user-to-user communication. In this paper, we review existing solutions and analyze their weaknesses. We then propose a new solution for a secure messaging channel using identity-based cryptography. This solution provides end-to-end security from service provider to mobile users, and between mobile users. The advantage of this solution is that it does not require a large storage on mobile terminal side, which is especially essential for user-to-user communication. Also this solution can be implemented with existing technologies on both service provider side and mobile terminal side. We concentrate the discussion on SMS service in details, while the scheme also works for MMS service.