Abstract
The session initiation protocol (SIP) is a powerful and superior signaling protocol for the voice over internet protocol (VoIP). Authentication is an important security requirement for SIP. Hitherto, many authentication schemes have been proposed to enhance the security of SIP. Recently, Irshad et al. proposed an improved authentication scheme concerning SIP, in which they claimed that their scheme is secure against various security attacks. However, in this paper, we conclude that Irshad et al.’s scheme is vulnerable to user impersonation attacks. Furthermore, a novel authentication and key agreement scheme is proposed for SIP using elliptic curve cryptosystem (ECC). Security and performance analyses demonstrate that the proposed scheme is secure against security attacks of various types and has low computation cost compared to previously proposed schemes.
Similar content being viewed by others
References
Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178
Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. World Enformatika Soc Trans Eng Comput Technol 8:350–353
Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inform Technol Control 42(4):333–342
Frank M, Biedert R, Ma E, Martinovic I, Song D (2013) Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans Inf Forensic Secur 8(1):136–148
Franks J, Hallam-Baker PM, Hostetler JL, Lawrence SD, Leach PJ, Luotonen A, Stewart LC (1999) HTTP authentication: basic and digest access authentication. IETF RFC 2617
Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S, Ehlert S, Sisalem D (2006) Survey of security vulnerabilities in session initial protocol. IEEE Commun Surv Tutor 8(3):68–81
Hankerson D, Menezes A, Vanstone S (2004) Guide to elliptic curve cryptography. Springer, New York
Harn L (2013) Group authentication. IEEE Trans Comput 62(9):1893–1898
He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429
He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf Fusion 13(3):223–230
Irshad A, Sher M, Rehman E, Ashraf Ch S, Hassan MU, Ghani A (2013) A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card. Multimed Tools Appl. doi:10.1007/s11042-013-1807-z
Irshad A, Sher M, Faisal MS, Ghani A, Hassan MU, Ashraf Ch S (2014) A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur Commun Netw 7:1210–1218
Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. Int J Commun Syst. doi:10.1002/dac.2767
Kilinc HH, Yanik T (2014) A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutor 16(2):1005–1023
Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Des Code Crypt 19:173–193
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Advances in Cryptology, CRYPTO’991999; 1666:788–797
Ku WC, Chen CM, Lee HL (2003) Cryptanalysis of a variant of Peyravian-Zunic’s password authentication scheme. IEICE Trans Commun E86-B(5):1682–1684
Li X, Zhang Y, Zhang G (2013) A new certificateless authenticated key agreement protocol for SIP with different KGCs. Secur Commun Netw 6:631–643
Liu FW, Koenig H (2011) Cryptanalysis of a SIP authentication scheme. In: 12th IFIP TC6/TC11 International Conference, CMS 2011, Ghent, Belgium, pp 134–143
Liu H, Ning H (2011) Zero-knowledge authentication protocol based on alternative mode in RFID systems. IEEE Sensors J 11(12):3235–3245
Lynn B. Pairing-based cryptography library, available at http://crypto.stanford.edu/pbc/
Ma CG, Wang D, Zhao SD (2012) Security flaws in two improved remote user authentication schemes using smart cards. Int J Commun Syst. doi:10.1002/dac.2468
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Nikooghadam M, Zakerolhosseini A (2012) Secure communication of medical information using mobile agents. J Med Syst 36(6):3839–3850
Nikooghadam M, Zakerolhosseini A, Moghaddam ME (2010) Efficient utilization of elliptic curve cryptosystem for hierarchical access control. J Syst Softw 83(10):1917–1929
Pu Q, Wang J, Wu S (2013) Secure SIP authentication scheme supporting lawful interception. Secur Commun Netw 6:340–350
Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R (2002) SIP: session initiation protocol. IETF RFC3261
Salsano S, Veltri L, Papalilo D (2002) SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw 16:38–44
Sisalem D, Kuthan J, Ehlert S (2006) Denial of service attacks targeting a Sip VoIP infrastructure: stack scenarios and prevention mechanisms. IEEE Netw 20(5):26–31
Sisalem D, Floroiu J, Kuthan J, Abend U, Schulzrinne H (2009) SIP security. Wiley, Chichester
Stallings W (2005) Cryptography and network security: principles and practice, 4th edn. Prentice Hall, Upper Saddle River
Tang H, Liu X (2013) Cryptanalysis of Arshad et al’.s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 65(3):321–333
Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312–316
Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl. doi:10.1007/s12083-014-0248-4
Vanstone SA (1997) Elliptic curve cryptosystem-the answer to strong, fast public-key cryptography for securing constrained environments. Inf Secur Tech Rep 12:78–87
Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Stand Interfaces 31(2):286–291
Wu S, Pu Q, Kang F (2013) Practical authentication scheme for SIP. Peer-to-Peer Netw Appl 6(1):61–74
Wu K, Gong P, Wang J, Yan X, Li P (2013) An improved authentication protocol for session initiation protocol using smart card and elliptic curve cryptography. Rom J Inf Sci Technol 16(4):324–335
Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54
Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386
Yoon EJ, Yoo KY (2009) Cryptanalysis of DS-SIP authentication scheme using ECDH. In: 2009 International Conference on New Trends in Information and Service Science 642–647
Yoon EJ, Yoo KY, Kim C, Hong Y, Jo M, Chen H (2010) A secure and efficient SIP authentication scheme for converged VoIP networks. Comput Commun 33(14):1674–1681
Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst. doi:10.1002/dac.2499
Zhang L, Tang S, Cai Z (2014) Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards. Secur Commun Netw. doi:10.1002/sec.951
Zhou L, Chao H-C, Vasilakos AV (2011) Joint forensics-scheduling strategy for delay-sensitive multimedia applications over heterogeneous networks. IEEE J Sel Areas Commun 29(7):1358–1367
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Arshad, H., Nikooghadam, M. An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed Tools Appl 75, 181–197 (2016). https://doi.org/10.1007/s11042-014-2282-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-014-2282-x