An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards

SUMMARY Recently, Zhang et al. proposed a password-based authenticated key agreement for session initiation protocol (Int J Commun Syst 2013, doi:10.1002/dac.2499). They claimed that their protocol is secure against known security attacks. However, in this paper, we indicate that the protocol by Zhang et al. is vulnerable to impersonation attack whereby an active adversary without knowing the user's password is able to introduce himself/herself as the user. In addition, we show that the protocol by Zhang et al. suffers from password changing attack. To overcome the weaknesses, we propose an improved authentication scheme for session initiation protocol. The rigorous analysis shows that our scheme achieves more security than the scheme by Zhang et al. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Mahmoud Ahmadian-Attari,et al.  A Pairing-free ID-based Key Agreement Protocol with Different PKGs , 2014, Int. J. Netw. Secur..

[2]  Mahmoud Ahmadian-Attari,et al.  An Enhanced Authenticated Key Agreement for Session Initiation Protocol , 2013, Inf. Technol. Control..

[3]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[4]  Shuenn-Shyang Wang,et al.  A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves , 2010, Comput. Commun..

[5]  Mahmoud Ahmadian Attari,et al.  A Certificate less Multiple-key Agreement Protocol without Hash Functions Based on Bilinear Pairings , 2012 .

[6]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[7]  Wei-Kuo Chiang,et al.  Mobile-initiated network-executed SIP-based handover in IMS over heterogeneous accesses , 2010, Int. J. Commun. Syst..

[8]  Hui-Feng Huang A New Efficient Authentication Scheme for Session Initiation Protocol , 2006, JCIS.

[9]  Yuqing Zhang,et al.  A New Provably Secure Authentication and Key Agreement Mechanism for SIP Using Certificateless Public-Key Cryptography , 2007, 2007 International Conference on Computational Intelligence and Security (CIS 2007).

[10]  Mohammad Sabzinejad Farash,et al.  An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps , 2014, Nonlinear Dynamics.

[11]  Mohammad Sabzinejad Farash,et al.  Cryptanalysis and improvement of a chaotic map-based key agreement protocol using Chebyshev sequence membership testing , 2014, Nonlinear Dynamics.

[12]  Yanghee Choi,et al.  An extensible and ubiquitous RFID management framework over next-generation network , 2010, Int. J. Commun. Syst..

[13]  Mohammad Bagher Ghaznavi-Ghoushchi,et al.  Proposed secureSIP Authentication Scheme based on Elliptic Curve Cryptography , 2012 .

[14]  Mahmoud Ahmadian-Attari,et al.  Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC , 2013, ISC Int. J. Inf. Secur..

[15]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[16]  Costas Lambrinoudakis,et al.  Survey of security vulnerabilities in session initiation protocol , 2006, IEEE Communications Surveys & Tutorials.

[17]  Ren-Hung Hwang,et al.  Seamless session mobility scheme in heterogeneous wireless networks , 2011, Int. J. Commun. Syst..

[18]  Hsiao-Hwa Chen,et al.  A secure and efficient SIP authentication scheme for converged VoIP networks , 2010, Comput. Commun..

[19]  Jianfeng Ma,et al.  Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al. , 2015, Int. J. Commun. Syst..

[20]  Miguel Garcia,et al.  A QoE management system to improve the IPTV network , 2011, Int. J. Commun. Syst..

[21]  Costas Lambrinoudakis,et al.  A lightweight protection mechanism against signaling attacks in a SIP-based VoIP environment , 2007, Telecommun. Syst..

[22]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[23]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[24]  Yong-Nyuo Shin,et al.  Robust Mutual Authentication with a Key Agreement Scheme for the Session Initiation Protocol , 2010 .

[25]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[26]  Hartmut König,et al.  Cryptanalysis of a SIP Authentication Scheme , 2011, Communications and Multimedia Security.

[27]  Eun-Jun Yoon,et al.  A New Authentication Scheme for Session Initiation Protocol , 2009, 2009 International Conference on Complex, Intelligent and Software Intensive Systems.

[28]  Whai-En Chen,et al.  A performance study for IPv4–IPv6 translation in IP multimedia core network subsystem , 2010 .

[29]  Yi-Bing Lin,et al.  An effective IPv4-IPv6 translation mechanism for SIP applications in next generation networks , 2010, Int. J. Commun. Syst..

[30]  Jianhua Chen,et al.  A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[31]  Mohammad Sabzinejad Farash,et al.  A Novel Secure Bilinear Pairing Based Remote User Authentication Scheme with Smart Card , 2010, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[32]  Dongho Won,et al.  Off-Line Password-Guessing Attack to Yang's and Huang's Authentication Schemes for Session Initiation Protocol , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[33]  Wei-Kuan Shih,et al.  A Secured Authentication Protocol for SIP Using Elliptic Curves Cryptography , 2010, FGIT-FGCN.

[34]  Eun-Jun Yoon,et al.  Cryptanalysis of DS-SIP Authentication Scheme Using ECDH , 2009, 2009 International Conference on New Trends in Information and Service Science.

[35]  Chin-Chen Chang,et al.  A Pairing-free ID-based Key Agreement Protocol with Different PKGs , 2014 .

[36]  Fei Kang,et al.  Practical authentication scheme for SIP , 2013, Peer Peer Netw. Appl..

[37]  Nipun Bansal,et al.  Peer to Peer Networking and Applications , 2013 .

[38]  Mahmoud Ahmadian-Attari,et al.  A new efficient authenticated multiple-key exchange protocol from bilinear pairings , 2013, Comput. Electr. Eng..

[39]  Mahmoud Ahmadian-Attari,et al.  An ID-based key agreement protocol based on ECC among users of separate networks , 2012, 2012 9th International ISC Conference on Information Security and Cryptology.

[40]  Xinsong Liu,et al.  Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol , 2012, Multimedia Tools and Applications.

[41]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[42]  Jung-Shian Li,et al.  VoIP secure session assistance and call monitoring via building security gateway , 2011, Int. J. Commun. Syst..

[43]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[44]  Yanghee Choi,et al.  An extensible and ubiquitous RFID management framework over next-generation network , 2010 .

[45]  Min-Xiou Chen,et al.  Session integration service over multiple devices , 2010, Int. J. Commun. Syst..

[46]  Naveen K. Chilamkurti,et al.  A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography , 2014, Multimedia Tools and Applications.

[47]  Mahmoud Ahmadian-Attari,et al.  Vulnerability of two multiple-key agreement protocols , 2011, Comput. Electr. Eng..

[48]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.