Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography

Recently, Voice over Internet Protocol (VoIP) has been one of the more popular applications in Internet technology. For VoIP and other IP applications, issues surrounding Session Initiation Protocol (SIP) have received significant attention. SIP is a widely used signaling protocol and is capable of operating on Internet Telephony, typically using Hyper Text Transport Protocol (HTTP) digest authentication protocol. Authentication is becoming increasingly crucial because it accesses the server when a user asks to use SIP services. In this paper, we concentrate on the security flaws in the current SIP authentication procedure. We propose a secure ECC-based authentication mechanism to conquer many forms of attacks in previous schemes. By a sophisticated analysis of the security of the ECC-based protocol, we show that it is suitable for applications with higher security requirements.

[1]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[2]  Hsiao-Hwa Chen,et al.  A secure and efficient SIP authentication scheme for converged VoIP networks , 2010, Comput. Commun..

[3]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[4]  Shuenn-Shyang Wang,et al.  A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves , 2010, Comput. Commun..

[5]  Xiaomin Wang,et al.  Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards , 2007, Comput. Stand. Interfaces.

[6]  Ismail Dalgic,et al.  Comparison of H.323 and SIP for IP telephony signaling , 1999, Optics East.

[7]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[8]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[9]  Henning Schulzrinne,et al.  A Comparison of SIP and H.323 for Internet Telephony , 1998 .

[10]  Wei-Kuan Shih,et al.  Security enhancement on an improvement on two remote user authentication schemes using smart cards , 2011, Future Gener. Comput. Syst..

[11]  Dorgham Sisalem,et al.  Denial of service attacks targeting a SIP VoIP infrastructure: attack scenarios and prevention mechanisms , 2006, IEEE Network.

[12]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[13]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[14]  Wei-Kuan Shih,et al.  A Robust Mutual Authentication Protocol for Wireless Sensor Networks , 2010 .

[15]  Ernest Foo,et al.  A new authentication mechanism and key agreement protocol for SIP using identity-based cryptography , 2006 .

[16]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[17]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[18]  Hartmut König,et al.  Cryptanalysis of a SIP Authentication Scheme , 2011, Communications and Multimedia Security.

[19]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[20]  Costas Lambrinoudakis,et al.  Survey of security vulnerabilities in session initiation protocol , 2006, IEEE Communications Surveys & Tutorials.

[21]  M. Ahamad,et al.  A lightweight scheme for securely and reliably locating SIP users , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[22]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[23]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[24]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[25]  Miao Yu,et al.  A scalable key management and clustering scheme for wireless ad hoc and sensor networks , 2008, Future Gener. Comput. Syst..

[26]  Mehdi Dehghan,et al.  A secure credit-based cooperation stimulating mechanism for MANETs using hash chains , 2009, Future Gener. Comput. Syst..

[27]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography , 2008, Comput. Commun..

[28]  Yanchun Zhang,et al.  Access control management for ubiquitous computing , 2008, Future Gener. Comput. Syst..

[29]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[30]  Eun-Jun Yoon,et al.  Cryptanalysis of DS-SIP Authentication Scheme Using ECDH , 2009, 2009 International Conference on New Trends in Information and Service Science.

[31]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.