Abstract
In medical emergencies, an instant and secure messaging is an important service to provide quality healthcare services. A session initiation protocol (SIP) is an IP-based multimedia and telephony communication protocol used to provide instant messaging services. Thus, design of secure and efficient SIP for quality medical services is an emerging problem. In this paper, we first explore the security limitations of the existing SIPs proposed by Sureshkumar et al. and Zhang et al. in the literature. Our analysis shows that most of the existing schemes fail to protect the user credentials when unexpectedly the session-specific ephemeral secrets revealed to an adversary by the session exposure attacks. We then present a possible improvement over Sureshkumar et al.’s scheme without increasing the computational cost. We compare the proposed improvement for computational overheads and security features with the various related existing schemes in the literature.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Hussain, A., Wenbi, R., da Silva, A.L., Nadher, M., Mudhish, M.: Health and emergency-care platform for the elderly and disabled people in the smart city. J. Syst. Softw. 110, 253–263 (2015)
Alesanco, A., García, J.: Clinical assessment of wireless ECG transmission in real-time cardiac telemonitoring. IEEE Trans. Inf. Technol. Biomed. 14(5), 1144–1152 (2010)
Thelen, S., Czaplik, M., Meisen, P., Schilberg, D., Jeschke, S.: Using off-the-shelf medical devices for biomedical signal monitoring in a telemedicine system for emergency medical services. In: Jeschke, S., Isenhardt, I., Hees, F., Henning, K. (eds.) Automation, Communication and Cybernetics in Science and Engineering 2015/2016, pp. 797–810. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-42620-4_61
Islam, S.K.H., Vijayakumar, P., Bhuiyan, M.Z.A., Amin, R., Balusamy, B., et al.: A provably secure three-factor session initiation protocol for multimedia big data communications. IEEE Internet Things J. 5(5), 3408–3418 (2017)
Goode, B.: Voice over internet protocol (VoIP). Proc. IEEE 90(9), 1495–1517 (2002)
Mishra, D., Das, A.K., Mukhopadhyay, S.: A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Netw. Appl. 9(1), 171–192 (2016)
Farash, M.S.: Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Network. Appl. 9(1), 82–91 (2016)
Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C., Gurle, D.: Session initiation protocol extension for instant messaging (2002)
Franks, J., et al.: Http authentication: Basic and digest access authentication. Technical report (1999)
Salsano, S., Veltri, L., Papalilo, D.: SIP security issues: the SIP authentication procedure and its processing load. IEEE Network 16(6), 38–44 (2002)
Keromytis, A.D.: A comprehensive survey of voice over IP security research. IEEE Commun. Surv. Tutor. 14(2), 514–537 (2012)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_28
Odelu, V., Das, A.K., Wazid, M., Conti, M.: Provably secure authenticated key agreement scheme for smart grid. IEEE Trans. Smart Grid 9(3), 1900–1910 (2016)
Odelu, V., Das, A.K., Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9), 1953–1966 (2015)
Stallings, W.: Cryptography and Network Security: Principles and Practices, 3/e edn. Prentice Hall, Cloth (2003)
Sarkar, P.: A simple and generic construction of authenticated encryption with associated data. ACM Trans. Inf. Syst. Secur. 13(4), 33 (2010)
Stinson, D.R.: Some observations on the theory of cryptographic hash functions. Des. Codes Cryptogr. 38(2), 259–277 (2006)
Yang, C.-C., Wang, R.-C., Liu, W.-T.: Secure authentication scheme for session initiation protocol. Comput. Secur. 24(5), 381–386 (2005)
Zhang, Z., Qi, Q., Kumar, N., Chilamkurti, N., Jeong, H.-Y.: A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimed. Tools Appl. 74(10), 3477–3488 (2015)
Yanrong, L., Li, L., Peng, H., Yang, Y.: A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Network. Appl. 9(2), 449–459 (2016)
Hang, T., Kumar, N., Chilamkurti, N., Rho, S.: An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Network. Appl. 8(5), 903–910 (2015)
Chaudhry, S.A., Naqvi, H., Sher, M., Farash, M.S., Hassan, M.U.: An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Network. Appl. 10(1), 1–15 (2017)
Lu, Y., Li, L., Peng, H., Yang, Y.: An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimed. Tools Appl. 76(2), 1801–1815 (2017)
Arshad, H., Nikooghadam, M.: An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed. Tools Appl. 75(1), 181–197 (2016)
Sureshkumar, V., Amin, R., Anitha, R.: A robust mutual authentication scheme for session initiation protocol with key establishment. Peer-to-Peer Network. Appl. 11(5), 900–916 (2018)
He, D., Kumar, N., Lee, J.-H., Sherratt, R.: Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 60(1), 30–37 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sourav, S., Odelu, V., Prasath, R. (2019). Enhanced Session Initiation Protocols for Emergency Healthcare Applications. In: Thampi, S., Madria, S., Wang, G., Rawat, D., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2018. Communications in Computer and Information Science, vol 969. Springer, Singapore. https://doi.org/10.1007/978-981-13-5826-5_21
Download citation
DOI: https://doi.org/10.1007/978-981-13-5826-5_21
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-5825-8
Online ISBN: 978-981-13-5826-5
eBook Packages: Computer ScienceComputer Science (R0)