Enhanced authentication protocol for session initiation protocol using smart card

Providing a security and efficiently key agreement for session initiation protocol SIP is so important to protect communication sessions on the internet. An authentication should be finished before a user utilises the SIP service provided by a server. However, there are some security problems with SIP authentication. Recently, Tu et al. improved Zhang et al.'s authenticated key agreement protocol. They also claimed that their protocol could be resistant to kinds of attacks. In our paper, we show that their protocol is susceptible to the server spoofing attack, user impersonation attack. We also proposed an enhanced protocol which can be more secure and flexible here.

[1]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[2]  Jing Liu,et al.  Improved privacy-preserving authentication scheme for roaming service in mobile networks , 2014, 2014 IEEE Wireless Communications and Networking Conference (WCNC).

[3]  Peng Wu,et al.  Secure password-based remote user authentication scheme with non-tamper resistant smart cards , 2012, IACR Cryptol. ePrint Arch..

[4]  Naveen K. Chilamkurti,et al.  An improved authentication protocol for session initiation protocol using smart card , 2015, Peer Peer Netw. Appl..

[5]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[6]  Hui-Feng Huang A New Efficient Authentication Scheme for Session Initiation Protocol , 2006, JCIS.

[7]  Hsiao-Hwa Chen,et al.  A secure and efficient SIP authentication scheme for converged VoIP networks , 2010, Comput. Commun..

[8]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[9]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[10]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[11]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[12]  C. D. Jaidhar,et al.  Cryptanalysis of SIP secure and efficient authentication scheme , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[13]  Yong-Nyuo Shin,et al.  Robust Mutual Authentication with a Key Agreement Scheme for the Session Initiation Protocol , 2010 .

[14]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[15]  Jianhua Chen,et al.  A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[16]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[17]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[18]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[19]  Neil Sigmon,et al.  Elliptic Curve Cryptography , 1999 .

[20]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[21]  Sourav Mukhopadhyay,et al.  A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card , 2014, Peer-to-Peer Networking and Applications.

[22]  Q. Pu Weaknesses of SIP Authentication Scheme for Converged VoIP Networks , 2010, IACR Cryptol. ePrint Arch..

[23]  Dongho Won,et al.  Off-Line Password-Guessing Attack to Yang's and Huang's Authentication Schemes for Session Initiation Protocol , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[24]  Mohammad Sabzinejad Farash Security analysis and enhancements of an improved authentication for session initiation protocol with provable security , 2016, Peer Peer Netw. Appl..

[25]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..