A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol

Session initiation protocol (SIP) is the most widely used application layer control protocol for creating, modifying, and terminating session processes. Many authentication schemes have been proposed for SIP aimed at providing secure communication. Recently, a new authentication and key agreement scheme for SIP has been proposed, and it was claimed that it could resist a variety of attacks. However, in this paper, we show that this scheme is vulnerable to an offline password guessing attack and a stolen memory device attack. Furthermore, we show that it lacks the verification mechanism for a wrong password, and that the password updating process is not efficient. To mitigate the flaws and inefficiencies of this scheme, we design a new robust mutual authentication with a key agreement scheme for SIP. A security analysis revealed that our proposed scheme was robust to several kinds of attacks. In addition, the proposed scheme was simulated by the automatic cryptographic protocol tool ProVerif. A performance analysis showed that our proposed scheme was superior to other related schemes.

[1]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[2]  Sherali Zeadally,et al.  Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment , 2017, Future Gener. Comput. Syst..

[3]  Chien-Ming Chen,et al.  On the Security of a Chaotic Maps-based Three-party Authenticated Key Agreement Protocol , 2016, J. Netw. Intell..

[4]  Muhammad Sher,et al.  An improved and provably secure privacy preserving authentication protocol for SIP , 2017, Peer-to-Peer Netw. Appl..

[5]  Ruhul Amin,et al.  An enhanced bilinear pairing based authenticated key agreement protocol for multiserver environment , 2017, Int. J. Commun. Syst..

[6]  Hao Lin,et al.  An anonymous and secure authentication and key agreement scheme for session initiation protocol , 2015, Multimedia Tools and Applications.

[7]  Sourav Mukhopadhyay,et al.  A Self-Verifiable Password Based Authentication Scheme for Multi-Server Architecture Using Smart Card , 2017, Wirel. Pers. Commun..

[8]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[9]  Jeng-Shyang Pan,et al.  A Provable Secure Private Data Delegation Scheme for Mountaineering Events in Emergency System , 2017, IEEE Access.

[10]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[11]  Chen Chien-Ming,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols(Regular Section) , 2002 .

[12]  Dariush Abbasinezhad-Mood,et al.  Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications , 2018, Future Gener. Comput. Syst..

[13]  Muhammad Sher,et al.  A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card , 2013, Multimedia Tools and Applications.

[14]  Jian Shen,et al.  An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment , 2017, J. Netw. Comput. Appl..

[15]  Chien-Ming Chen,et al.  A secure authentication scheme for Internet of Things , 2017, Pervasive Mob. Comput..

[16]  Yong-Nyuo Shin,et al.  Robust Mutual Authentication with a Key Agreement Scheme for the Session Initiation Protocol , 2010 .

[17]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[18]  Alfredo De Santis,et al.  Secure group communication schemes for dynamic heterogeneous distributed computing , 2017, Future Gener. Comput. Syst..

[19]  Morteza Nikooghadam,et al.  An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC , 2014, Multimedia Tools and Applications.

[20]  Xiong Li,et al.  An improved smart card based authentication scheme for session initiation protocol , 2017, Peer-to-Peer Netw. Appl..

[21]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[22]  Muhammad Khurram Khan,et al.  More secure smart card-based remote user password authentication scheme with user anonymity , 2014, Secur. Commun. Networks.

[23]  Dariush Abbasinezhad-Mood,et al.  Efficient Anonymous Password-Authenticated Key Exchange Protocol to Read Isolated Smart Meters by Utilization of Extended Chebyshev Chaotic Maps , 2018, IEEE Transactions on Industrial Informatics.

[24]  Xiong Li,et al.  A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps , 2016, Future Gener. Comput. Syst..

[25]  Xiong Li,et al.  A password based authentication scheme for wireless multimedia systems , 2017, Multimedia Tools and Applications.

[26]  Xiong Li,et al.  A robust biometrics based three-factor authentication scheme for Global Mobility Networks in smart city , 2017, Future Gener. Comput. Syst..

[27]  Chien-Ming Chen,et al.  An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks , 2018, Applied Sciences.