Skip to main content
SpringerLink
Log in

Design of a secure anonymity-preserving authentication scheme for session initiation protocol using elliptic curve cryptography

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

The session initiation protocol (SIP) is a signaling protocol which is used to controlling communication in the Internet. It is also used for initiating, terminating and maintaining the sessions. A strong authentication scheme plays a pivotal role in safeguarding communications over the Internet. In order to ensure the secure communication, several authentication schemes have been proposed for SIP in the literature. Recently, Lu et al. proposed an authentication scheme for SIP-based communications and proved that their scheme can resist various network attacks. In this paper, we show that their scheme is susceptible to the user and server impersonation attacks. Also, their scheme fails to achieve user anonymity and mutual authentication. Hence, there is a need to propose a secure ECC-based authentication scheme with user anonymity for SIP to overcome the shortcomings of Lu et al.’s scheme. Security analysis shows that the proposed scheme is able to fix the flaws found in Lu et al.’s scheme. In addition to informal security discussions, we give formal security analysis of the proposed scheme under the generic group model of cryptography. Performance analysis also shows that the proposed scheme is suitable for SIP based communication.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  • Arshad H, Nikooghadam M (2016) An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc. Multimed Tools Appl 75(1):181–197

    Article  Google Scholar 

  • Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178

    Article  Google Scholar 

  • Cao X, Zhong S (2006) Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun Lett 10(8):580–581

    Article  Google Scholar 

  • Chang CC, Le HD (2016) A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366

    Article  MathSciNet  Google Scholar 

  • Chaudhry SA (2015) Comment on robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications. IET Commun 9(7):1034–1034

    Article  Google Scholar 

  • Chaudhry SA, Mahmood K, Naqvi H, Khan MK (2015a) An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J Med Syst 39(11):1–12

    Article  Google Scholar 

  • Chaudhry SA, Naqvi H, Shon T, Sher M, Farash MS (2015b) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6):1–11

    Article  Google Scholar 

  • Chaudhry SA, Khan I, Irshad A, Ashraf MU, Khan MK, Ahmad HF (2016a) A provably secure anonymous authentication scheme for session initiation protocol. Secur Commun Netw. doi:10.1002/sec.1672

  • Chaudhry SA, Khan MT, Khan MK, Shon T (2016b) A multiserver biometric authentication scheme for tmis using elliptic curve cryptography. J Med Syst 40(11):230

    Article  Google Scholar 

  • Chaudhry SA, Naqvi H, Mahmood K, Ahmad HF, Khan MK (2016c) An improved remote user authentication scheme using elliptic curve cryptography. Wirel Person Commun. doi:10.1007/s11277-016-3745-3

  • Chuang YH, Tseng YM (2010) An efficient dynamic group key agreement protocol for imbalanced wireless networks. Int J Netw Manag 20(4):167–180

    Google Scholar 

  • Das AK (2016) A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Netw Appl 9(1):223–244

    Article  Google Scholar 

  • Das AK, Goswami A (2013) A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(3):1–16

    Article  Google Scholar 

  • Das AK, Paul NR, Tripathy L (2012) Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf Sci 209:80–92

    Article  MathSciNet  MATH  Google Scholar 

  • Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  MATH  Google Scholar 

  • Durlanik A, Sogukpinar I (2005) Sip authentication scheme using ecdh. ENFORMATIKA 8:350–353

    Google Scholar 

  • Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani MTM (2008) On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Annual International Cryptology Conference, Springer, pp 203–220

  • Farash MS (2016) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw Appl 9(1):82–91

    Article  Google Scholar 

  • Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inf Technol Control 42(4):333–342

    Google Scholar 

  • Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A, Stewart L (1999) Http authentication: basic and digest access authentication. RFC 2617-IETF

  • Giri D, Sherratt RS, Maitra T, Amin R (2015) Efficient biometric and password based mutual authentication for consumer usb mass storage devices. IEEE Trans Consum Electron 61(4):491–499

    Article  Google Scholar 

  • Gokhroo MK, Jaidhar C, Tomar AS (2011) Cryptanalysis of sip secure and efficient authentication scheme. In: Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on, IEEE, pp 308–310

  • Goldwasser S, Bellare M (1996) Lecture notes on cryptography. Summer Course Cryptogr Comput Secur MIT 1999:1999

    Google Scholar 

  • He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429

    Article  Google Scholar 

  • He D, Kumar N, Chen J, Lee CC, Chilamkurti N, Yeo SS (2015a) Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimed Syst 21(1):49–60

    Article  Google Scholar 

  • He D, Kumar N, Chilamkurti N (2015b) A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf Sci 321:263–277

    Article  Google Scholar 

  • He D, Zhang Y, Chen J (2015c) Robust biometric-based user authentication scheme for wireless sensor networks. Ad Hoc Sens Wirel Net 25(3–4):309–321

    Google Scholar 

  • Huang HF, Wei WC (2006) A new efficient authentication scheme for session initiation protocol. Computing 1(2):1–3

    Google Scholar 

  • Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2015) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl 74(11):3967–3984

    Article  Google Scholar 

  • Jiang Q, Ma J, Li G, Yang L (2014) An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wirel Person Commun 77(2):1489–1506. doi:10.1109/TED.2011.2180724

  • Jiang Q, Ma J, Lu X, Tian Y (2015a) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw Appl 8(6):1070–1081

    Article  Google Scholar 

  • Jiang Q, Ma J, Tian Y (2015) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang, et al. Int J Commun Syst 28(7):1340–1351

    Article  Google Scholar 

  • Jiang Q, Khan MK, Lu X, Ma J, He D (2016a) A privacy preserving three-factor authentication protocol for e-health clouds. J Supercomput. doi:10.1109/TED.2011.2180724

  • Jiang Q, Wei F, Fu S, Ma J, Li G, Alelaiwi A (2016b) Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dynam 83(4):2085–2101

    Article  MathSciNet  MATH  Google Scholar 

  • Jo H, Lee Y, Kim M, Kim S, Won D (2009) Off-line password-guessing attack to yang’s and huang’s authentication schemes for session initiation protocol. In: INC, IMS and IDC, 2009. NCM’09. Fifth International Joint Conference on, IEEE, pp 618–621

  • Karuppiah M (2016) Remote user authentication scheme using smart card: a review. Int J Internet Protocol Technol 9(2–3):107–120

    Article  Google Scholar 

  • Karuppiah M, Saravanan R (2015) Cryptanalysis and an improvement of new remote mutual authentication scheme using smart cards. J Discret Math Sci Cryptogr 18(5):623–649

    Article  MathSciNet  Google Scholar 

  • Karuppiah M, Kumari S, Das AK, Li X, Wu F, Basu S (2016a) A secure lightweight authentication scheme with user anonymity for roaming service in ubiquitous networks. Secur Commun Netw 9(17):4192–4209

    Article  Google Scholar 

  • Karuppiah M, Kumari S, Li X, Wu F, Das AK, Khan MK, Saravanan R, Basu S (2016b) A dynamic id-based generic framework for anonymous authentication scheme for roaming service in global mobility networks. Wirel Person Commun, pp 1–25

  • Kilinc HH, Yanik T (2014) A survey of sip authentication and key agreement schemes. IEEE Commun Surv Tutor 16(2):1005–1023

    Article  Google Scholar 

  • Kumari S, Karuppiah M, Li X, Wu F, Das AK, Odelu V (2016) An enhanced and secure trust-extended authentication mechanism for vehicular ad-hoc networks. Secur Commun Netw 9(17):4255–4271

    Article  Google Scholar 

  • Li X, Niu J, Karuppiah M, Kumari S, Wu F (2016) Secure and efficient two-factor user authentication scheme with user anonymity for network based e-health care applications. J Med Syst 40(12):268

    Article  Google Scholar 

  • Lu Y, Li L, Peng H, Yang Y (2016) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl 9(2):449–459

    Article  Google Scholar 

  • Ma CG, Wang D, Zhao SD (2014) Security flaws in two improved remote user authentication schemes using smart cards. Int J Commun Syst 27(10):2215–2227

    Article  Google Scholar 

  • Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inf Sci 269:270–285

    Article  MathSciNet  MATH  Google Scholar 

  • Pu Q (2010) Weaknesses of sip authentication scheme for converged voip networks. IACR Cryptol ePrint Arch 2010:464

    Google Scholar 

  • Pub F (1995) Secure hash standard. Public Law 100:235

    Google Scholar 

  • Sarkar P (2010) A simple and generic construction of authenticated encryption with associated data. ACM Trans Inf Syst Secur (TISSEC) 13(4):33

    Article  Google Scholar 

  • Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. IJ Netw Secur 9(1):12–16

    Google Scholar 

  • Tu H, Kumar N, Chilamkurti N, Rho S (2015) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl 8(5):903–910

    Article  Google Scholar 

  • Wang D, He D, Wang P, Chu CH (2015a) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Dependable Secure Comput 12(4):428–442

    Article  Google Scholar 

  • Wang D, He D, Wang P, Chu CH (2015b) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Dependable Secure Comput 12(4):428–442

    Article  Google Scholar 

  • Wang D, Wang N, Wang P, Qing S (2015c) Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf Sci 321:162–178

    Article  MATH  Google Scholar 

  • Wu F, Xu L, Kumari S, Li X, Das AK, Khan MK, Karuppiah M, Baliyan R (2016) A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks. Secur Commun Netw 9(16):3527–3542

    Article  Google Scholar 

  • Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ecc. Comput Stand Interface 31(2):286–291

    Article  Google Scholar 

  • Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54

    Article  Google Scholar 

  • Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386

    Article  Google Scholar 

  • Yoon EJ, Yoo KY (2009) Cryptanalysis of ds-sip authentication scheme using ecdh. In: New Trends in Information and Service Science, 2009. NISS’09. International Conference on, IEEE, pp 642–647

  • Yoon EJ, Yoo KY, Kim C, Hong YS, Jo M, Chen HH (2010) A secure and efficient sip authentication scheme for converged voip networks. Comput Commun 33(14):1674–1681

    Article  Google Scholar 

  • Zhang L, Tang S, Cai Z (2014a) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702

    Google Scholar 

  • Zhang L, Tang S, Cai Z (2014b) Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications. IET Commun 8(1):83–91

    Article  Google Scholar 

  • Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong HY (2015) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 74(10):3477–3488

    Article  Google Scholar 

Download references

Acknowledgements

The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved the content and the presentation of this paper. This work is supported by the National Natural Science Foundation of China under Grant No. 61300220.

Author information

Authors and Affiliations

  1. Department of Mathematics, Ch. Charan Singh University, Meerut, Uttar Pradesh, 250 004, India

    Saru Kumari

  2. School of Computer Science and Engineering, VIT University, Vellore, Tamilnadu, 632 014, India

    Marimuthu Karuppiah

  3. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Ashok Kumar Das

  4. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411 201, China

    Xiong Li

  5. Department of Computer Science and Engineering, Xiamen Institute of Technology, Xiamen, 361 021, China

    Fan Wu

  6. Department of Computer Engineering, Netaji Subhas Institute of Technology, University of Delhi, Delhi, 110078, India

    Vidushi Gupta

Authors
  1. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marimuthu Karuppiah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Vidushi Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saru Kumari.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumari, S., Karuppiah, M., Das, A.K. et al. Design of a secure anonymity-preserving authentication scheme for session initiation protocol using elliptic curve cryptography. J Ambient Intell Human Comput 9, 643–653 (2018). https://doi.org/10.1007/s12652-017-0460-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-017-0460-1

Keywords

Search

Navigation