A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card

The Session Initiation Protocol (SIP) has revolutionized the way of controlling Voice over Internet Protocol (VoIP) based communication sessions over an open channel. The SIP protocol is insecure for being an open text-based protocol inherently. Different solutions have been presented in the last decade to secure the protocol. Recently, Zhang et al. authentication protocol has been proposed with a sound feature that authenticates the users without any password-verifier database using smart card. However, the scheme has a few limitations and can be made more secure and optimized regarding cost of exchanged messages, with a few modifications. Our proposed key-agreement protocol makes a use of two server secrets for robustness and is also capable of authenticating the involved parties in a single round-trip of exchanged messages. The server can now authenticate the user on the request message received, rather than the response received upon sending the challenge message, saving another round-trip of exchanged messages and hence escapes a possible denial of service attack.

[1]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[2]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[3]  Muhammad Shafiq,et al.  Security Enhancement in MANET Authentication by checking the CRL status of Servers , 2008 .

[4]  Bruce Schneier,et al.  Applied cryptography, second edition : protocols, algorithms,and source code in C , 2015 .

[5]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[6]  Costas Lambrinoudakis,et al.  Survey of security vulnerabilities in session initiation protocol , 2006, IEEE Communications Surveys & Tutorials.

[7]  Kenneth Raeburn,et al.  Encryption and Checksum Specifications for Kerberos 5 , 2005, RFC.

[8]  Zhenfu Cao,et al.  Off-line Password Guessing Attack on an Efficient Key Agreement Protocol for Secure Authentication , 2006, Int. J. Netw. Secur..

[9]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[10]  Xinsong Liu,et al.  Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol , 2012, Multimedia Tools and Applications.

[11]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[12]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[13]  Q. Pu Weaknesses of SIP Authentication Scheme for Converged VoIP Networks , 2010, IACR Cryptol. ePrint Arch..

[14]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[15]  Dongho Won,et al.  Off-Line Password-Guessing Attack to Yang's and Huang's Authentication Schemes for Session Initiation Protocol , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[16]  Jung-Shian Li,et al.  VoIP secure session assistance and call monitoring via building security gateway , 2011, Int. J. Commun. Syst..

[17]  Ruby B. Lee,et al.  Remote Denial of Service Attacks and Countermeasures , 2001 .

[18]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[19]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[20]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[21]  Athanasios V. Vasilakos,et al.  Joint Forensics-Scheduling Strategy for Delay-Sensitive Multimedia Applications over Heterogeneous Networks , 2011, IEEE Journal on Selected Areas in Communications.

[22]  Paulvanna Nayaki Marimuthu,et al.  Supporting multimedia applications through network redesign , 2014, Int. J. Commun. Syst..

[23]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[24]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[25]  Hui-Feng Huang A New Efficient Authentication Scheme for Session Initiation Protocol , 2006, JCIS.

[26]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[27]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[28]  Cheng-Chi Lee On Security of An Efficient Nonce-based Authentication Scheme for SIP , 2009, Int. J. Netw. Secur..

[29]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[30]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[31]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.

[32]  Christian Callegari,et al.  Security and delay issues in SIP systems , 2009, Int. J. Commun. Syst..

[33]  Olivier Chevassut,et al.  One-Time Verifier-Based Encrypted Key Exchange , 2005, Public Key Cryptography.

[34]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[35]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[36]  Muhammad Shafiq,et al.  Security Enhancement for Authentication of Nodes in MANET by Checking the CRL Status of Servers , 2010, SUComS.

[37]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[38]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[39]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[40]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[41]  Bin Wang,et al.  A Forward-Secure User Authentication Scheme with Smart Cards , 2006, Int. J. Netw. Secur..

[42]  Tatu Ylönen,et al.  The Secure Shell (ssh) Transport Layer Protocol , 2006 .

[43]  Yong-Nyuo Shin,et al.  Robust Mutual Authentication with a Key Agreement Scheme for the Session Initiation Protocol , 2010 .

[44]  Eric Rescorla,et al.  SSL and TLS: Designing and Building Secure Systems , 2000 .

[45]  Jianhua Chen,et al.  A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography , 2012, Secur. Commun. Networks.