A secure and efficient SIP authentication scheme for converged VoIP networks

Session Initiation Protocol (SIP) has been widely used in current Internet protocols such as Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). SIP is a powerful signaling protocol that controls communications on the Internet for establishing, maintaining and terminating sessions. The services that are enabled by SIP are equally applicable to mobile and ubiquitous computing. This paper demonstrates that recently proposed SIP authentication schemes are insecure against attacks such as off-line password guessing attacks, Denning-Sacco attacks and stolen-verifier attacks. In order to overcome such security problems, a new secure and efficient SIP authentication scheme in a converged VoIP network based on elliptic curve cryptography (ECC) is proposed and it works to exploit the key block size, speed, and security jointly.

[1]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[2]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[3]  Hyung-Woo Lee,et al.  Stateful Virtual Proxy for SIP Message Flooding Attack Detection , 2009, KSII Trans. Internet Inf. Syst..

[4]  Jinsung Cho,et al.  Cross-layer Optimized Vertical Handover Schemes between Mobile WiMAX and 3G Networks , 2008, KSII Trans. Internet Inf. Syst..

[5]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[6]  Byeong-Hee Roh,et al.  Detection of SIP Flooding Attacks based on the Upper Bound of the Possible Number of SIP Messages , 2009, KSII Trans. Internet Inf. Syst..

[7]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[8]  R. Giorgi,et al.  A workload characterization of elliptic curve cryptography methods in embedded environments , 2004, MEDEA '03.

[9]  Private Header (P-Header) Extensions to the Session Initiation Protocol (SIP) for the 3rd-Generation Partnership Project (3GPP) , 2003, RFC.

[10]  Alan Johnston SIP: Understanding the Session Initiation Protocol, Second Edition , 2003 .

[11]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[12]  Eun-Jun Yoon,et al.  Robust and Simple Authentication Protocol for Secure Communication on the Web , 2005, ICWE.

[13]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[14]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[15]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[16]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[17]  Chun-Li Lin,et al.  A password authentication scheme with secure password updating , 2003, Comput. Secur..

[18]  Alan B. Johnston,et al.  SIP: Understanding the Session Initiation Protocol , 2001 .

[19]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[20]  Jari Arkko,et al.  Security Mechanism Agreement for SIP Sessions , 2003 .

[21]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[22]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[23]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement protocol for SIP using ECC , 2009, Comput. Stand. Interfaces.