Security Improvement to an Authentication Scheme for Session Initiation Protocol

  • Youngsook Lee
  • Jeeyeon Kim
  • Junghyun Nam
  • Dongho Won
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 107)


Recently, Yoon et al. proposed authentication scheme suited for session initiation environments. Our analysis shows that Yoon et al.’s scheme does not achieve its fundamental goal of password security. We demonstrate this by mounting an undetectable on-line password guessing attack on Yoon et al.’s scheme. We then figure out how to eliminate the security vulnerabilities of Yoon et al.’s scheme and improved over their scheme.


Authentication scheme Session ignition Password Undetectable on-line password guessing attack Session key 


  1. 1.
    Veltri L, Salsano S, Papalilo D (2002) SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw 16(6):38–44CrossRefGoogle Scholar
  2. 2.
  3. 3.
    Franks J et al (1999) HTTP authentication: basic and digest access authentication. IETF RFC2617, June 1999Google Scholar
  4. 4.
    Handley M et al (1999) SIP: session initiation protocol. IETF RFC2543, March 1999Google Scholar
  5. 5.
    Thomas M (2001) SIP security requirements. IETF Internet Draft (draftthomas-sip-sec-reg-00.txt), Nov 2001 (work in progress)Google Scholar
  6. 6.
    Rosenberg J et al (2002) SIP: session initiation protocol. IETF RFC3261, June 2002Google Scholar
  7. 7.
    Arkko J et al (2002) Security mechanism agreement for SIP sessions. IETF Internet Draft (draft-ietf-sipsecagree-04.txt), June 2002Google Scholar
  8. 8.
    Yoon E-J, Yoo K-Y (2009) A new authentication scheme for session initiation protocol. International conference on complex, intelligent and software intensive system, pp 550–554Google Scholar
  9. 9.
    Ding Y, Horster P (1995) Undectectable on-line password guessing attacks. ACM SIGOPS Oper Syst Rev 29(4):77–86CrossRefGoogle Scholar
  10. 10.
    Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of ACM CCS 1993, pp 62–73Google Scholar
  11. 11.
    Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312–316Google Scholar
  12. 12.
    Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386CrossRefGoogle Scholar
  13. 13.
    Diffie W, Hellman M (1976) New directions in cryptology. IEEE Trans Inf Theory 22(6):644–654Google Scholar
  14. 14.
    Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. World Enformatika Soc Trans Eng Comput Technol 8:350–353Google Scholar
  15. 15.
    Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209MathSciNetMATHCrossRefGoogle Scholar
  16. 16.
    NIST (1999) Recommended elliptic curves for federal government use, July 1999Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2011

Authors and Affiliations

  • Youngsook Lee
    • 1
  • Jeeyeon Kim
    • 2
  • Junghyun Nam
    • 3
  • Dongho Won
    • 2
  1. 1.Department of Cyber Investigation PoliceHowon UniversityGunsan-siKorea
  2. 2.School of Information and Communication EngineeringSungkyunkwan UniversitySuwon-siKorea
  3. 3.Department of Computer ScienceKonkuk UniversityChungju-siKorea

Personalised recommendations