Single round-trip SIP authentication scheme with provable security for Voice over Internet Protocol using smart card

In recent years, Voice over Internet Protocol (VoIP) has gained more and more popularity as an application of the Internet technology. For various IP applications including VoIP, the topic of Session Initiation Protocol (SIP) has attracted major concern from researchers. SIP is an advanced signaling protocol operating on Internet Telephony. SIP uses digest authentication protocols such as Simple Mail Transport Protocol (SMTP) and Hyper Text Transport Protocol (HTTP). When a user seeks SIP services, authentication plays an important role in providing secure access to the server only to the authorized access seekers. Being an insecure-channel-based protocol, a SIP authentication protocol is susceptible to adversarial threats. Therefore, security is a big concern in SIP authentication mechanisms. This paper reveals the security vulnerabilities of two recently proposed SIP authentication schemes for VoIP, Irshad et al.’s scheme [Multimed. Tools. Appl. doi:10.1007/s11042-013-1807-z] and Arshad and Nikooghadam’s scheme [Multimed. Tools. Appl. DOI 10.1007/s11042-014-2282-x], the later scheme is based on the former scheme. Irshad et al.’s scheme suffers from password guessing, user impersonation and server spoofing attacks. Arshad and Nikooghadam’s scheme can be threatened with server spoofing and stolen verifier attack. None of these two schemes achieve mutual authentication. It also fails to follow the single round-trip authentication design of Irshad et al.’s scheme. To overcome these weaknesses, we propose a provable secure single round-trip SIP authentication scheme for VoIP using smart card. We formally prove the security of the scheme in random oracle and demonstrate through discussion its resistance to various attacks. The comparative analysis shows that the proposed SIP authentication scheme offers superior performance with a little extra computational cost.

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  David Pointcheval,et al.  Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication , 2005, Financial Cryptography.

[3]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[4]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[5]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[6]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[7]  Muhammad Sher,et al.  A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card , 2013, Multimedia Tools and Applications.

[8]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[9]  Jianhua Chen,et al.  A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[10]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[11]  Ismail Dalgic,et al.  Comparison of H.323 and SIP for IP telephony signaling , 1999, Optics East.

[12]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[13]  Hsiao-Hwa Chen,et al.  A secure and efficient SIP authentication scheme for converged VoIP networks , 2010, Comput. Commun..

[14]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[15]  Morteza Nikooghadam,et al.  An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC , 2014, Multimedia Tools and Applications.

[16]  Günter Schäfer,et al.  DENIAL OF SERVICE ATTACKS AND SIP INFRASTRUCTURE Attack Scenarios and Prevention Mechanisms , 2004 .

[17]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[18]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[19]  Xinsong Liu,et al.  Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol , 2012, Multimedia Tools and Applications.

[20]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[21]  Cheng-Chi Lee On Security of An Efficient Nonce-based Authentication Scheme for SIP , 2009, Int. J. Netw. Secur..

[22]  Lawrence C. Stewart,et al.  An Extension to HTTP : Digest Access Authentication , 1997, RFC.

[23]  Mahmoud Ahmadian-Attari,et al.  An Enhanced Authenticated Key Agreement for Session Initiation Protocol , 2013, Inf. Technol. Control..

[24]  Roberto Giorgi,et al.  A workload characterization of elliptic curve cryptography methods in embedded environments , 2004, SIGARCH Comput. Archit. News.

[25]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[26]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[27]  Jian Wang,et al.  Secure SIP authentication scheme supporting lawful interception , 2013, Secur. Commun. Networks.

[28]  Yong-Nyuo Shin,et al.  Robust Mutual Authentication with a Key Agreement Scheme for the Session Initiation Protocol , 2010 .

[29]  Wei-Kuan Shih,et al.  Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography , 2014, Comput. Stand. Interfaces.

[30]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[31]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[32]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[33]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[34]  Private Header (P-Header) Extensions to the Session Initiation Protocol (SIP) for the 3rd-Generation Partnership Project (3GPP) , 2003, RFC.

[35]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[36]  Costas Lambrinoudakis,et al.  Survey of security vulnerabilities in session initiation protocol , 2006, IEEE Communications Surveys & Tutorials.

[37]  Hartmut König,et al.  Cryptanalysis of a SIP Authentication Scheme , 2011, Communications and Multimedia Security.

[38]  Jinsung Cho,et al.  Cross-layer Optimized Vertical Handover Schemes between Mobile WiMAX and 3G Networks , 2008, KSII Trans. Internet Inf. Syst..

[39]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.