Skip to main content
SpringerLink
Log in

A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. The proposed authentication in SIP is HTTP digest based authentication. Recently, Tu et al. presented an improvement of Zhang et al.’s smart card-based authenticated key agreement protocol for SIP. Their scheme efficiently resists password guessing attack. However, in this paper, we analyze the security of Tu et al.’s scheme and demonstrate their scheme is still vulnerable to user’s impersonation attack, server spoofing attack and man-in-the middle attack. We aim to propose an efficient improvement on Tu et al.’s scheme to overcome the weaknesses of their scheme, while retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Tu et al.’s scheme. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, the proposed scheme is comparable in terms of the communication and computational overheads with Tu et al.’s scheme and other related existing schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Arkko J, Torvinen V, Camarillo G, Niemi A, Haukka T (2002) Security mechanism agreement for sip sessions. draft-ietfsip-sec-agree-04. txt

  2. Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimedia Tools and Applications 66(2):165–178

    Article  Google Scholar 

  3. Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proceedings of the royal society of London. A Math Phys Sci 426(1871):233–271

    Article  MATH  MathSciNet  Google Scholar 

  4. Chuang YH, Tseng YM (2010) An efficient dynamic group key agreement protocol for imbalanced wireless networks. Int J Netw Manag 20(4):167–180

    Google Scholar 

  5. Das AK, Goswami A (2013) A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(3):1–16

    Article  Google Scholar 

  6. Das AK, Paul NR, Tripathy L (2012) Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf Sci 209(C):80–92

    Article  MATH  MathSciNet  Google Scholar 

  7. Durlanik A, Sogukpinar I (2005) Sip authentication scheme using ECDH. World Enformatika Socity Transations on Engineering Computing and Technology 8:350–353

    Google Scholar 

  8. Gokhroo M, Jaidhar C, Tomar A (2011) Cryptanalysis of sip secure and efficient authentication scheme. In: IEEE 3rd international conference on communication software and networks (ICCSN), pp 308–310. IEEE

  9. He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks 5(12):1423–1429

    Article  Google Scholar 

  10. Huang HF, Wei WC (2006) A new efficient authentication scheme for session initiation protocol. Computing 1:2

    Google Scholar 

  11. Irshad A, Sher M, Eid R, Ch SA, Hassan M, Ghani A (2002) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications

  12. Jiang Q, Ma J, Lu X, Tian Y (2014) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw Appl:1–12

  13. Jiang Q, Ma J, Tian Y Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. International Journal of Communication Systems (2014)

  14. Jo H, Lee Y, Kim M, Kim S, Won D (2009) Off-line password-guessing attack to yang’s and huang’s authentication schemes for session initiation protocol. In: Fifth international joint conference on INC, IMS and IDC, 2009 (NCM’09), pp. 618–621. IEEE

  15. Kim SJ, Kim BH Key exchange process of pim-sm-based for multiple group communication in p2p. Peer-to-Peer networking and applications, pp. 1–9 (2014). doi:10.1007/s12083-014-0274-2

  16. Madhusudhan R, Mittal R (2012) Dynamic id-based remote user password authentication schemes using smart cards: a review. J Netw Comput Appl 35 (4):1235–1248

    Article  Google Scholar 

  17. Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inf Sci 269 (C):270–285

    Article  MathSciNet  Google Scholar 

  18. Pu Q (2010) Weaknesses of sip authentication scheme for converged voip networks. IACR Cryptology ePrint Archive 2010 :464

    Google Scholar 

  19. Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R, Handley M, Schooler E et al (2002) Sip: session initiation protocol. Technical Report, RFC 3261, Internet engineering task force

  20. Salsano S, Veltri L, Papalilo D (2002) Sip security issues: the sip authentication procedure and its processing load. IEEE Netw 16 (6):38–44

    Article  Google Scholar 

  21. Secure Hash Standard FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, April 1995

  22. Shin S, Shon T, Yeh H, Kim K (2013) An effective authentication mechanism for ubiquitous collaboration in heterogeneous computing environment. Peer-to-Peer Netw Appl 1–8. doi:10.1007/s12083-013-0220-8

  23. Shin S, Yeh H, Kim K (2013) An efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks. Peer-to-Peer Networking and Applications. doi:10.1007/s12083-013-0218-2

  24. Srivastava K, Awasthi AK, Mittal R (2013) A review on remote user authentication schemes using smart cards. In: Quality, reliability, security and robustness in heterogeneous networks, pp 729–749. Springer

  25. Syverson P, Cervesato I (2001) The logic of authentication protocols. In: Foundations of security analysis and design. Springer, pp 63–137

  26. Thomas M et al (2001) Sip security requirements. IETF Intemet dren (draftthomas-sip-sec-reg’OO. txt)

  27. Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. IJ Netw Secur 9(1):12–16

    Google Scholar 

  28. Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl. doi:10.1007/s12083-014-0248-4

  29. Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ECC. Computer Standards & Interfaces 31(2):286–291

    Article  Google Scholar 

  30. Wu S, Pu Q, Kang F (2013) Practical authentication scheme for sip. Peer-to-Peer Netw Appl 6(1):61–74

    Article  Google Scholar 

  31. Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54

    Article  Google Scholar 

  32. Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Computers & Security 24(5):381–386

    Article  Google Scholar 

  33. Yang T, Lai C, Lu R, Jiang R (2014) EAPSG: Efficient authentication protocol for secure group communications in maritime wideband communication networks. Peer-to-Peer networking and applications. doi:10.1007/s12083-014-0251-9

  34. Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Computer Standards & Interfaces 36(2):397–402

    Article  Google Scholar 

  35. Yoon EJ, Shin YN, Jeon IS, Yoo KY (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Technical Review (Medknow Publications & Media Pvt. Ltd.) 27(3)

  36. Yoon EJ, Yoo KY, Kim C, Hong YS, Jo M, Chen HH (2010) A secure and efficient sip authentication scheme for converged voip networks. Comp Commun 33(14):1674–1681

    Article  Google Scholar 

  37. Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. International Journal of Communication Systems

  38. Cheng C-M, Tsao S-L, Chou J-C (2007) Unstructured Peer-to-Peer session initiation protocol for mobile environment. In: IEEE 18th international symposium on personal, indoor and mobile radio communications (PIMRC’07), pp 1–5, 3-7 September

  39. Sarkar P (2010) A simple and generic construction of authenticated encryption with associated data. ACM Trans Inf Syst Secur 13(4):33

    Article  Google Scholar 

  40. Stinson DR (2006) Some observations on the theory of cryptographic hash functions. Des Codes Crypt 38(2):259–277

    Article  MATH  MathSciNet  Google Scholar 

  41. Stallings W (2003) Cryptography and network security: principles and practices, 3rd edn. Pearson Education, India

    Google Scholar 

  42. Dutta R, Barua R (2008) Provably secure constant round contributory group key agreement. IEEE Trans Inf Theory 54(5):2007–2025

    Article  MATH  MathSciNet  Google Scholar 

  43. Jina ATB, Linga DNC, Goh A (2004) Biohashing: two factor authentication featuring fingerprint data and tokenized random number. Pattern Recogn 37(11):2245–2255

    Article  Google Scholar 

  44. Lumini A, Nanni L (2007) An improved BioHashing for human authentication. Pattern Recogn 40(3):1057–1065

    Article  MATH  Google Scholar 

  45. Jain A, Hong L, Pankanti S (2000) Biometric identification. Communi ACM 43(2):90–98

    Article  Google Scholar 

  46. Das AK, Chatterjee S, Sing JK (2014) A new biometric-based remote user authentication scheme in hierarchical wireless body area sensor networks. Ad Hoc & sensor wireless networks. In Press

  47. Ratha NK, Connell JH, Bolle RM (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Syst J 40(3):614–634

    Article  Google Scholar 

  48. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of advances in cryptology - CRYPTO’99, LNCS, vol. 1666, pp. 388–397

  49. Odelu V, Das AKD, Goswami A (2014) A secure and efficient time-bound hierarchical access control scheme for secure broadcasting. International Journal of Ad Hoc and Ubiquitous Computing. In Press

  50. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552

    Article  MathSciNet  Google Scholar 

  51. Armando A et al (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: 17th international conference on computer aided verification (CAV’05), Lecture notes in computer science, vol 3576. Springer, pp 281–285

  52. AVISPA: automated validation of internet security protocols and applications. http://www.avispa-project.org/. Accessed on January 2013

  53. von Oheimb D (2005) The high-level protocol specification language hlpsl developed in the eu project avispa. In: Proceedings of APPSEM 2005 workshop

  54. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MATH  MathSciNet  Google Scholar 

  55. Basin D, Modersheim S, Vigano L (2005) OFMC: A symbolic model checker for security protocols. Int J Inf Secur 4(3):181–208

    Article  Google Scholar 

  56. AVISPA: AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/ . Accessed on April 2014

  57. Li C-T, Hwang M-S (2010) An efficient biometric-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved significantly the content and the presentation of this paper.

Conflict of interest

The authors declare that they have no conflict of interest.

Author information

Authors and Affiliations

  1. Department of Mathematics, Indian Institute of Technology Kharagpur, Kharagpur, 721 302, India

    Dheerendra Mishra & Sourav Mukhopadhyay

  2. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Ashok Kumar Das

Authors
  1. Dheerendra Mishra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sourav Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashok Kumar Das.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mishra, D., Das, A.K. & Mukhopadhyay, S. A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Netw. Appl. 9, 171–192 (2016). https://doi.org/10.1007/s12083-014-0321-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-014-0321-z

Keywords

Search

Navigation