Abstract
The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. In recent years, password-based authenticated key exchange protocols are designed to provide strong authentication for SIP. In this paper, we address this problem in two-party setting where the user and server try to authenticate each other, and establish a session key using a shared password. We aim to propose a secure and anonymous authenticated key exchange protocol, which can achieve security and privacy goal without increasing computation and communication overhead. Through the analysis, we show that the proposed protocol is secure, and has computational and computational overheads comparable to related authentication protocols for SIP using elliptic curve cryptography. The proposed protocol is also provably secure in the random oracle model.
Similar content being viewed by others
References
Abdalla M, Pointcheval D (2005) Interactive diffie-hellman assumptions with applications to password-based authentication. In: Financial Cryptography and Data Security. Springer, pp 341–356
Arkko J, Torvinen V, Camarillo G, Niemi A, Haukka T (2003) Security mechanism agreement for sip sessions, draft-ietfsip-sec-agree-04. txt
Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178
Arshad H, Nikooghadam M (2014) An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc, Multimedia Tools and Applications, pp 1–17. doi:10.1007/s11042-014-2282-x
Bellare M, Canetti R, Krawczyk H (1996) Keying hash functions for message authentication. In: Advances in Cryptology (CRYPTO’96). Springer, pp 1–15
Boyd C, Mao W (1994) On a limitation of ban logic. In: Advances in CryptologyEUROCRYPT93. Springer, pp 240–247
Burrows M, Abadi M, Needham RM (1989) A logic of authentication, Proceedings of the Royal Society of London. A Math Phys Sci 426(1871):233–271
Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208
Durlanik A, Sogukpinar I (2005) Sip authentication scheme using ecdh. World Enformatika Socity Transations on Engineering Computing and Technology 8:350–353
Farash M (2014) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security, Peer-to-Peer Networking and Applications, pp 1–10. doi:10.1007/s12083-014-0315-x
Farash M, Attari M (2014) A provably secure and efficient authentication scheme for access control in mobile pay-tv systems. Multimed Tools Appl:1–20. doi:10.1007/s11042-014-2296-4
Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inf Technol Control 42(4):333–342
Gokhroo M, Jaidhar C, Tomar A (2011) Cryptanalysis of sip secure and efficient authentication scheme. In: IEEE 3rd International Conference on Communication Software and Networks (ICCSN-2011). IEEE, pp 308–310
He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf Fusion 13(3):223–230
He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429
He D, Kumar N, Chen J, Lee Cc, Ilamkurti NC, Yeo SS (2013) Robust anonymous authentication protocol for health-care applications using wireless. Med Sensor Netw 21(1):49–60
Huang H-F, Wei W-C (2006) A new efficient authentication scheme for session initiation protocol. Computing 1(2):1–3
Irshad A, Sher M, Rehman E, Ch S, Hassan M, Ghani A (2013) A single round-trip sip authentication scheme for voice over internet protocol using smart card, Multimedia Tools and Applications, pp 1–18. doi:10.1007/s11042-013-1807-z
Islam SH (2014) Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dyn 78(3):2261–2276
Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang et al., International Journal of Communication Systems. doi:10.1002/dac.2767
Jo H, Lee Y, Kim M, Kim S, Won D (2009) Off-line password-guessing attack to Yang’s and Huang’s authentication schemes for session initiation protocol. In: Fifth International Joint Conference on INC, IMS and IDC (NCM ’09), pp 618–621. doi:10.1109/NCM.2009.251
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209
Miller VS (1986) Use of elliptic curves in cryptography. In: Advances in Cryptology (CRYPTO’85). Springer, pp 417–426
Mishra D, Mukhopadhyay S (2013) Cryptanalysis of Pairing-Free Identity-Based Authenticated Key Agreement Protocols. In: Inf Syst Secur. LNCS, pp 247–254
Pu Q (2010) Weaknesses of sip authentication scheme for converged voip networks. IACR Cryptol ePrint Arch 2010:464
Riaz S, Lee S-W (2014) A robust multimedia authentication and restoration scheme in digital photography. Multimed Tools Appl 73(3):1291–1321. doi:10.1007/s11042-013-1592-8
Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R, Handley M, Schooler E, et al. (2002) Sip: session initiation protocol, Technical Report, RFC 3261, Internet Engineering Task Force
Salsano S, Veltri L, Papalilo D (2002) Sip security issues: the sip authentication procedure and its processing load. IEEE Netw 16(6):38–44
Secure Hash Standard (1995) FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce
Syverson P, Cervesato I (2001) The logic of authentication protocols. In: Foundations of Security Analysis and Design. Springer, pp 63–137
Thomas M et al (2001) IETF Intemet dren (draftthomas-sip-sec-reg’OO. txt, Sip security requirements
Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. IJ Netw Secur 9(1):12–16
Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card, Peer-to-Peer Networking and Applications, pp 1936–6442. doi:10.1007/s12083-014-0248-4
Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ecc. Comput Stand Interf 31(2):286–291
Wu S, Pu Q, Kang F (2013) Practical authentication scheme for sip. Peer-to-Peer Netw Appl 6(1):61–74
Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54
Xu J, Zhu W-T, Feng D-G (2009) An improved smart card based password authentication scheme with provable security. Comput Stand Interfaces 31(4):723–728
Yang C-C, Wang R-C, Liu W-T (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386
Yeh H-L, Chen T-H, Shih W-K (2014) Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Comput Stand Interf 36(2):397–402
Yi X, Zheng G, Li M, Ma H, Zheng C (2014) Efficient authentication of scalable media streams over wireless networks. Multimed Tools Appl 71(3):1913–1935. doi:10.1007/s11042-012-1324-5
Yoon E-J, Yoo K-Y, Kim C, Hong Y-S, Jo M, Chen H-H (2010) A secure and efficient sip authentication scheme for converged voip networks. Comput Commun 33(14):1674–1681
Yoon E-J, Shin Y-N, Jeon I-S, Yoo K-Y (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27(3):203–213
Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card, International Journal of Communication Systems. doi:10.1002/dac.2499
Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong H-Y (2014) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography, Multimedia Tools and Applications, pp 1–12. doi:10.1007/s11042-014-1885-6
Conflict of interests
The author declares that he has no conflict of interest.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mishra, D. Design of a password-based authenticated key exchange protocol for SIP. Multimed Tools Appl 75, 16017–16038 (2016). https://doi.org/10.1007/s11042-015-2911-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-015-2911-z