Skip to main content
SpringerLink
Log in

An improved and provably secure privacy preserving authentication protocol for SIP

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarantee secure SIP based communication, a number of authentication schemes are proposed, typically most of these are based on smart card due to its temper resistance property. Recently Zhang et al. presented an authenticated key agreement scheme for SIP based on elliptic curve cryptography. However Tu et al. (Peer to Peer Netw. Appl 1–8, 2014) finds their scheme to be insecure against user impersonation attack, furthermore they presented an improved scheme and claimed it to be secure against all known attacks. Very recently Farash (Peer to Peer Netw. Appl 1–10, 2014) points out that Tu et al.’s scheme is vulnerable to server impersonation attack, Farash also proposed an improvement on Tu et al.’s scheme. However, our analysis in this paper shows that Tu et al.’s scheme is insecure against server impersonation attack. Further both Tu et al.’s scheme and Farash’s improvement do not protect user’s privacy and are vulnerable to replay and denial of services attacks. In order to cope with these limitations, we have proposed a privacy preserving improved authentication scheme based on ECC. The proposed scheme provides mutual authentication as well as resists all known attacks as mentioned by Tu et al. and Farash.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Abadi M, Blanchet B, Comon-Lundh H (2009) Models and proofs of protocol security: A progress report. In: Computer aided verification. Springer, pp 35–49

  2. Abi-Char PE, Mhamed A, El-Hassan B (2007) A fast and secure elliptic curve based authenticated key agreement protocol for low power mobile communications. In: The 2007 international conference on Next generation mobile applications, services and technologies, 2007. NGMAST’07. IEEE, pp 235–240

  3. Abi-Char PE, Mhamed A, El-Hassan B (2007) A secure authenticated key agreement protocol based on elliptic curve cryptography. In: 3rd international symposium on information assurance and security, 2007. IAS 2007. IEEE, pp 89–94

  4. ul Amin N, Asad M, Din N, Ashraf Ch S (2012) An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. In: 9th IEEE international conference on networking, sensing and control (ICNSC), 2012 . IEEE, pp 118–121

  5. Amin R, Biswas G (2015) An improved rsa based user authentication and session key agreement protocol usable in tmis. J Med Syst 39(8):1–14

    Google Scholar 

  6. Amin R, Biswas G (2015) A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J Med Syst 39(8):1–19

    Google Scholar 

  7. Amin R, Biswas G (2015) A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J Med Syst 39(3):1–17

    Article  Google Scholar 

  8. Arshad H, Nikooghadam M (2014) An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc. Multimedia Tools and Applications:1–17. doi:10.1007/s11042-014-2282-x

  9. Bala S, Sharma G, Verma AK (2013) An improved forward secure elliptic curve signcryption key management scheme for wireless sensor networks. In: IT convergence and security 2012. Springer, pp 141–149

  10. Bellare M, Rogaway P (1994) Entity authentication and key distribution. In: Advances in Cryptology, CRYPTO 93. Springer, pp 232–249

  11. Bellare M, Rogaway P (1995) Provably secure session key distribution: the three party case. In: Proceedings of the twenty-seventh annual ACM symposium on Theory of computing. ACM, pp 57–66

  12. Chang CC, Wu TC (1991) Remote password authentication with smart cards. IEEE Proceedings Computers and Digital Techniques 138(3):165–168

    Article  Google Scholar 

  13. Chaudhry SA (2015) Comment on ‘robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications’. IET Commun 9 (1):1034–1034(1). 10.1049/iet-com.2014.1082

    Article  Google Scholar 

  14. Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks:1–13. doi:10.1002/sec.1299

  15. Chaudhry SA, Farash MS, Naqvi H, Sher M (2015) A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron Commer Res:1–27. doi:10.1007/s10660-015-9192-5

  16. Chaudhry SA, Naqvi H, Shon T, Sher M, Farash M (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6):66. 10.1007/s10916-015-0244-0

    Article  Google Scholar 

  17. Chou CH, Tsai KY, Lu CF (2013) Two id-based authenticated schemes with key agreement for mobile environments. J Supercomput 66(2):973–988

    Article  Google Scholar 

  18. Chuang MC, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications 41(4):1411–1418

    Article  Google Scholar 

  19. Debiao H, Jianhua C, Jin H (2012) An id-based client authentication with key agreement protocol for mobile client–server environment on ecc with provable security. Information Fusion 13(3):223–230

    Article  Google Scholar 

  20. Farash M (2014) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw Appl:1–10. doi:10.1007/s12083-014-0315-x

  21. Farash MS (2014) An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int J Commun Syst. 10.1002/dac.2879

    Google Scholar 

  22. Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J Supercomput 69(1):395–411. 10.1007/s11227-014-1170-5

    Article  Google Scholar 

  23. Farash MS, Chaudhry SA, Heydari M, Sadough SMS, Kumari S, Khan MK (2015) A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int J Commun Syst. 10.1002/dac.3019

    Google Scholar 

  24. Harn L, Lin HY (2001) Authenticated key agreement without using one-way hash functions. Electron Lett 37(10):629–630

    Article  Google Scholar 

  25. Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ashraf Ch SA (2014) A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme. Security and Communication Networks 7(8):1210–1218. 10.1002/sec.834

    Article  Google Scholar 

  26. Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2015) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications 74 (11):1–18. 10.1007/s11042-013-1807-z

    Article  Google Scholar 

  27. Islam S, Biswas G (2011) A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84(11):1892–1898

    Article  Google Scholar 

  28. Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. Int J Commun Syst 28(7):1340–1351

    Article  Google Scholar 

  29. Kilinc H, Yanik T (2014) A survey of sip authentication and key agreement schemes. IEEE Commun Surv Tutorials 16(2):1005–1023. 10.1109/SURV.2013.091513.00050

    Article  Google Scholar 

  30. Liao YP, Wang SS (2010) A new secure password authenticated key agreement scheme for sip using self-certified public keys on elliptic curves. Comput Commun 33(3):372–380

    Article  Google Scholar 

  31. Mehmood Z, Nizamuddin N, Ch S, Nasar W, Ghani A (2012) An efficient key agreement with rekeying for secured body sensor networks. In: Second International Conference on digital information processing and communications (ICDIPC), 2012. IEEE, pp 164–167

  32. Nicanfar H, Leung VC (2013) Multilayer consensus ecc-based password authenticated key-exchange (mcepak) protocol for smart grid system. IEEE Trans Smart Grid 4(1):253–264

    Article  Google Scholar 

  33. Ryu EK, Yoon EJ, Yoo KY (2004) An efficient id-based authenticated key agreement protocol from pairings. In: Networking technologies, services, and protocols; performance of computer and communication networks; mobile and wireless communications networking 2004. Springer, pp 1458– 1463

  34. Sharma G, Bala S, Verma AK (2013) Extending certificateless authentication for wireless sensor networks: A novel insight. International Journal of Computer Science Issues (IJCSI) 10(6)

  35. Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl:1–8. doi:10.1007/s12083-014-0248-4

  36. William S, Stallings W (2006) Cryptography and network security, 4/E. Pearson education india

  37. Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25 (1):47–54

    Article  Google Scholar 

  38. Xie Q, Hu B, Dong N, Wong DS (2014) Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PloS one 9(7):e102,747

    Article  Google Scholar 

  39. Xu X, Zhu P, Wen Q, Jin Z, Zhang H, He L (2014) A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J Med Syst 38(1):1–7

    Article  Google Scholar 

  40. Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702

    Google Scholar 

  41. Zhang L, Tang S, Cai Z (2014) Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards. Security and Communication Networks 7(12):2405–2411. 10.1002/sec.951

    Article  Google Scholar 

  42. Zhao Z (2014) An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J Med Syst 38(2):1–7

    Article  Google Scholar 

Download references

Acknowledgments

Authors are thankful to the anonymous reviewers and the editor Prof. Zhenfu Cao for their valuable recommendations to improve the quality, correctness, presentation and readability of the manuscript.

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Shehzad Ashraf Chaudhry, Husnain Naqvi, Muhammad Sher & Mahmood Ul Hassan

  2. Department of Mathematics and Computer Sciences Kharazmi University, Tehran, Iran

    Mohammad Sabzinejad Farash

Authors
  1. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Husnain Naqvi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Sher
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohammad Sabzinejad Farash
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mahmood Ul Hassan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shehzad Ashraf Chaudhry.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chaudhry, S.A., Naqvi, H., Sher, M. et al. An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Netw. Appl. 10, 1–15 (2017). https://doi.org/10.1007/s12083-015-0400-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-015-0400-9

Keywords

Search

Navigation