Abstract
The Session Initiation Protocol (SIP) as the core signaling protocol for multimedia services is receiving much attention. Authentication is becoming increasingly crucial issue when a user asks to use SIP services. Many authentication schemes for the SIP have been proposed. Very recently, Zhang et al. has presented an authentication scheme for SIP and claimed their scheme could overcome various attacks while maintaining efficiency. In this research, we illustrate that their scheme is susceptible to the insider attack and does not provide proper mutual authentication. We then propose a modified secure mutual authentication scheme to conquer the security flaws in Zhang et al.’s scheme. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Zhang et al.’s scheme. In addition, the performance analysis shows that our scheme has better efficiency in comparison with other related ECC-based authentication schemes for SIP.
Similar content being viewed by others
References
Veltri L, Salsano S, Papalilo D (2002) SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw 16(6):38–44
Arkko J, Torvinen V, Camarillo G, Niemi A, Haukka T (2002) Security mechanism agreement for SIP sessions. IETF Internet Draft, Jun
Thomas M (2001) SIP Security Requirements. IETF Internet Draft, Work In Progress Nov
Lu Y, Li L, Yang Y (2015) Robust and efficient authentication scheme for session initiation protocol. Math Probl Eng 2015:2015. doi:10.1155/2015/894549. Article ID 894549, 9
Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A. (1999) HTTP Authentication: Basic and digest access authentication. IETF RFC:2617
Yang C, Wang R, Liu W (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386
Denning D, Sacco G (1981) Timestamps in key distribution systems. Commun ACM 24:533–536
He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:417–426
Liao Y, Wang S (2010) A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves. Comput Commun 33:372–380
Menezes A J (1997) Handbook of applied cryptography, CRC Press Inc, Vanstone, SA
Miller VS (1986) Use of elliptic curves in cryptography. Advances in Cryptology-Crypto’85: Proceedings. Springer Berlin, Heidelberg, p 417
Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. World Enform Socity Trans. Engineering Comput Technol 8:350–353
Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Stand Interfaces 31:286–291
Yoon EJ, Yoo KY, Kim C, Hong YS, Jo M, Chen HH (2010) A secure and efficient SIP authentication scheme for converged VoIP networks. Comput Commun 33:1674–1681
Gokhroo MK, Jaidhar CD, Tomar AS (2011) Cryptanalysis of SIP secure and efficient authentication scheme. Proceedings ICCSN
Pu Q (2010) Weaknesses of SIP authentication scheme for converged VoIP networks. IACR Cryptol ePrint Arch
Tsai J (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8 (3):312–316
Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178
Chen T H, Yeh H L, Liu P C, Hsiang H C, Shih W K (2010) A secured authentication protocol for SIP using elliptic curves cryptography. CN CCIS 119:46–55
Lin C, Hwang T (2003) A password authentication scheme with secure password updating. Comput Secur 22(1):68–72
Yoon E J, Yoo K Y (2009) Cryptanalysis of DS-SIP authentication scheme using ECDH. International Conference on New Trends in Information and Service Science
Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54
Farash M S, Attari M A (2013) An enhanced authenticated key agreement for session initiation protocol. Inf Technol Control 42(4):333–342
Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong H Y (2014) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography, Multimedia Tools Applied
Vanstone S A (1997) Elliptic curve cryptosystem-the answer to strong, fast public-key cryptography for securing constrained environments. Inf Secur Tech Rep 12:78–87
Stinson DR (2006) Some Observations on the theory of cryptographic hash functions. Desi Codes Crypto 38(2):259–277
Burrow M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8:18–36
Boyd C, Mathuria A (2003) Protocols for authentication and key establishment. Springer
Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani MTM (2008) On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Advances in Cryptology-CRYPTO 2008. Springer, pp 203–220
Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772
Yang W, Shieh SP (1999) Password authentication schemes with smart cards. Comput Secur 18(8):727–733
Chatterjee S, Das AK, Sing JK (2014) An enhanced access control scheme in wireless sensor networks. Ad Hoc Sensor Wireless Netw 21(1-2):121–149
Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inform Sci 269(10):270–285
Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Network Applied
Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Comput Stand Interfaces 36:397–402
Yoon EJ, Shin YN, Jeon IS, Yoo KY (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27(3):203–213
Zhang L, Tang S, Cai Z (2013), Efficient and flexible password authenticated key agreement for Voice over Internet protocol session initiation protocol using smart card. International Journal Communication System
Kilinc H, Yanik T (2013) A survey of SIP authentication and key agreement schemes. IEEE Communications Surveys & Tutorials. doi:10.1109/SURV.2013.091513.00050
Acknowledgements
The authors would like to thank all the anonymous reviewers for their helpful advice. This paper is supported by the National Natural Science Foundation of China (Grant Nos. 61472045,61121061), the Beijing Natural Science Foundation (Grant No. 4142016)and the Asia Foresight Program under NSFC Grant (Grant No. 61411146001).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lu, Y., Li, L., Peng, H. et al. A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Netw. Appl. 9, 449–459 (2016). https://doi.org/10.1007/s12083-015-0363-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-015-0363-x