Secure SMS (SSMS)
The relationship between Secure SMS (SSMS) and SMS is analogous to the relationship between
Secure RTP (SRTP) and the Real-time Transport Protocol(RTP). SSMS provides integrity,
conﬁdentiality, andreplayprotection forSMS messageslike SRTP does forRTPmedia streams. The
security of SSMS is built on a single, externallyprovided,master key that is analogous to the SRTP
master key. KAPS is the preferred method for this external key agreement, but other methods such
as PKI or a password based key derivation scheme may also be used.
Rather than duplicating eﬀorts, SSMS relies upon the robust message delivery and error cor-
rection properties of the Short Message Service. Since SMS is built on top of the network control
channel for mobile phones (Signaling System #7), the error correction and delivery properties of
SMS can berelied upon with the samedegreeofconﬁdenceas the mobilenetwork itself. SecureSMS
simpliﬁes the construction ofsecuresystems byabstracting awaythe details ofmessage securityonce
ashared secret has been established (much like SRTP does for RTP). For simplicity, SSMS takes a
single master key as input, and internally derives all other key material needed for security.
For eﬃciency reasons SSMS superimposes the concept of sessions on top of the Short Message
Service. This saves us from having to perform an expensive key agreement for every message. The
sessions are unidirectional, meaning that two sessions with separate key material must be opened
for bidirectional conversation. Key material for each direction, however, can be derived from the
same shared secret. Within the session,sequence numbers and roll over counters are used to detect
out of order messages and replay attempts.
SSMS makes use ofsome SMS features unique to the GSM standard for protocol disambiguation
and transportation of binary payloads. Messages are sent as SMS Protocol Data Units (PDUs)