Skip to main content
SpringerLink
Log in

Design of a password-based authenticated key exchange protocol for SIP

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. In recent years, password-based authenticated key exchange protocols are designed to provide strong authentication for SIP. In this paper, we address this problem in two-party setting where the user and server try to authenticate each other, and establish a session key using a shared password. We aim to propose a secure and anonymous authenticated key exchange protocol, which can achieve security and privacy goal without increasing computation and communication overhead. Through the analysis, we show that the proposed protocol is secure, and has computational and computational overheads comparable to related authentication protocols for SIP using elliptic curve cryptography. The proposed protocol is also provably secure in the random oracle model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Abdalla M, Pointcheval D (2005) Interactive diffie-hellman assumptions with applications to password-based authentication. In: Financial Cryptography and Data Security. Springer, pp 341–356

  2. Arkko J, Torvinen V, Camarillo G, Niemi A, Haukka T (2003) Security mechanism agreement for sip sessions, draft-ietfsip-sec-agree-04. txt

  3. Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178

    Article  Google Scholar 

  4. Arshad H, Nikooghadam M (2014) An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc, Multimedia Tools and Applications, pp 1–17. doi:10.1007/s11042-014-2282-x

  5. Bellare M, Canetti R, Krawczyk H (1996) Keying hash functions for message authentication. In: Advances in Cryptology (CRYPTO’96). Springer, pp 1–15

  6. Boyd C, Mao W (1994) On a limitation of ban logic. In: Advances in CryptologyEUROCRYPT93. Springer, pp 240–247

  7. Burrows M, Abadi M, Needham RM (1989) A logic of authentication, Proceedings of the Royal Society of London. A Math Phys Sci 426(1871):233–271

    Article  MathSciNet  MATH  Google Scholar 

  8. Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  MATH  Google Scholar 

  9. Durlanik A, Sogukpinar I (2005) Sip authentication scheme using ecdh. World Enformatika Socity Transations on Engineering Computing and Technology 8:350–353

    Google Scholar 

  10. Farash M (2014) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security, Peer-to-Peer Networking and Applications, pp 1–10. doi:10.1007/s12083-014-0315-x

  11. Farash M, Attari M (2014) A provably secure and efficient authentication scheme for access control in mobile pay-tv systems. Multimed Tools Appl:1–20. doi:10.1007/s11042-014-2296-4

  12. Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inf Technol Control 42(4):333–342

    Google Scholar 

  13. Gokhroo M, Jaidhar C, Tomar A (2011) Cryptanalysis of sip secure and efficient authentication scheme. In: IEEE 3rd International Conference on Communication Software and Networks (ICCSN-2011). IEEE, pp 308–310

  14. He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf Fusion 13(3):223–230

    Article  Google Scholar 

  15. He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429

    Article  Google Scholar 

  16. He D, Kumar N, Chen J, Lee Cc, Ilamkurti NC, Yeo SS (2013) Robust anonymous authentication protocol for health-care applications using wireless. Med Sensor Netw 21(1):49–60

    Google Scholar 

  17. Huang H-F, Wei W-C (2006) A new efficient authentication scheme for session initiation protocol. Computing 1(2):1–3

    Google Scholar 

  18. Irshad A, Sher M, Rehman E, Ch S, Hassan M, Ghani A (2013) A single round-trip sip authentication scheme for voice over internet protocol using smart card, Multimedia Tools and Applications, pp 1–18. doi:10.1007/s11042-013-1807-z

  19. Islam SH (2014) Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dyn 78(3):2261–2276

    Article  MathSciNet  Google Scholar 

  20. Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang et al., International Journal of Communication Systems. doi:10.1002/dac.2767

  21. Jo H, Lee Y, Kim M, Kim S, Won D (2009) Off-line password-guessing attack to Yang’s and Huang’s authentication schemes for session initiation protocol. In: Fifth International Joint Conference on INC, IMS and IDC (NCM ’09), pp 618–621. doi:10.1109/NCM.2009.251

  22. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209

    Article  MathSciNet  MATH  Google Scholar 

  23. Miller VS (1986) Use of elliptic curves in cryptography. In: Advances in Cryptology (CRYPTO’85). Springer, pp 417–426

  24. Mishra D, Mukhopadhyay S (2013) Cryptanalysis of Pairing-Free Identity-Based Authenticated Key Agreement Protocols. In: Inf Syst Secur. LNCS, pp 247–254

  25. Pu Q (2010) Weaknesses of sip authentication scheme for converged voip networks. IACR Cryptol ePrint Arch 2010:464

    Google Scholar 

  26. Riaz S, Lee S-W (2014) A robust multimedia authentication and restoration scheme in digital photography. Multimed Tools Appl 73(3):1291–1321. doi:10.1007/s11042-013-1592-8

    Article  Google Scholar 

  27. Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R, Handley M, Schooler E, et al. (2002) Sip: session initiation protocol, Technical Report, RFC 3261, Internet Engineering Task Force

  28. Salsano S, Veltri L, Papalilo D (2002) Sip security issues: the sip authentication procedure and its processing load. IEEE Netw 16(6):38–44

    Article  Google Scholar 

  29. Secure Hash Standard (1995) FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce

  30. Syverson P, Cervesato I (2001) The logic of authentication protocols. In: Foundations of Security Analysis and Design. Springer, pp 63–137

  31. Thomas M et al (2001) IETF Intemet dren (draftthomas-sip-sec-reg’OO. txt, Sip security requirements

  32. Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. IJ Netw Secur 9(1):12–16

    Google Scholar 

  33. Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card, Peer-to-Peer Networking and Applications, pp 1936–6442. doi:10.1007/s12083-014-0248-4

  34. Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ecc. Comput Stand Interf 31(2):286–291

    Article  Google Scholar 

  35. Wu S, Pu Q, Kang F (2013) Practical authentication scheme for sip. Peer-to-Peer Netw Appl 6(1):61–74

    Article  Google Scholar 

  36. Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54

    Article  Google Scholar 

  37. Xu J, Zhu W-T, Feng D-G (2009) An improved smart card based password authentication scheme with provable security. Comput Stand Interfaces 31(4):723–728

    Article  Google Scholar 

  38. Yang C-C, Wang R-C, Liu W-T (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386

    Article  Google Scholar 

  39. Yeh H-L, Chen T-H, Shih W-K (2014) Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Comput Stand Interf 36(2):397–402

    Article  Google Scholar 

  40. Yi X, Zheng G, Li M, Ma H, Zheng C (2014) Efficient authentication of scalable media streams over wireless networks. Multimed Tools Appl 71(3):1913–1935. doi:10.1007/s11042-012-1324-5

    Article  Google Scholar 

  41. Yoon E-J, Yoo K-Y, Kim C, Hong Y-S, Jo M, Chen H-H (2010) A secure and efficient sip authentication scheme for converged voip networks. Comput Commun 33(14):1674–1681

    Article  Google Scholar 

  42. Yoon E-J, Shin Y-N, Jeon I-S, Yoo K-Y (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27(3):203–213

    Article  Google Scholar 

  43. Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card, International Journal of Communication Systems. doi:10.1002/dac.2499

  44. Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong H-Y (2014) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography, Multimedia Tools and Applications, pp 1–12. doi:10.1007/s11042-014-1885-6

Download references

Conflict of interests

The author declares that he has no conflict of interest.

Author information

Authors and Affiliations

  1. Department of Mathematics, The LNM Institute of Information Technology, Jaipur, 302031, India

    Dheerendra Mishra

Authors
  1. Dheerendra Mishra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dheerendra Mishra.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mishra, D. Design of a password-based authenticated key exchange protocol for SIP. Multimed Tools Appl 75, 16017–16038 (2016). https://doi.org/10.1007/s11042-015-2911-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-015-2911-z

Keywords

Search

Navigation