CircleTech Corporation has developed special software for SMS protection – SMS 007 system. It uses standards SHA-2 and AES and fulfills all requirements stated in previous paragraphs.
Messages between two SMS 007 users are encrypted using AES and a key derived from a mutually exchanged password (passphrase). An adversary which monitors the communication seems only a senseless sequence of binary data, and is unable to decrypt them without the password. In case of a good password, this would take billions of years.
The keys for communication with other users are saved in the phone as encrypted („the keyring“), and the „main application password“ is used for their encryption. Therefore there is no need to remember the passwords, only the „main application password“. Also, the keys (passwords) can be changed very easily, when the two sides agree upon new ones. This gives the users an opportunity to alter keys regularly - say, every week.
Any encrypted message exchanged between two SMS 007 users includes a special security code (MAC) based on SHA-2 standard. This code prevents anyone in the network from altering contents of the message. If a single bit is changed, the message's code will not match anymore and the receiving user will be notified about decryption failure.
Successful decryption of a received message is also a proof of the fact that the sending person has the correct key. Without knowledge of the key, the adversary is unable to generate a message which would decrypt into correct text on the receiving side. Therefore, the fact that a message has been really sent by its author, is ensured.
All received and sent messages of SMS 007 system, which are saved into the phone, are protected by encryption, with use of SHA-2 and AES standards, and a key derived from the „main application password“, selected by the user. At each start, SMS 007 asks for the „main application password“. Without it, it cannot decrypt the data correctly. Any adversary which gets access to your saved data will need to guess the correct „main application password“ as well. In case of a good password, checking of all possibilities will také billions of years.
SMS 007 has its own contact list, independent of the main contact list in the phone. This contact list is also protected from reading, in the same way as the saved messages are – with use of SHA-2, AES and „main application password“.
Therefore, if a SMS 007 – enabled phone falls into hands of an adversary, this adversary will not be able to find even with whom the messages have been exchanged. This is especially important if you want to hide the very fact that you communicate with someone.
Next chapter: | Additional functionality for users |
Previous chapter: | Practical cryptography |