A Survey of SIP Authentication and Key Agreement Schemes

We present a survey of authentication and key agreement schemes that are proposed for the SIP protocol. SIP has become the center piece for most VoIP architectures. Performance and security of the authentication and key agreement schemes are two critical factors that affect the VoIP applications with large number of users. Therefore, we have identified, categorized and evaluated various SIP authentication and key agreement protocols according to their performance and security features. Although the performance is inversely proportional to the security features provided in general, we observed that there are successful schemes from both the performance and security viewpoint.

[1]  Eun-Jun Yoon,et al.  Cryptanalysis of DS-SIP Authentication Scheme Using ECDH , 2009, 2009 International Conference on New Trends in Information and Service Science.

[2]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[3]  Angelos D. Keromytis,et al.  A Comprehensive Survey of Voice over IP Security Research , 2012, IEEE Communications Surveys & Tutorials.

[4]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[5]  Costas Lambrinoudakis,et al.  Survey of security vulnerabilities in session initiation protocol , 2006, IEEE Communications Surveys & Tutorials.

[6]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[7]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[8]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[9]  M. Ahamad,et al.  A lightweight scheme for securely and reliably locating SIP users , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[10]  Jon Peterson,et al.  Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP) , 2006, RFC.

[11]  Costas Lambrinoudakis,et al.  A lightweight protection mechanism against signaling attacks in a SIP-based VoIP environment , 2007, Telecommun. Syst..

[12]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[13]  Abdullah Al Hasib,et al.  Towards Public Key Infrastructure less authentication in Session Initiation Protocol , 2010, ArXiv.

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[15]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[16]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[17]  Pauli Vesterinen User authentication in SIP , 2006 .

[18]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[19]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[20]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[21]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[22]  Harsh Kupwade Patil Identity based authentication in session initiation protocol , 2007 .

[23]  Kwangjo Kim,et al.  New Novel Approaches for Securing VoIP Applications , 2007 .

[24]  T. Yanik,et al.  Evaluating SIP proxy servers based on real performance data , 2008, 2008 International Symposium on Performance Evaluation of Computer and Telecommunication Systems.

[25]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[26]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[27]  V. Vaidehi,et al.  Authentication of Signaling in VoIP Applications , 2005, 2005 Asia-Pacific Conference on Communications.

[28]  Sean Turner,et al.  Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification , 2019, RFC.

[29]  Eun-Jun Yoon,et al.  A New Authentication Scheme for Session Initiation Protocol , 2009, 2009 International Conference on Complex, Intelligent and Software Intensive Systems.

[30]  Henning Schulzrinne,et al.  Issues and challenges in securing VoIP , 2009, Comput. Secur..

[31]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[32]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[33]  Patrick Traynor,et al.  Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks , 2010, USENIX Annual Technical Conference.

[34]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[35]  Cheng-Chi Lee On Security of An Efficient Nonce-based Authentication Scheme for SIP , 2009, Int. J. Netw. Secur..

[36]  Shuenn-Shyang Wang,et al.  A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves , 2010, Comput. Commun..

[37]  Raylin Tso,et al.  One-Way and Two-Party Authenticated ID-Based Key Agreement Protocols Using Pairing , 2005, MDAI.

[38]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[39]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[40]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[41]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[42]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[43]  Hsiao-Hwa Chen,et al.  A secure and efficient SIP authentication scheme for converged VoIP networks , 2010, Comput. Commun..

[44]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[45]  Ernest Foo,et al.  A new authentication mechanism and key agreement protocol for SIP using identity-based cryptography , 2006 .

[46]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[47]  Dongho Won,et al.  Off-Line Password-Guessing Attack to Yang's and Huang's Authentication Schemes for Session Initiation Protocol , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[48]  Taekyoung Kwon,et al.  Authentication and Key Agreement Via Memorable Passwords , 2001, NDSS.

[49]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[50]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[51]  Tugrul Yanik,et al.  Performance evaluation of ID based authentication methods in the SIP protocol , 2009, 2009 International Conference on Application of Information and Communication Technologies.

[52]  Souhwan Jung,et al.  A lightweight authentication and hop-by-hop security mechanism for SIP network , 2008, 2008 International Conference on Advanced Technologies for Communications.

[53]  Rasool Jalili,et al.  A Robust and Efficient SIP Authentication Scheme , 2008 .

[54]  Siu-Ming Yiu,et al.  Signcryption in Hierarchical Identity Based Cryptosystem , 2005, SEC.

[55]  Liang Ni,et al.  A Pairing-Free Identity-Based Authenticated Key Agreement Mechanism for SIP , 2011, 2011 International Conference on Network Computing and Information Security.

[56]  Ben Lynn,et al.  Authenticated Identity-Based Encryption , 2002, IACR Cryptol. ePrint Arch..

[57]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[58]  Kwangjo Kim,et al.  Design of Secure VoIP using ID-Based Cryptosystem , 2008 .

[59]  Hui-Feng Huang A New Efficient Authentication Scheme for Session Initiation Protocol , 2006, JCIS.

[60]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[61]  Yuqing Zhang,et al.  A New Provably Secure Authentication and Key Agreement Mechanism for SIP Using Certificateless Public-Key Cryptography , 2007, 2007 International Conference on Computational Intelligence and Security (CIS 2007).

[62]  C. Partridge,et al.  Innovations in Internetworking , 1988 .

[63]  Thomas Magedanz,et al.  Survey of network security systems to counter SIP-based denial-of-service attacks , 2010, Comput. Secur..

[64]  Yong-Nyuo Shin,et al.  Robust Mutual Authentication with a Key Agreement Scheme for the Session Initiation Protocol , 2010 .

[65]  Cui Tao,et al.  A lightweight authentication scheme for Session Initiation Protocol , 2008, 2008 International Conference on Communications, Circuits and Systems.

[66]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[67]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[68]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[69]  Costas Lambrinoudakis,et al.  An ontology-based policy for deploying secure SIP-based VoIP services , 2008, Comput. Secur..

[70]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.