Abstract
Recently, a two-factor authenticated key agreement scheme for session initiation protocol is published by Lu et al. in Multimedia Tools and Applications [doi:10.1007/s11042-015-3166-4]. I have examined this scheme and found some design flaws in it. Due to flaw in registration phase, the scheme is vulnerable to guessing attacks. However, flaws during key agreement phase hinder the functionality of the scheme in such a way that mutual authentication process between the user and the server is not viable.
Similar content being viewed by others
References
Lu Y, Li L, Peng H, Yang Y (2015) An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl. doi:10.1007/s11042-015-3166-4
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kumari, S. Design flaws of “an anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography”. Multimed Tools Appl 76, 13581–13583 (2017). https://doi.org/10.1007/s11042-016-3771-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-016-3771-x