Secure and efficient ECC based SIP authentication scheme for VoIP communications in internet of things

  • Parwinder Kaur DhillonEmail author
  • Sheetal Kalra


Since last decade, VoIP is transitioning from being a voice scheme to the most powerful unified communications engine. All VoIP systems uses the Session Initiation Scheme that defines the procedures and messages used to set up a phone call – or any other kind of communication. IoT is another paradigm-shifting idea that is going to change VoIP communications, since it offers a seamless way to connect all of the devices, applications and platforms. Embedding VoIP in IoT solutions provides a competitive advantage over the traditional telephony system of being interconnected to Internet of Things. With the IoT, value proposition of VoIP broadens so with IoT, however, VoIP is vulnerable to all of the intrinsic security problems in IP. In this paper, a new biometrics based authentication scheme using ECC has been proposed. The formal and informal security analysis of the scheme proves the security strength of the scheme. Simulation of the scheme using AVISPA also proves the scheme is secure against potential threats. Comparison of the proposed scheme in terms of computation cost and security features with other related schemes proves the superiority of the scheme.


SIP ECC Authentication VoIP AVISPA 



  1. 1.
    Armando A, Basin D, Cuellar J, Rusinowitch M, Viganò L (2006) AVISPA: automated validation of internet security protocols and applications. ERCIM News, 64Google Scholar
  2. 2.
    Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178CrossRefGoogle Scholar
  3. 3.
    Arshad H, Nikooghadam M (2015) Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol. J Supercomput 71(8):3163–3180CrossRefGoogle Scholar
  4. 4.
    Arshad H, Nikooghadam M (2016) An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed Tools Appl 75(1):181–197CrossRefGoogle Scholar
  5. 5.
    Challa S, Das AK, Kumari S, Odelu V, Wu F, Li X (2016) Provably secure three-factor authentication and key agreement scheme for session initiation protocol. Secur Commun Netw 9(18):5412–5431CrossRefGoogle Scholar
  6. 6.
    Chen WE, Lin PJ (2010) A performance study for IPv4–IPv6 translation in IP multimedia core network subsystem. Int J Commun Syst 23(8):929–944Google Scholar
  7. 7.
    Chen MX, Wang FJ (2010) Session integration service over multiple devices. Int J Commun Syst 23(5):673–690Google Scholar
  8. 8.
    Chen WE, Huang YL, Lin YB (2010) An effective IPv4–IPv6 translation mechanism for SIP applications in next generation networks. Int J Commun Syst 23(8):919–928Google Scholar
  9. 9.
    Chiang WK, Chang WY (2010) Mobile-initiated network-executed SIP-based handover in IMS over heterogeneous accesses. Int J Commun Syst 23(9-10):1268–1288CrossRefGoogle Scholar
  10. 10.
    Chiu KL, Chen YS, Hwang RH (2011) Seamless session mobility scheme in heterogeneous wireless networks. Int J Commun Syst 24(6):789–809CrossRefGoogle Scholar
  11. 11.
    Cho K, Pack S, Kwon TT, Choi Y (2010) An extensible and ubiquitous RFID management framework over next-generation network. Int J Commun Syst 23(9-10):1093–1110CrossRefGoogle Scholar
  12. 12.
    Das AK, Paul NR, Tripathy L (2012) Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf Sci 209(C):80–92MathSciNetCrossRefGoogle Scholar
  13. 13.
    Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In International conference on the theory and applications of cryptographic techniques (pp 523–540). Springer, Berlin, HeidelbergCrossRefGoogle Scholar
  14. 14.
    Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRefGoogle Scholar
  15. 15.
    Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. Screen 137:3367Google Scholar
  16. 16.
    Farash MS (2016) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw Appl 9(1):82–91CrossRefGoogle Scholar
  17. 17.
    Farash MS, Attari MA (2016) An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. Int J Commun Syst 29(13):1956–1967CrossRefGoogle Scholar
  18. 18.
    Farash MS, Kumari S, Bakhtiari M (2016) Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Multimed Tools Appl 75(8):4485–4504CrossRefGoogle Scholar
  19. 19.
    He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429CrossRefGoogle Scholar
  20. 20.
    Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2015) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl 74(11):1–18CrossRefGoogle Scholar
  21. 21.
    Irshad A, Kumari S, Li X, Wu F, Chaudhry SA, Arshad H (2017) An improved SIP authentication scheme based on server-oriented biometric verification. Wirel Pers Commun 97(2):2145–2166CrossRefGoogle Scholar
  22. 22.
    Jiang Q, Ma J, Tian Y (2015) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. Int J Commun Syst 28(7):1340–1351CrossRefGoogle Scholar
  23. 23.
    Kilinc HH, Yanik T (2014) A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutorials 16(2):1005–1023CrossRefGoogle Scholar
  24. 24.
    Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Des Codes Crypt 19(2-3):173–193MathSciNetCrossRefGoogle Scholar
  25. 25.
    Kumari S, Chaudhry SA, Wu F, Li X, Farash MS, Khan MK (2017) An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl 10(1):92–105CrossRefGoogle Scholar
  26. 26.
    Leach PJ, Franks J, Luotonen A, Hallam-Baker PM, Lawrence SD, Hostetler JL, Stewart LC (1999) HTTP authentication: basic and digest access authenticationGoogle Scholar
  27. 27.
    Li JS, Kao CK, Tzeng JJ (2011) VoIP secure session assistance and call monitoring via building security gateway. Int J Commun Syst 24(7):837–851CrossRefGoogle Scholar
  28. 28.
    Miller VS (1985) Use of elliptic curves in cryptography. In Conference on the Theory and Application of Cryptographic Techniques (pp 417–426). Springer, Berlin, HeidelbergGoogle Scholar
  29. 29.
    Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inf Sci 269(C):270–285MathSciNetCrossRefGoogle Scholar
  30. 30.
    Pu Q, Wang J, Wu S (2013) Secure SIP authentication scheme supporting lawful interception. Secur Commun Netw 6(3):340–350CrossRefGoogle Scholar
  31. 31.
    Sarkar P (2010) A simple and generic construction of authenticated encryption with associated data. ACM Trans Inf Syst Secur 13(33):1–16CrossRefGoogle Scholar
  32. 32.
    Stinson DR (2006) Some observations on the theory of cryptographic hash functions. Des Codes Crypt 38(2):259–277MathSciNetCrossRefGoogle Scholar
  33. 33.
    Tang H, Liu X (2013) Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 65(3):321–333CrossRefGoogle Scholar
  34. 34.
    Tu H, Kumar N, Chilamkurti N, Rho S (2015) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl 8(5):903–910CrossRefGoogle Scholar
  35. 35.
    Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Standards Interfaces 31(2):286–291CrossRefGoogle Scholar
  36. 36.
    Xie Q, Tang Z (2016) Biometrics based authentication scheme for session initiation protocol. SpringerPlus 5(1):1045CrossRefGoogle Scholar
  37. 37.
    Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386CrossRefGoogle Scholar
  38. 38.
    Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Comput Standards Interfaces 36(2):397–402CrossRefGoogle Scholar
  39. 39.
    Yoon EJ, Yoo KY (2010) A three-factor authenticated key agreement scheme for SIP on elliptic curves. In Network and System Security (NSS), 2010 4th International Conference on (pp 334–339). IEEEGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringGuru Nanak Dev UniversityJalandharIndia

Personalised recommendations