An Enhanced Authentication and Key Agreement Mechanism for SIP Using Certificateless Public-key Cryptography

The session initiation protocol (SIP) is considered as the dominant signaling protocol for calls over the Internet. However, how to authenticate each other and agree on a session key has not been efficiently solved. In 2007, Wang and Zhang proposed a key agreement protocol and a new authentication and key agreement mechanism for SIP. In this paper, we prove that Wang and Zhang's key agreement protocol is insecure due to its susceptibility to the key replacement attack. Moreover, we have also realized that their protocol do not satisfy the perfect forward secrecy and known session-specific temporary information security attribute. Based on this, we propose an enhanced protocol and a new mutually authenticated key agreement protocol for SIP, Compared with the Wangand Zhang's scheme for SIP regarding the robustness and computation overheads, our scheme is more efficient and thus is more suitable for SIP.

[1]  Colin Boyd,et al.  On Session Key Construction in Provably-Secure Key Establishment Protocols , 2005, Mycrypt.

[2]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[3]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[4]  Xing Xu,et al.  Comparison between Particle Swarm Optimization, Differential Evolution and Multi-Parents Crossover , 2007 .

[5]  Ernest Foo,et al.  A new authentication mechanism and key agreement protocol for SIP using identity-based cryptography , 2006 .

[6]  Xiaotie Deng,et al.  Key Replacement Attack Against a Generic Construction of Certificateless Signature , 2006, ACISP.

[7]  Yuqing Zhang,et al.  A New Provably Secure Authentication and Key Agreement Mechanism for SIP Using Certificateless Public-Key Cryptography , 2007, 2007 International Conference on Computational Intelligence and Security (CIS 2007).

[8]  Luminita Vasiu,et al.  On The Indistinguishability-Based Security Model of Key Agreement Protocols-Simple Cases , 2005, IACR Cryptol. ePrint Arch..

[9]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[10]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[11]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[12]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.