Provably secure three-factor authentication and key agreement scheme for session initiation protocol

Session initiation protocol (SIP) is a widely used authentication protocol for the Voice over IP communications. Over the years, several protocols have been proposed in the literature to strengthen the security of SIP. In this paper, we present an efficient elliptic curve cryptography (ECC)-based provably secure three-factor authentication and session key agreement scheme for SIP, which uses the identity, password, and personal biometrics of a user as three factors. Our scheme aims to resolve the security weaknesses and drawbacks in existing SIP authentication protocols. In addition, our scheme supports password and biometric update phase without involving the server and the user mobile device revocation phase in case the mobile device is lost/stolen. Formal security analysis under the standard model and the broadly accepted Burrows–Abadi–Needham logic ensures that the proposed scheme can withstand several known security attacks. The proposed scheme has also been analyzed informally. Simulation for formal security verification using the widely known automated validation of internet security protocols and applications tool shows the replay, and the man-in-the-middle attacks are protected by the scheme. High security and low communication and computation costs make the proposed scheme more suitable for practical application as compared with other existing related ECC-based schemes. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[2]  Q. Pu Weaknesses of SIP Authentication Scheme for Converged VoIP Networks , 2010, IACR Cryptol. ePrint Arch..

[3]  Hsiao-Hwa Chen,et al.  A secure and efficient SIP authentication scheme for converged VoIP networks , 2010, Comput. Commun..

[4]  Eun-Jun Yoon,et al.  Cryptanalysis of DS-SIP Authentication Scheme Using ECDH , 2009, 2009 International Conference on New Trends in Information and Service Science.

[5]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[6]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[7]  Shehzad Ashraf Chaudhry Comment on 'Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications' , 2015, IET Commun..

[8]  Morteza Nikooghadam,et al.  An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC , 2014, Multimedia Tools and Applications.

[9]  B. B. Zaidan,et al.  An Enhanced Security Solution for Electronic Medical Records Based on AES Hybrid Technique with SOAP/XML and SHA-1 , 2013, Journal of Medical Systems.

[10]  Muhammad Khurram Khan,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015, Secur. Commun. Networks.

[11]  Vanga Odelu,et al.  An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smart cards , 2015, Secur. Commun. Networks.

[12]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[13]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[14]  C. D. Jaidhar,et al.  Cryptanalysis of SIP secure and efficient authentication scheme , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[15]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[16]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[17]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[18]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[19]  Naveen K. Chilamkurti,et al.  A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography , 2014, Multimedia Tools and Applications.

[20]  Zhihua Cai,et al.  Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications , 2014, IET Commun..

[21]  Jianhua Chen,et al.  A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[22]  Muhammad Sher,et al.  An improved and provably secure privacy preserving authentication protocol for SIP , 2017, Peer-to-Peer Netw. Appl..

[23]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[24]  Tian-Fu Lee,et al.  Provably Secure Anonymous Single-Sign-On Authentication Mechanisms Using Extended Chebyshev Chaotic Maps for Distributed Computer Networks , 2018, IEEE Systems Journal.

[25]  Paul E. Baclace Competitive agents for information filtering , 1992, CACM.

[26]  Mahmoud Ahmadian-Attari,et al.  An Enhanced Authenticated Key Agreement for Session Initiation Protocol , 2013, Inf. Technol. Control..

[27]  Hui-Feng Huang A New Efficient Authentication Scheme for Session Initiation Protocol , 2006, JCIS.

[28]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[29]  Nipun Bansal,et al.  Peer to Peer Networking and Applications , 2013 .

[30]  Wei-Kuan Shih,et al.  Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography , 2014, Comput. Stand. Interfaces.

[31]  Morteza Nikooghadam,et al.  Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol , 2015, The Journal of Supercomputing.

[32]  Xiong Li,et al.  Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS , 2016, Secur. Commun. Networks.

[33]  David von Oheimb The High-Level Protocol Specification Language HLPSL developed in the EU project AVISPA , 2005 .

[34]  Dheerendra Mishra Design of a password-based authenticated key exchange protocol for SIP , 2015, Multimedia Tools and Applications.

[35]  Dongho Won,et al.  Off-Line Password-Guessing Attack to Yang's and Huang's Authentication Schemes for Session Initiation Protocol , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[36]  Jianfeng Ma,et al.  A privacy preserving three-factor authentication protocol for e-Health clouds , 2016, The Journal of Supercomputing.

[37]  Mohammad Sabzinejad Farash Security analysis and enhancements of an improved authentication for session initiation protocol with provable security , 2016, Peer Peer Netw. Appl..

[38]  Yuanyuan Zhang,et al.  Robust Biometric-Based User Authentication Scheme for Wireless Sensor Networks , 2012, Ad Hoc Sens. Wirel. Networks.

[39]  Jianfeng Ma,et al.  Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy , 2016 .

[40]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[41]  Jianfeng Ma,et al.  An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks , 2014, Wireless Personal Communications.

[42]  Muhammad Khurram Khan,et al.  A Provably Secure RFID Authentication Protocol Based on Elliptic Curve for Healthcare Environments , 2016, Journal of Medical Systems.

[43]  Ashok Kumar Das,et al.  A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks , 2016, Peer-to-Peer Netw. Appl..

[44]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[45]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[46]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[47]  R. Albrecht,et al.  Ein Verfahren zur Identifizierung von Zeichen, deren Wiedergabe stationären statischen Störungen unterworfen ist , 2005, Computing.

[48]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[49]  Jianfeng Ma,et al.  Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al. , 2015, Int. J. Commun. Syst..

[50]  Vanga Odelu,et al.  SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms , 2016, IEEE Transactions on Consumer Electronics.

[51]  Ashok Kumar Das,et al.  A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks , 2015, Ad Hoc Sens. Wirel. Networks.

[52]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[53]  Morteza Nikooghadam,et al.  Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[54]  Morteza Nikooghadam,et al.  A Secure Biometrics Based Authentication with Key Agreement Scheme in Telemedicine Networks for E-Health Services , 2015, Wirel. Pers. Commun..

[55]  Naveen K. Chilamkurti,et al.  An improved authentication protocol for session initiation protocol using smart card , 2015, Peer Peer Netw. Appl..

[56]  Lixiang Li,et al.  A secure and efficient mutual authentication scheme for session initiation protocol , 2016, Peer Peer Netw. Appl..

[57]  Muhammad Sher,et al.  A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card , 2013, Multimedia Tools and Applications.

[58]  Muhammad Khurram Khan,et al.  A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2016, Journal of Medical Systems.

[59]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[60]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..