Cryptanalysis and Improvement of a User Authentication Scheme for SIP
Recently, Lu et al. discussed a user authentication scheme for session initiation protocol(SIP) using elliptic curve cryptography (ECC). In this paper, we cryptanalyze this scheme and find that it is not resistant to the insider attack besides user anonymity. We improve this scheme by overcoming its weaknesses. We show using the Burrows-Abadi-Needham (BAN) logic that our scheme offers mutual authentication. We examine the security of our scheme informally to show that it is secured against various known attacks. Our scheme is more secured than the other related schemes (Lu et al., Inf Techno Control 45(4):393–400, 2016; Arshad and Ikram, Multimed Tools Appl 66(2):165–178, 2013; Kumari et al., Peer-to-Peer Netw Appl 10(1):92–105, 2017; Chaudhry et al., Peer-to-Peer Netw Appl 10(1):1–15, 2017).
KeywordsAuthentication user anonymity insider attack session initiation protocol elliptic curve cryptography
- 6.A. Durlanik, I. Sogukpinar, SIP authentication scheme using ECDH. Screen 137, 3367 (2005)Google Scholar
- 11.Y. Lu, L. Li, H. Peng, Y. Yang, An advanced elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Inf. Technol. Control 45(4), 393–400 (2016)Google Scholar
- 13.J.L. Tsai, Efficient nonce-based authentication scheme for session initiation protocol. IJ Netw. Secur. 9(1), 12–16 (2009)Google Scholar
- 17.E.J. Yoon, K.Y. Yoo, Cryptanalysis of DS-SIP authentication scheme using ECDH, in 3rd International Conference on New Trends in Information and Service Science (IEEE, 2009), pp. 642–647Google Scholar