An anonymous and secure authentication and key agreement scheme for session initiation protocol

In 2014, Arshad and Nikooghadam proposed an authentication and key agreement scheme for SIP to conquer the existing defects in Irshad et al.’s scheme. They claimed that their scheme resists various security attacks and has low computation cost. We found that even though Arshad et al.’s scheme achieves high efficiency, their scheme is insecure against server spoofing attacks, denial of service attacks and privilege insider attacks. Furthermore, the password change phase of their scheme is complicated and their scheme cannot provide user anonymity. To overcome the weaknesses of Arshad et al.’s scheme, we proposed an anonymous and secure authentication and key agreement protocol for SIP. Compared with Arshad et al.’s scheme, our scheme not only withstands more security attacks, but also achieves user anonymity and high efficiency.

[1]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[2]  Morteza Nikooghadam,et al.  An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC , 2014, Multimedia Tools and Applications.

[3]  Athanasios V. Vasilakos,et al.  Joint Forensics-Scheduling Strategy for Delay-Sensitive Multimedia Applications over Heterogeneous Networks , 2011, IEEE Journal on Selected Areas in Communications.

[4]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[5]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[6]  Fengtong Wen A More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System , 2014, Journal of Medical Systems.

[7]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[8]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[9]  Wei-Kuan Shih,et al.  Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography , 2014, Comput. Stand. Interfaces.

[10]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[11]  Muhammad Sher,et al.  A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card , 2013, Multimedia Tools and Applications.

[12]  Xuefei Leng,et al.  Smart card applications and security , 2009, Inf. Secur. Tech. Rep..

[13]  Guomin Yang,et al.  A robust smart card-based anonymous user authentication protocol for wireless communications , 2014, Secur. Commun. Networks.

[14]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[15]  Qiaoyan Wen,et al.  An Improved Biometrics-Based Authentication Scheme for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[16]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[17]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .