Design of a secure anonymity-preserving authentication scheme for session initiation protocol using elliptic curve cryptography

The session initiation protocol (SIP) is a signaling protocol which is used to controlling communication in the Internet. It is also used for initiating, terminating and maintaining the sessions. A strong authentication scheme plays a pivotal role in safeguarding communications over the Internet. In order to ensure the secure communication, several authentication schemes have been proposed for SIP in the literature. Recently, Lu et al. proposed an authentication scheme for SIP-based communications and proved that their scheme can resist various network attacks. In this paper, we show that their scheme is susceptible to the user and server impersonation attacks. Also, their scheme fails to achieve user anonymity and mutual authentication. Hence, there is a need to propose a secure ECC-based authentication scheme with user anonymity for SIP to overcome the shortcomings of Lu et al.’s scheme. Security analysis shows that the proposed scheme is able to fix the flaws found in Lu et al.’s scheme. In addition to informal security discussions, we give formal security analysis of the proposed scheme under the generic group model of cryptography. Performance analysis also shows that the proposed scheme is suitable for SIP based communication.

[1]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[2]  Robert Simon Sherratt,et al.  Efficient biometric and password based mutual authentication for consumer USB mass storage devices , 2015, IEEE Transactions on Consumer Electronics.

[3]  Vanga Odelu,et al.  A secure effective key management scheme for dynamic access control in a large leaf class hierarchy , 2014, Inf. Sci..

[4]  Muhammad Khurram Khan,et al.  A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2016, Journal of Medical Systems.

[5]  Yuh-Min Tseng,et al.  An efficient dynamic group key agreement protocol for imbalanced wireless networks , 2010, Int. J. Netw. Manag..

[6]  Shehzad Ashraf Chaudhry Comment on 'Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications' , 2015, IET Commun..

[7]  Xiong Li,et al.  A Dynamic ID-Based Generic Framework for Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2017, Wirel. Pers. Commun..

[8]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[9]  Q. Pu Weaknesses of SIP Authentication Scheme for Converged VoIP Networks , 2010, IACR Cryptol. ePrint Arch..

[10]  Dongho Won,et al.  Off-Line Password-Guessing Attack to Yang's and Huang's Authentication Schemes for Session Initiation Protocol , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[11]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[12]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[13]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[14]  Marimuthu Karuppiah,et al.  Remote user authentication scheme using smart card: a review , 2016, Int. J. Internet Protoc. Technol..

[15]  Naveen K. Chilamkurti,et al.  A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography , 2014, Multimedia Tools and Applications.

[16]  Xiong Li,et al.  A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks , 2016, Secur. Commun. Networks.

[17]  Mohammad Sabzinejad Farash Security analysis and enhancements of an improved authentication for session initiation protocol with provable security , 2016, Peer Peer Netw. Appl..

[18]  Lixiang Li,et al.  A secure and efficient mutual authentication scheme for session initiation protocol , 2016, Peer Peer Netw. Appl..

[19]  Mihir Bellare,et al.  Lecture Notes on Cryptography , 2001 .

[20]  Muhammad Sher,et al.  A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card , 2013, Multimedia Tools and Applications.

[21]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[22]  Hui-Feng Huang A New Efficient Authentication Scheme for Session Initiation Protocol , 2006, JCIS.

[23]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[24]  Jianfeng Ma,et al.  Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy , 2016 .

[25]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[26]  Mahmoud Ahmadian-Attari,et al.  An Enhanced Authenticated Key Agreement for Session Initiation Protocol , 2013, Inf. Technol. Control..

[27]  Xiong Li,et al.  A secure lightweight authentication scheme with user anonymity for roaming service in ubiquitous networks , 2016, Secur. Commun. Networks.

[28]  Jianfeng Ma,et al.  An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks , 2014, Wirel. Pers. Commun..

[29]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[30]  Xiong Li,et al.  An enhanced and secure trust-extended authentication mechanism for vehicular ad-hoc networks , 2016, Secur. Commun. Networks.

[31]  Jianfeng Ma,et al.  A privacy preserving three-factor authentication protocol for e-Health clouds , 2016, The Journal of Supercomputing.

[32]  Muhammad Khurram Khan,et al.  An Improved Remote User Authentication Scheme Using Elliptic Curve Cryptography , 2017, Wirel. Pers. Commun..

[33]  Jianfeng Ma,et al.  Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al. , 2015, Int. J. Commun. Syst..

[34]  Hsiao-Hwa Chen,et al.  A secure and efficient SIP authentication scheme for converged VoIP networks , 2010, Comput. Commun..

[35]  Muhammad Khurram Khan,et al.  An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[36]  Yuanyuan Zhang,et al.  Robust Biometric-Based User Authentication Scheme for Wireless Sensor Networks , 2012, Ad Hoc Sens. Wirel. Networks.

[37]  Xiong Li,et al.  Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications , 2016, Journal of Medical Systems.

[38]  Naveen K. Chilamkurti,et al.  An improved authentication protocol for session initiation protocol using smart card , 2015, Peer Peer Netw. Appl..

[39]  Morteza Nikooghadam,et al.  An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC , 2014, Multimedia Tools and Applications.

[40]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[41]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[42]  Ashok Kumar Das,et al.  A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks , 2016, Peer-to-Peer Netw. Appl..

[43]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[44]  R. Saravanan,et al.  Cryptanalysis and an Improvement of New Remote Mutual Authentication Scheme using Smart Cards , 2015 .

[45]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[46]  Xiang Cao,et al.  Breaking a remote user authentication scheme for multi-server architecture , 2006, IEEE Communications Letters.

[47]  C. D. Jaidhar,et al.  Cryptanalysis of SIP secure and efficient authentication scheme , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[48]  Ashok Kumar Das,et al.  Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem , 2012, Inf. Sci..

[49]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[50]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.

[51]  Zhihua Cai,et al.  Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications , 2014, IET Commun..

[52]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[53]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[54]  Ping Wang,et al.  Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity , 2015, Inf. Sci..

[55]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[56]  Jianhua Chen,et al.  A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[57]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[58]  Eun-Jun Yoon,et al.  Cryptanalysis of DS-SIP Authentication Scheme Using ECDH , 2009, 2009 International Conference on New Trends in Information and Service Science.

[59]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[60]  R. Albrecht,et al.  Ein Verfahren zur Identifizierung von Zeichen, deren Wiedergabe stationären statischen Störungen unterworfen ist , 2005, Computing.

[61]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[62]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[63]  Muhammad Khurram Khan,et al.  A provably secure anonymous authentication scheme for Session Initiation Protocol , 2016, Secur. Commun. Networks.

[64]  Ashok Kumar Das,et al.  An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System , 2013, Journal of Medical Systems.

[65]  G. Troster,et al.  Woven active-matrix display , 2012, IEEE Transactions on Electron Devices.