A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card

The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. The proposed authentication in SIP is HTTP digest based authentication. Recently, Tu et al. presented an improvement of Zhang et al.’s smart card-based authenticated key agreement protocol for SIP. Their scheme efficiently resists password guessing attack. However, in this paper, we analyze the security of Tu et al.’s scheme and demonstrate their scheme is still vulnerable to user’s impersonation attack, server spoofing attack and man-in-the middle attack. We aim to propose an efficient improvement on Tu et al.’s scheme to overcome the weaknesses of their scheme, while retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Tu et al.’s scheme. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, the proposed scheme is comparable in terms of the communication and computational overheads with Tu et al.’s scheme and other related existing schemes.

[1]  Kangseok Kim,et al.  An effective authentication mechanism for ubiquitous collaboration in heterogeneous computing environment , 2014, Peer Peer Netw. Appl..

[2]  Naveen K. Chilamkurti,et al.  An improved authentication protocol for session initiation protocol using smart card , 2015, Peer Peer Netw. Appl..

[3]  Q. Pu Weaknesses of SIP Authentication Scheme for Converged VoIP Networks , 2010, IACR Cryptol. ePrint Arch..

[4]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[5]  Ratna Dutta,et al.  Provably Secure Constant Round Contributory Group Key Agreement in Dynamic Setting , 2008, IEEE Transactions on Information Theory.

[6]  Hui-Feng Huang A New Efficient Authentication Scheme for Session Initiation Protocol , 2006, JCIS.

[7]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[8]  Douglas R. Stinson,et al.  Some Observations on the Theory of Cryptographic Hash Functions , 2006, Des. Codes Cryptogr..

[9]  Jianfeng Ma,et al.  Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al. , 2015, Int. J. Commun. Syst..

[10]  Yuh-Min Tseng,et al.  An efficient dynamic group key agreement protocol for imbalanced wireless networks , 2010, Int. J. Netw. Manag..

[11]  Vanga Odelu,et al.  A secure and efficient time-bound hierarchical access control scheme for secure broadcasting , 2016, UbiComp 2016.

[12]  Muhammad Sher,et al.  A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card , 2013, Multimedia Tools and Applications.

[13]  Kangseok Kim,et al.  An efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks , 2013, Peer-to-Peer Networking and Applications.

[14]  Loris Nanni,et al.  An improved BioHashing for human authentication , 2007, Pattern Recognit..

[15]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[16]  Fei Kang,et al.  Practical authentication scheme for SIP , 2013, Peer Peer Netw. Appl..

[17]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[18]  Ashok Kumar Das,et al.  A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks , 2015, Ad Hoc Sens. Wirel. Networks.

[19]  R. C. Mittal,et al.  Dynamic ID-based remote user password authentication schemes using smart cards: A review , 2012, J. Netw. Comput. Appl..

[20]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[21]  Ashok Kumar Das,et al.  An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System , 2013, Journal of Medical Systems.

[22]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[23]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[24]  Rongxing Lu,et al.  EAPSG: Efficient authentication protocol for secure group communications in maritime wideband communication networks , 2015, Peer Peer Netw. Appl..

[25]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[26]  Jari Arkko,et al.  Security Mechanism Agreement for SIP Sessions , 2003 .

[27]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[28]  Sharath Pankanti,et al.  BIOMETRIC IDENTIFICATION , 2000 .

[29]  C. D. Jaidhar,et al.  Cryptanalysis of SIP secure and efficient authentication scheme , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[30]  Ashok Kumar Das,et al.  Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem , 2012, Inf. Sci..

[31]  R. C. Mittal,et al.  A Review on Remote User Authentication Schemes Using Smart Cards , 2013, QSHINE.

[32]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[33]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[34]  Paul F. Syverson,et al.  The Logic of Authentication Protocols , 2000, FOSAD.

[35]  Wei-Kuan Shih,et al.  Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography , 2014, Comput. Stand. Interfaces.

[36]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[37]  Jianhua Chen,et al.  A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[38]  Bong-Han Kim,et al.  Key exchange process of PIM-SM-based for Multiple Group Communication in P2P , 2015, Peer-to-Peer Netw. Appl..

[39]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[40]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[41]  Chien-Ming Cheng,et al.  Unstructured Peer-to-Peer Session Initiation Protocol for Mobile Environment , 2007, 2007 IEEE 18th International Symposium on Personal, Indoor and Mobile Radio Communications.

[42]  Dongho Won,et al.  Off-Line Password-Guessing Attack to Yang's and Huang's Authentication Schemes for Session Initiation Protocol , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[43]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[44]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[45]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[46]  Hsiao-Hwa Chen,et al.  A secure and efficient SIP authentication scheme for converged VoIP networks , 2010, Comput. Commun..

[47]  David von Oheimb The High-Level Protocol Specification Language HLPSL developed in the EU project AVISPA , 2005 .

[48]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[49]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[50]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[51]  Yong-Nyuo Shin,et al.  Robust Mutual Authentication with a Key Agreement Scheme for the Session Initiation Protocol , 2010 .

[52]  Vanga Odelu,et al.  A secure effective key management scheme for dynamic access control in a large leaf class hierarchy , 2014, Inf. Sci..

[53]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[54]  Nalini K. Ratha,et al.  Enhancing security and privacy in biometrics-based authentication systems , 2001, IBM Syst. J..