Cryptanalysis and improvement of ‘an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks’

SUMMARY Authentication schemes assure that authorised user can fraudulently obtain his/her required services from home domains. Recently, Li et al. (International Journal of Network Management, 2013; 23(5):311–324) proposed a remote user authentication scheme. They claimed that their protocol is secure against known security attacks. However, in this paper, we indicate that Li et al.'s scheme is insecure against user impersonation attack. We show that an active adversary can easily masquerade as a legitimate user without knowing the user's secret information. As a remedy, we also proposed an improved authentication scheme to overcome the security weaknesses of Li et al.'s scheme. To show the security of our scheme, we prove its security the random oracle model. The implementation results show that our improved scheme offers a reduction of 58% in computational cost and a communication cost reduction of 48% with respect to Li et al.'s scheme. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Nassar Ikram,et al.  Elliptic curve cryptography based mutual authentication scheme for session initiation protocol , 2011, Multimedia Tools and Applications.

[2]  Cheng-Chi Lee,et al.  A new authenticated group key agreement in a mobile environment , 2009, Ann. des Télécommunications.

[3]  Saru Kumari,et al.  Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps , 2017, Int. J. Commun. Syst..

[4]  Cheng-Chi Lee,et al.  Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices , 2013, IET Comput. Digit. Tech..

[5]  Mohammad Sabzinejad Farash Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography , 2014, The Journal of Supercomputing.

[6]  Naveen K. Chilamkurti,et al.  An improved authentication protocol for session initiation protocol using smart card , 2015, Peer Peer Netw. Appl..

[7]  David Pointcheval,et al.  Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication , 2005, Financial Cryptography.

[8]  Dong Hoon Lee,et al.  A remote user authentication scheme without using smart cards , 2009, Comput. Stand. Interfaces.

[9]  Mahmoud Ahmadian-Attari,et al.  An Enhanced and Secure Three-Party Password-based Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems , 2014, Inf. Technol. Control..

[10]  Mahmoud Ahmadian-Attari,et al.  An Enhanced Authenticated Key Agreement for Session Initiation Protocol , 2013, Inf. Technol. Control..

[11]  Mahmoud Ahmadian-Attari,et al.  A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks , 2014, The Journal of Supercomputing.

[12]  Mohammad Sabzinejad Farash,et al.  Cryptanalysis and improvement of a chaotic map-based key agreement protocol using Chebyshev sequence membership testing , 2014, Nonlinear Dynamics.

[13]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[14]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[15]  Mohammad Sabzinejad Farash,et al.  An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps , 2014 .

[16]  Dongho Won,et al.  Off-Line Password-Guessing Attack to Yang's and Huang's Authentication Schemes for Session Initiation Protocol , 2009, 2009 Fifth International Joint Conference on INC, IMS and IDC.

[17]  Qiaoyan Wen,et al.  An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks , 2013, Int. J. Netw. Manag..

[18]  Mahmoud Ahmadian-Attari,et al.  Vulnerability of two multiple-key agreement protocols , 2011, Comput. Electr. Eng..

[19]  Mahmoud Ahmadian-Attari,et al.  An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards , 2016, Int. J. Commun. Syst..

[20]  Eun-Jun Yoon,et al.  Cryptanalysis of DS-SIP Authentication Scheme Using ECDH , 2009, 2009 International Conference on New Trends in Information and Service Science.

[21]  Wei-Kuan Shih,et al.  A Secured Authentication Protocol for SIP Using Elliptic Curves Cryptography , 2010, FGIT-FGCN.

[22]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[23]  Hartmut König,et al.  Cryptanalysis of a SIP Authentication Scheme , 2011, Communications and Multimedia Security.

[24]  Mohammad Sabzinejad Farash Security analysis and enhancements of an improved authentication for session initiation protocol with provable security , 2016, Peer Peer Netw. Appl..

[25]  Kuo-Yu Tsai,et al.  Two ID-based authenticated schemes with key agreement for mobile environments , 2013, The Journal of Supercomputing.

[26]  Mahmoud Ahmadian-Attari,et al.  Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC , 2013, ISC Int. J. Inf. Secur..

[27]  Zhihua Cai,et al.  Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card , 2014, Int. J. Commun. Syst..

[28]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[29]  Chin-Chen Chang,et al.  A Pairing-free ID-based Key Agreement Protocol with Different PKGs , 2014 .

[30]  Eun-Jun Yoon,et al.  A New Authentication Scheme for Session Initiation Protocol , 2009, 2009 International Conference on Complex, Intelligent and Software Intensive Systems.

[31]  Mahmoud Ahmadian-Attari,et al.  A new efficient authenticated multiple-key exchange protocol from bilinear pairings , 2013, Comput. Electr. Eng..

[32]  Mahmoud Ahmadian-Attari,et al.  A Certificateless Multiple-key Agreement Protocol Based on Bilinear Pairings , 2012, IACR Cryptol. ePrint Arch..

[33]  Mohammad Sabzinejad Farash,et al.  A Novel Secure Bilinear Pairing Based Remote User Authentication Scheme with Smart Card , 2010, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[34]  Mahmoud Ahmadian-Attari,et al.  An ID-based key agreement protocol based on ECC among users of separate networks , 2012, 2012 9th International ISC Conference on Information Security and Cryptology.

[35]  Xinsong Liu,et al.  Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol , 2012, Multimedia Tools and Applications.

[36]  Mahmoud Ahmadian-Attari,et al.  An efficient client–client password-based authentication scheme with provable security , 2014, The Journal of Supercomputing.

[37]  Mohammad Sabzinejad Farash An improved password-based authentication scheme for session initiation protocol using smart cards without verification table , 2017, Int. J. Commun. Syst..

[38]  Nipun Bansal,et al.  Peer to Peer Networking and Applications , 2013 .

[39]  Mahmoud Ahmadian-Attari,et al.  A provably secure and efficient authentication scheme for access control in mobile pay-TV systems , 2014, Multimedia Tools and Applications.

[40]  Hui-Feng Huang A New Efficient Authentication Scheme for Session Initiation Protocol , 2006, JCIS.

[41]  Yong-Nyuo Shin,et al.  Robust Mutual Authentication with a Key Agreement Scheme for the Session Initiation Protocol , 2010 .

[42]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..