An advanced elliptic curve cryptography based mutual authentication scheme for session initiation protocol

Session Initiation Protocol (SIP) as the controlling protocol hasattracted much attention. SIP is one of the most widely used forsecuring and controlling communication over the Internet. Recently,Arshad et al. proposed an enhanced mutual authentication scheme forSIP based on Tasi's scheme. In this paper, we focus on the securityweaknesses in the Arshad et al.'s SIP authenticated scheme withElliptic Curve Cryptography. We found that the enhanced schemeproposed by Arshad et al. is insecure against internal andmasquerade attacks while it does not provide anonymity and updatepassword phase. We then propose an advanced scheme to remedy theflaws and maintain benefits of the original scheme at the cost of increasing thecomputation costs slightly. Through a carefully securityanalysis and BAN logic analysis of our scheme, we show that ourscheme is more secure than other related schemes. DOI: http://dx.doi.org/10.5755/j01.itc.45.4.13401

[1]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002, IEEE Netw..

[2]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[3]  Xiong Li,et al.  An improved smart card based authentication scheme for session initiation protocol , 2017, Peer-to-Peer Netw. Appl..

[4]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Scott A. Vanstone,et al.  Elliptic curve cryptosystem - The answer to strong, fast public-key cryptography for securing constrained environments , 1997, Inf. Secur. Tech. Rep..

[7]  Jia-Lun Tsai,et al.  Novel Anonymous Authentication Scheme Using Smart Cards , 2013, IEEE Transactions on Industrial Informatics.

[8]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[9]  Muhammad Khurram Khan,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015, Secur. Commun. Networks.

[10]  Wei-Kuan Shih,et al.  Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography , 2014, Comput. Stand. Interfaces.

[11]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[12]  Jari Arkko,et al.  Security Mechanism Agreement for SIP Sessions , 2003 .

[13]  Naveen K. Chilamkurti,et al.  An improved authentication protocol for session initiation protocol using smart card , 2015, Peer Peer Netw. Appl..

[14]  M. Ahamad,et al.  A lightweight scheme for securely and reliably locating SIP users , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[15]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.

[16]  Zhihua Cai,et al.  Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications , 2014, IET Commun..

[17]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[18]  Muhammad Sher,et al.  An improved and provably secure privacy preserving authentication protocol for SIP , 2017, Peer-to-Peer Netw. Appl..

[19]  Mohammad Heydari,et al.  An Efficient Password-Based Authenticated Key Exchange Protocol with Provable Security for Mobile Client–Client Networks , 2016, Wirel. Pers. Commun..

[20]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[21]  SK Hafizul Islam,et al.  A Robust and Efficient Privacy Aware Handover Authentication Scheme for Wireless Networks , 2017, Wirel. Pers. Commun..

[22]  Eun-Jun Yoon,et al.  Cryptanalysis of DS-SIP Authentication Scheme Using ECDH , 2009, 2009 International Conference on New Trends in Information and Service Science.

[23]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[24]  Ernest Foo,et al.  A new authentication mechanism and key agreement protocol for SIP using identity-based cryptography , 2006 .