Peer-to-Peer Networking and Applications

, Volume 11, Issue 5, pp 837–847 | Cite as

A provably secure anonymous mutual authentication scheme with key agreement for SIP using ECC

Article
First Online:
Received:
Accepted:
  • 142 Downloads

Abstract

Recently, Lu et al. and Chaudhry et al. presented an authenticated key agreement scheme for session initiation protocol (SIP), respectively. They illustrated their schemes are secure against various familiar attacks. However, we demonstrate Lu et al.’s scheme is vulnerable to stolen verifier attack and Chaudhry et al.’s scheme is insecure to session key attack. To solve these problems, we propose a new provably secure mutual authentication scheme for SIP. Informal security analysis illustrates this proposed protocol can withstand different kinds of familiar attacks including stolen verifier attack and session key attack. And the correctness and security of the proposed protocol is also proved through Protocol Composition Logic (PCL) and generic group model. Eventually, security comparison shows our proposed scheme is more secure and performance analysis demonstrates the computation cost is also acceptable.

Keywords

Authenticated key agreement Session initiation protocol Elliptic curve cryptosystem Stolen verifier attack Session key attack 
This is a preview of subscription content, log in to check access.

Notes

Compliance with Ethical Standards

Conflict of interests

The authors declare that there is no conflict of interest regarding the publication of the paper.

References

  1. 1.
    Arkko J, Torvinen V, Camarillo G, Niemi A, Haukka T (2003) Security mechanism agreement for the session initiation protocol (sip). Cognitiva 12(1):37–61Google Scholar
  2. 2.
    Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178CrossRefGoogle Scholar
  3. 3.
    Cao X, Zhong S (2006) Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun Lett 10(8):580–581CrossRefGoogle Scholar
  4. 4.
    Chatterjee S, Das AK, Sing JK (2014) An enhanced access control scheme in wireless sensor networks. Ad Hoc & Sensor Wireless Netw 21(1):121–149Google Scholar
  5. 5.
    Chaudhry SA, Khan I, Irshad A, Ashraf MU, Khan MK, Ahmad HF (2016) A provably secure anonymous authentication scheme for session initiation protocol. Secur Commun NetwGoogle Scholar
  6. 6.
    Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU (2015) An improved and provably secure privacy preserving authentication protocol for sip. Peer-to-Peer Network Appl 1–15Google Scholar
  7. 7.
    Chen T, Yeh H, Liu P, Hsiang H, Shih W (2010) A secured authentication protocol for sip using elliptic curves cryptography. Commun Comput Inf Sci 119:46–55Google Scholar
  8. 8.
    Denning DE, Sacco GM (1981) Timestamps in key distribution systems. Commun Acm 24(8):533–536CrossRefGoogle Scholar
  9. 9.
    Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Durlanik A, Sogukpinar I (2005) Sip authentication scheme using ecdh. Screen 137:3367Google Scholar
  11. 11.
    Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani MT (2008) On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Conference on cryptology: Advances in cryptology, pp 203–220Google Scholar
  12. 12.
    Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inf Technol Control 42(4):333–342Google Scholar
  13. 13.
    Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A, Stewart L (1999) Rfc 2617: Http authentication: Basic and digest access authentication. In: Ietf RfcGoogle Scholar
  14. 14.
    Gokhroo MK, Jaidhar CD, Tomar AS (2011) Cryptanalysis of sip secure and efficient authentication scheme. In: IEEE International conference on communication software and networks, pp 308–310Google Scholar
  15. 15.
    He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429CrossRefGoogle Scholar
  16. 16.
    Jia LT (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8 (1):12–16Google Scholar
  17. 17.
    Hakan Kilinc H, Yanik Tugrul (2014) A survey of sip authentication and key agreement schemes. IEEE Commun Surv Tutor 16(2):1005–1023CrossRefGoogle Scholar
  18. 18.
    Yi PL, Wang SS (2010) A new secure password authenticated key agreement scheme for sip using self-certified public keys on elliptic curves. Comput Commun 33(3):372–380MathSciNetCrossRefGoogle Scholar
  19. 19.
    Lin CL, Hwang T (2003) A password authentication scheme with secure password updating. Comput Secur 22(1):68–72CrossRefGoogle Scholar
  20. 20.
    Yanrong L, Li L, Peng H, Yang Y (2016) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Network Appl 9(2):1–11Google Scholar
  21. 21.
    Mitchell JC, Datta A (2005) Security analysis of network protocols: Compositional reasoning and complexity-theoretic foundations. pp 468–483Google Scholar
  22. 22.
    Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inform Sci 269(4):270–285MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Pu Q (2010) Weaknesses of sip authentication scheme for converged voip networks. Iacr Cryptology Eprint ArchiveGoogle Scholar
  24. 24.
    Salsano S, Veltri L, Papalilo D (2002) SIP security issues: The SIP authentication procedure and its processing load. IEEE PressGoogle Scholar
  25. 25.
    Stinson DR (2006) Some observations on the theory of cryptographic hash functions. Des Codes Crypt 38 (2):259–277MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Thomas M et al (2001) Sip security requirements. IETF Intemet dren (draftthomas-sip-sec-reg’OO txt)Google Scholar
  27. 27.
    Vanstone A (1997) Elliptic curve cryptosystem — the answer to strong, fast public-key cryptography for securing constrained environments. Inf Secur Tech Rep 2(2):78–87CrossRefGoogle Scholar
  28. 28.
    Liufei W, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ecc. Comput Standards Interf 31(2):286–291CrossRefGoogle Scholar
  29. 29.
    Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54CrossRefGoogle Scholar
  30. 30.
    Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386CrossRefGoogle Scholar
  31. 31.
    Yoon EJ, Shin YN, Il SJ, Yoo KY (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. Iete Tech Rev 27(3):203–213CrossRefGoogle Scholar
  32. 32.
    Yoon EJ, Yoo KY (2009) Cryptanalysis of ds-sip authentication scheme using ecdh. In: International conference on new trends in information and service science, pp 642–647Google Scholar
  33. 33.
    Yoon EJ, Yoo KY, Kim C, Hong YS, Jo M, Chen HH (2010) A secure and efficient sip authentication scheme for converged voip networks. Comput Commun 33(14):1674–1681CrossRefGoogle Scholar
  34. 34.
    Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong HYg (2015) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 74(10):3477–3488CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.School of Mathematics and StatisticsWuhan UniversityWuhanChina

Personalised recommendations