On the security verification of a short message service protocol

Abstract

Short Message Service (SMS) is a text messaging service component of smart phones, web, or mobile communication systems which requires a high level of security to provide user authentication and data confidentiality. To provide such security features, a high security communication protocol for SMS, called Message Security Communication Protocol (MSCP) was proposed. In this paper, MSCP is formally analyzed using an automated logic-based verification tool with attack detection capabilities. The performed formal verification reveals that the proposed protocol is susceptible to parallel session and denial-of-service (DoS) attacks. The reasoning why these attacks are possible is detailed and an amended protocol is proposed to counter the identified attacks. Formal verification of the amended protocol provides confidence regarding the correctness and effectiveness of the proposed modifications.