A provably secure anonymous mutual authentication scheme with key agreement for SIP using ECC

Recently, Lu et al. and Chaudhry et al. presented an authenticated key agreement scheme for session initiation protocol (SIP), respectively. They illustrated their schemes are secure against various familiar attacks. However, we demonstrate Lu et al.’s scheme is vulnerable to stolen verifier attack and Chaudhry et al.’s scheme is insecure to session key attack. To solve these problems, we propose a new provably secure mutual authentication scheme for SIP. Informal security analysis illustrates this proposed protocol can withstand different kinds of familiar attacks including stolen verifier attack and session key attack. And the correctness and security of the proposed protocol is also proved through Protocol Composition Logic (PCL) and generic group model. Eventually, security comparison shows our proposed scheme is more secure and performance analysis demonstrates the computation cost is also acceptable.

[1]  Q. Pu Weaknesses of SIP Authentication Scheme for Converged VoIP Networks , 2010, IACR Cryptol. ePrint Arch..

[2]  Muhammad Sher,et al.  An improved and provably secure privacy preserving authentication protocol for SIP , 2017, Peer-to-Peer Netw. Appl..

[3]  Naveen K. Chilamkurti,et al.  A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography , 2014, Multimedia Tools and Applications.

[4]  Mahmoud Ahmadian-Attari,et al.  An Enhanced Authenticated Key Agreement for Session Initiation Protocol , 2013, Inf. Technol. Control..

[5]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[6]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[7]  Anupam Datta,et al.  Security analysis of network protocols : compositional reasoning and complexity-theoretic foundations , 2005 .

[8]  Xiang Cao,et al.  Breaking a remote user authentication scheme for multi-server architecture , 2006, IEEE Communications Letters.

[9]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[10]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[11]  Jari Arkko,et al.  Security Mechanism Agreement for the Session Initiation Protocol (SIP) , 2003, RFC.

[12]  Muhammad Khurram Khan,et al.  A provably secure anonymous authentication scheme for Session Initiation Protocol , 2016, Secur. Commun. Networks.

[13]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[14]  Carlos Gallego López,et al.  Recuerdo de materia verbal en niños con disfasia funcional , 2000 .

[15]  Hsiao-Hwa Chen,et al.  A secure and efficient SIP authentication scheme for converged VoIP networks , 2010, Comput. Commun..

[16]  Yong-Nyuo Shin,et al.  Robust Mutual Authentication with a Key Agreement Scheme for the Session Initiation Protocol , 2010 .

[17]  Douglas R. Stinson,et al.  Some Observations on the Theory of Cryptographic Hash Functions , 2006, Des. Codes Cryptogr..

[18]  Wei-Kuan Shih,et al.  A Secured Authentication Protocol for SIP Using Elliptic Curves Cryptography , 2010, FGIT-FGCN.

[19]  Jianhua Chen,et al.  A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography , 2012, Secur. Commun. Networks.

[20]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[21]  Scott A. Vanstone,et al.  Elliptic curve cryptosystem - The answer to strong, fast public-key cryptography for securing constrained environments , 1997, Inf. Secur. Tech. Rep..

[22]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[23]  Ashok Kumar Das,et al.  An Enhanced Access Control Scheme in Wireless Sensor Networks , 2014, Ad Hoc Sens. Wirel. Networks.

[24]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[25]  Chun-Li Lin,et al.  A password authentication scheme with secure password updating , 2003, Comput. Secur..

[26]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[27]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[28]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[29]  Shuenn-Shyang Wang,et al.  A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves , 2010, Comput. Commun..

[30]  Vanga Odelu,et al.  A secure effective key management scheme for dynamic access control in a large leaf class hierarchy , 2014, Inf. Sci..

[31]  C. D. Jaidhar,et al.  Cryptanalysis of SIP secure and efficient authentication scheme , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[32]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.

[33]  Eun-Jun Yoon,et al.  Cryptanalysis of DS-SIP Authentication Scheme Using ECDH , 2009, 2009 International Conference on New Trends in Information and Service Science.

[34]  Lixiang Li,et al.  A secure and efficient mutual authentication scheme for session initiation protocol , 2016, Peer Peer Netw. Appl..