Skip to main content
Log in

Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript


Session Initiation Protocol (SIP) has been widely used in the current Internet protocols such as Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). However, the original SIP authentication scheme was insecure and many researchers tried to propose schemes to overcome the flaws. In the year 2011, Arshad et al. proposed a SIP authentication protocol using elliptic curve cryptography (ECC), but their scheme suffered from off-line password guessing attack along with password change pitfalls. To conquer the mentioned weakness, we proposed an ECC-based authentication scheme for SIP. Our scheme only needs to compute four elliptic curve scale multiplications and two hash-to-point operations, and maintains high efficiency. The analysis of security of the ECC-based protocol shows that our scheme is suitable for the applications with higher security requirement.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others


  1. Arshad R, Ikram N (2011) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tool Appl. doi:10.1007/s11042-011-0787-0

  2. Certicom Research (2000) Standard for efficient cryptography, SEC 1, 2000: EC Cryptography. Ver. 1.0

  3. Chen TH, Yeh HL, Liu PC, Hsiang HC, Shih WK (2010) A secured authentication protocol for SIP using elliptic curves cryptography. CN, CCIS 119:46–55

    Google Scholar 

  4. Denning D, Sacco G (1981) Timestamps in key distribution systems. Commun ACM 24:533–536

    Article  Google Scholar 

  5. Diffie W, Hellman ME (1976) New directions in cryptography. IEEE Transactions on Information Theory IT-22: 644–654

    Google Scholar 

  6. Durlanik A, Sogukpinar I (2005) SIP Authentication Scheme using ECDH. World Enformatika Socity Transations on Engineering Computing and Technology 8:350–353

    Google Scholar 

  7. Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S, Ehlert S (2006) Survey of security vulnerabilities in session initiation protocol. IEEE Commun Surv Tutorials 8(3):68–81

    Article  Google Scholar 

  8. He DB, Chen JH, Hu J (2011) An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Inform Fusion. doi:10.1016/j.inffus.2011.01.001

  9. He DB, Chen JH, Zhang R (2011) A more secure authentication scheme for telecare medicine information systems. J Med Syst. doi:10.1007/s10916-011-9658-5

  10. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209

    Article  MathSciNet  MATH  Google Scholar 

  11. Lin CL, Hwang T (2003) A password authentication scheme with secure password updating. Comput Secur 22(1):68–72

    Article  Google Scholar 

  12. Liu FW, Koenig H (2011) Cryptanalysis of a SIP authentication scheme, in Communications and Multimedia Security, Springer Berlin/Heidelberg :134–143

  13. Menezes AJ, Oorschot PC, Vanstone SA (1997) Handbook of applied cryptograph. CRC Press New York

  14. Rosenberg J,Schulzrinne H, Camarillo G, Johnstone A, Peterson J, Sparks R (2002) SIP: session initiation protocol. IETF RFC3261

  15. Thomas M (2001) SIP security requirements. IETF Internet Draft (draftthomas-sip-sec-reg-00.txt)

  16. Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312–316

    Google Scholar 

  17. Veltri L, Salsano S, Papalilo D (2002) SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw 16(6):38–44

    Article  Google Scholar 

  18. Xie Q (2011) A new authenticated key agreement for session initiation protocol. Int J Commun Syst. doi:10.1002/dac.1286

  19. Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386

    Article  Google Scholar 

  20. Yoon EJ, Yoo KY (2010) A three-factor authenticated key agreement scheme for SIP on elliptic curves, in Proceedings of the 2010 Fourth International Conference on Network and System Security 334–339

  21. Yoon EJ, Koo KY (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27(3):203–213

    Article  Google Scholar 

  22. Yoon EJ, Yoo KY (2009) Cryptanalysis of DS-SIP authentication scheme using ECDH, in 2009 International Conference on New Trends in Information and Service Science 642–647

  23. Yoon EJ, Yoo KY (2009) A new authentication scheme for session initiation protocol, in 2009 International Conference on Complex, Intelligent and Software Intensive Systems, CISIS '09 549–554

Download references


We would like to thank the anonymous reviewers for their helpful comments.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Hongbin Tang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Tang, H., Liu, X. Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 65, 321–333 (2013).

Download citation

  • Published:

  • Issue Date:

  • DOI: