A Server Spoofing Attack on Zhang et al. SIP Authentication Protocol

In recent years, Internet and online services are very important in humane life. Telephony over IP (ToIP) is one of those services. Session Initiation Protocol (SIP) is the most signaling protocol used by ToIP, which is delivered in unsecured public network, the authentication of SIP is become more and more important. In 2013, Zhang et al. have proposed an improved authentication protocol for SIP. Then, they showed that their protocol is secured against various attacks. However, in this work we prove that Zhang et al.’s protocol is unsecured against server spoofing attack. As result, we propose a new SIP authentication protocol to overcome the weakness. The performance analysis shows that our protocol is secured against different attacks and it is efficient. Furthermore, we have used AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to simulate the proposed protocol, the result obtained confirms that our protocol is SAFE under OFMC and CL-AtSe models, so our proposed scheme is secure against active and passive attacks.

[1]  Hao Lin,et al.  An anonymous and secure authentication and key agreement scheme for session initiation protocol , 2015, Multimedia Tools and Applications.

[2]  Zhihua Cai,et al.  Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards , 2014, Secur. Commun. Networks.

[3]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.

[4]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[5]  Xinsong Liu,et al.  Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol , 2012, Multimedia Tools and Applications.

[6]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[7]  Mohammad Sabzinejad Farash Security analysis and enhancements of an improved authentication for session initiation protocol with provable security , 2016, Peer Peer Netw. Appl..

[8]  Eun-Jun Yoon,et al.  A New Authentication Scheme for Session Initiation Protocol , 2009, 2009 International Conference on Complex, Intelligent and Software Intensive Systems.

[9]  Naveen K. Chilamkurti,et al.  An improved authentication protocol for session initiation protocol using smart card , 2015, Peer Peer Netw. Appl..

[10]  G. Jaspher Willsie Kathrine,et al.  Efficient Biometric Template based Authentication Scheme for Grid Environment , 2014 .

[11]  Mourade Azrour,et al.  SIP Authentication Protocols Based On Elliptic Curve Cryptography: Survey and Comparison , 2016 .

[12]  Xiong Li,et al.  An improved smart card based authentication scheme for session initiation protocol , 2017, Peer-to-Peer Netw. Appl..

[13]  Hui-Feng Huang A New Efficient Authentication Scheme for Session Initiation Protocol , 2006, JCIS.

[14]  Debiao He,et al.  Enhanced authentication protocol for session initiation protocol using smart card , 2015, Int. J. Electron. Secur. Digit. Forensics.

[15]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[16]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[17]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[18]  Morteza Nikooghadam,et al.  An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC , 2014, Multimedia Tools and Applications.

[19]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .