Peer-to-Peer Networking and Applications

, Volume 8, Issue 5, pp 903–910 | Cite as

An improved authentication protocol for session initiation protocol using smart card

  • Hang Tu
  • Neeraj Kumar
  • Naveen Chilamkurti
  • Seungmin Rho


The session initiation protocol (SIP) is the most widely used signaling protocol for controlling communication on the Internet, establishing, maintaining, and terminating the sessions. To get secure communication, many authentication protocols for SIP have been proposed. Very recently, Zhang et al. proposed a new authenticated key agreement protocol for SIP using smart card. They also show their protocol could withstand various attacks. However, in this paper, we point out that their protocol is vulnerable to the impersonation attack. We also propose an improved protocol to overcome the weakness. Security analysis shows that our protocol could overcome the weaknesses in Zhang et al.’s protocol. Performance analysis shows that the computational cost in the authentication phase of our protocol is about 75 % of Zhang et al.’s protocol.


Key agreement Mutual authentication Session initiation protocol Elliptic curve 



This work was supported by the National Research Foundation of Korea Grant funded by the Korean Government (NRF- 13S1A5B6044042).

Conflict of Interest

The author declares that he has no conflict of interest.


  1. 1.
    Franks J, Hallam-Baker PM, Hostetler JL, Lawrence SD, Leach PJ, Luotonen A, Stewart LC (1999) HTTP authentication: basic and digest access authentication. Internet RFC2617Google Scholar
  2. 2.
    Yang C, Wang R, Liu W (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386CrossRefGoogle Scholar
  3. 3.
    Huang H, Wei W, Brown G (2006) A new efficient authentication scheme for session initiation protocol. Proc JCIS(06)Google Scholar
  4. 4.
    Jo H, Lee Y, Kim M, Kim S, Won D (2009) Off-line password-guessing attack to Yang’s and Huang’s authentication schemes for session initiation protocol. Proc INC, IMS IDC 618–621Google Scholar
  5. 5.
    Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. World Enformatika Soc Trans Eng Comput Technol 8:350–353Google Scholar
  6. 6.
    Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Stand Interfaces 31:286–291MathSciNetCrossRefGoogle Scholar
  7. 7.
    Yoon EJ, Yoo KY et al (2010) A secure and efficient SIP authentication scheme for converged VoIP networks. Comput Commun 33:1674–1681CrossRefGoogle Scholar
  8. 8.
    Pu Q (2010) Weaknesses of SIP authentication scheme for converged VoIP networks. IACR Cryptol ePrint Arch 2010(464)Google Scholar
  9. 9.
    Gokhroo MK, Jaidhar CD (2011) Tomar AS cryptanalysis of SIP secure and efficient authentication scheme. Proc ICCSN 2011:308–310Google Scholar
  10. 10.
    Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 9:12–16Google Scholar
  11. 11.
    Yoon E, Shin Y, Jeon I, Yoo K (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27:203–213CrossRefGoogle Scholar
  12. 12.
    Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25:47–54CrossRefGoogle Scholar
  13. 13.
    Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initation protocol. Multimedia Tools Appl 66(2):165–178CrossRefGoogle Scholar
  14. 14.
    He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Networks 5(12):1423–1429CrossRefGoogle Scholar
  15. 15.
    Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card. Int J Commun Syst. doi: 10.1002/dac.2499 Google Scholar
  16. 16.
    Kocher P, Jaffe J, Jun B (1999) Differential power analysis, Proceedings of Crypto ‘99, pp. 388–397, Springer-VerlagGoogle Scholar
  17. 17.
    Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552MathSciNetCrossRefGoogle Scholar
  18. 18.
    He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inform Fusion 13(3):223–230CrossRefGoogle Scholar
  19. 19.
    He D, Wu S (2013) Security flaws in a smart card based authentication scheme for multi-server environment. Wirel Pers Commun 70(1):323–329CrossRefGoogle Scholar
  20. 20.
    Zhang D, Ma Z, Niu X (2013) Anonymous authentication scheme of trusted mobile terminal under mobile internet. J China Univ Posts Telecommun 20(1):58–65CrossRefGoogle Scholar
  21. 21.
    Pu Q, Wang J, Wu S (2013) Scalable and efficient mobile authentication scheme preserving user privacy. Int J Ad Hoc Ubiquit Comput 12(2):65–74CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Hang Tu
    • 1
  • Neeraj Kumar
    • 2
  • Naveen Chilamkurti
    • 3
  • Seungmin Rho
    • 4
  1. 1.School of ComputerWuhan UniversityWuhanChina
  2. 2.Department of Computer Science and EngineeringThapar UniversityPatialaIndia
  3. 3.Department of Computer Science and Computer EngineeringLaTrobe UniversityMelbourneAustralia
  4. 4.Department of MultimediaSungkyul UniversityManan-gu, Anyang-siKorea

Personalised recommendations