Skip to main content
SpringerLink
Log in

A Secured Authentication Protocol for SIP Using Elliptic Curves Cryptography

  • Conference paper
Communication and Networking (FGCN 2010)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 119))

Abstract

Session initiation protocol (SIP) is a technology regularly performed in Internet Telephony, and Hyper Text Transport Protocol (HTTP) as digest authentication is one of the major methods for SIP authentication mechanism. In 2005, Yang et al. pointed out that HTTP could not resist server spoofing attack and off-line guessing attack and proposed a secret authentication with Diffie-Hellman concept. In 2009, Tsai proposed a nonce based authentication protocol for SIP. In this paper, we demonstrate that their protocol could not resist the password guessing attack and insider attack. Furthermore, we propose an ECC-based authentication mechanism to solve their issues and present security analysis of our protocol to show that ours is suitable for applications with higher security requirement.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Siddiqui, K., Kamran, M., Tajammul, S.: Comparison of H.323 and Sip for Ip Telephony Signaling. In: IEEE 4th International Multioptics Conference, Lahore, Pakistan (2001)

    Google Scholar 

  2. Franks, J., Northwestern, U., Hallam-Baker, P., Hostetler, J., AbiSource, I., Lawrence, S., Agranat Systems, I., Leach, P., Microsoft, C., Luotonen, A., Netscape, C.C., Stewart, L., Open Market, I.: Http Authentication: Basic and Digest Access Authentication. IETF RFC2617 (June 1999)

    Google Scholar 

  3. Salsano, S., Veltri, L., Papalilo, D.: Sip Security Issues: The Sip Authentication Procedure and Its Processing Load. Network 16, 38–44 (2002)

    Google Scholar 

  4. Andreas, S., Daniel, K.: Sip Security,Sip Group, CH-8401 (2004)

    Google Scholar 

  5. Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C.: Survey of Security Vulnerabilities in Session Initial Protocol. IEEE Communications Surveys & Tutorials 8(3), 68–81 (2006)

    Article  Google Scholar 

  6. Sisalemd, D., Kuthan, J., Ehlerts, S.: Denial of Service Attacks Targeting a Sip Voip Infrastructure: Stack Scenarios and Prevention Mechanisms. Network IEEE 20(5), 26–31 (2006)

    Article  Google Scholar 

  7. Yang, C.-C., Wang, R.-C., Liu, W.-T.: Secure Authentication Scheme for Session Initiation Protocol. Comput Secur. 24, 381–386 (2005)

    Article  Google Scholar 

  8. Diffie, W., Hellman, M.E.: New Directions in Cryptography. Ieee T. Inform. Theory 22, 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  9. Durlanik, A., Sogukpinar, I.: Sip Authentication Scheme Using Ecdh. In: 2005: Proceedings of World Academy of Science. Engineering And Technology (October 2005)

    Google Scholar 

  10. Kong, L., Balasubramaniyan, V.B., Ahamad, M.: A Lightweight Scheme for Securely and Reliably Locating Sip Users. In: VoIP Management and Security, IEEE Workshop, pp. 9–17 (2006)

    Google Scholar 

  11. Ring, J., Raymond Choo, K.-K., Foo, E., Looi, M.: A New Authentication Mechanism and Key Agreement Protocol for Sip Using Identity Based Cryptography. In: Proceedings of AusCERT R&D Stream, pp. 61–72 (2006)

    Google Scholar 

  12. Srinivasan, R., Vaidehi, V., Harish, K., Lakshmi-Narasimhan, K., LokeshwerBabu, S., Srikanth, V.: Authentication of Signaling in Voip Applications. In: Communications, Asia-Pacific Conference, pp. 530–533 (2005)

    Google Scholar 

  13. Vesterinen, P.: User Authentication in Sip. In TKK T-110.5290 Seminar on Network Security, pp. 11–12 (2006)

    Google Scholar 

  14. Yoon, E.J., Yoo, K.Y.: Cryptanalysis of Ds-Sip Authentication Scheme Using Ecdh. In: International Conference on New Trends in Information and Service Science, pp. 642–647 (2009)

    Google Scholar 

  15. Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)

    Chapter  Google Scholar 

  16. Li, J.H., Bhattacharjee, B., Yu, M., Levy, R.: A Scalable Key Management and Clustering Scheme for Wireless Ad Hoc and Sensor Networks. Future Gener. Comp. Sy. 24, 860–869 (2008)

    Article  Google Scholar 

  17. Chen, L., Kudla, C.: Identity Based Authenticated Key Agreement Protocol from Pairings. In: CSFW 2003, pp. 213–219. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  18. Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  19. Wang, H., Zhang, Y., Cao, J.: Access Control Management for Ubiquitous Computing. Future Gener. Comp. Sy. 24, 870–878 (2008)

    Article  Google Scholar 

  20. Janzadeh, H., Fayazbakhsh, K., Dehghan, M., Fallah, M.S.: A Secure Credit-Based Cooperation Stimulating Mechanism for Manets Using Hash Chains. Future Gener. Comp. Sy. 25, 926–934 (2009)

    Article  Google Scholar 

  21. Wang, F., Zhang, Y.: A New Provably Secure Authentication and Key Agreement Mechanism for Sip Using Certificateless Public-Key Cryptography. Computer Communications 31, 2142–2149 (2008)

    Article  Google Scholar 

  22. Al-Riyami, S.S., Paterson, K.G.: Certificateless Public Key Cryptography. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 452–473. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  23. Tsai, J.-L.: Efficient Nonce-Based Authentication Scheme for Session Initiation Protocol. International Journal of Network Security 9(1), 12–16 (2009)

    Google Scholar 

  24. Lee, C.C.: On Security of an Efficient Nonce-Based Authentication Scheme for Session Initiation Protocol. International Journal of Network Security 9, 201–203 (2009)

    Google Scholar 

  25. Chen, T.-H., Hsiang, H.-C., Shih, W.-K.: Security Improvement on a Remote User Authentication Scheme Using Smart Cards. In: Bandyopadhyay, S.K., Adi, W., Kim, T.-h., Xiao, Y. (eds.) ISA 2010. Communications in Computer and Information Science, vol. 76, pp. 9–16. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  26. Hwang, M.S., Li, L.H.: A New Remote User Authentication Scheme Using Smart Cards. Ieee T. Consum. Electr. 46, 28–30 (2000)

    Article  Google Scholar 

  27. Yoon, E.J., Ryu, E.K., Yoo, K.Y.: Further Improvement of an Efficient Password Based Remote User Authentication Scheme Using Smart Cards. Ieee T. Consum. Electr. 50, 612–614 (2004)

    Article  Google Scholar 

  28. Lee, S.W., Kim, H.S., Yoo, K.Y.: Improved Efficient Remote User Authentication Scheme Using Smart Cards. Ieee T. Consum. Electr. 50, 565–567 (2004)

    Article  Google Scholar 

  29. Chen, T.H., Hsiang, H.C., Shih, W.K.: Security Enhancement on an Improvement on Two Remote User Authentication Scheme Using Smart Cards. In: Future Gener. Comp. System, (in press) Accepted Manuscript doi:10.1016/j.future.2010.08.007

    Google Scholar 

  30. Rosenberg, J., Schulzeinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: Sip: Session Initiation Protocol. IETF RFC3261 (2002)

    Google Scholar 

  31. Handley, M., Schulzrinne, H., Schooler, C.U.E., Tech, C., Rosenberg, J., Bell, L.: Sip: Session Initiation Protocol. In: IETF RFC2543 (March 1999)

    Google Scholar 

  32. I.T Union, Packet Based Multimedia Communication Systems, in: Recommendation H.323, Telecommunication Standardization Sector of Itu, Geneva, Switzerland (Febuary 1998)

    Google Scholar 

  33. Schulzrinne, H., Rosenberg, J.: A Comparison of Sip and H.323 for Internet Telephony. In: International Workshop on Network and Operating System Support for Digital Audio and Video (NOSSDAV), Cambridge, England, pp. 83–86 (July 1998)

    Google Scholar 

  34. Wu, L., Zhang, Y., Wang, F.: A New Provably Secure Authentication and Key Agreement Protocol for Sip Using Ecc. Computer Standards & Interfaces 31, 286–291 (2009)

    Article  Google Scholar 

  35. Chen, T.-H., Shih, W.K.: A Robust Mutual Authentication Protocol for Wireless Sensor Networks. ETRI Journal 32 (2010 to be published.)

    Google Scholar 

  36. Koblitz, N.: Elliptic Curve Cryptosystems. Math. Comput. 48, 203–209 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  37. Menezes, A., Oorschot, P.V., Sa, V.: Handbook of Applied Cryptography. CRC Press Inc., Boca Raton (1997)

    MATH  Google Scholar 

  38. Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, p. 417. Springer, Heidelberg (1986)

    Google Scholar 

  39. Bodei, C., Degano, P., Focardi, R., Priami, C.: Authentication Primitives for Secure Protocol Specifications. Future Gener. Comp. Sy. 21, 645–653 (2005)

    Article  Google Scholar 

  40. Lin, I.-C., Hwang, M.-S., Li, L.-H.: A New Remote User Authentication Scheme for Multi-Server Architecture. Future Gener. Comp. Sy. 19, 13–22 (2003)

    Article  MATH  Google Scholar 

  41. Chen, T.-H., Chen, Y.-C., Shih, W.-K.: An Advanced Ecc Id-Based Remote Mutual Authentication Scheme for Mobile Devices. In: The 2010 International Symposium on Service, Security and its Data management technologies in Ubi-com (SSDU), Xi’an, China (2010)

    Google Scholar 

  42. Lee, W., Lee, J.: Design and Implementation of Secure E-Mail System Using Elliptic Curve Cryptosystem. Future Gener. Comp. Sy. 20, 315–326 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, National Tsing Hua University, No. 101, Kuang Fu Rd, Sec. 2, 300, HsingChu, Taiwan, ROC

    Tien-ho Chen, Hsiu-lien Yeh, Pin-chuan Liu, Han-chen Hsiang & Wei-kuan Shih

Authors
  1. Tien-ho Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hsiu-lien Yeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pin-chuan Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Han-chen Hsiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wei-kuan Shih
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hannam University, Daejeon, South Korea

    Tai-hoon Kim

  2. National Chung Cheng University, Chiayi County, Taiwan

    Alan Chin-Chen Chang

  3. Dalian University of Technology, 116620, Dalian, P.R. China

    MingChu Li

  4. University of Stavanger, 4036, Stavanger, Norway

    Chunming Rong

  5. National Technical University of Athens, Heroon Politechniou 9, 157 73, Athens, Zographou T.K., Greece

    Charalampos Z. Patrikakis

  6. University of Warsaw & Infobright Inc., Poland

    Dominik Ślęzak

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chen, Th., Yeh, Hl., Liu, Pc., Hsiang, Hc., Shih, Wk. (2010). A Secured Authentication Protocol for SIP Using Elliptic Curves Cryptography. In: Kim, Th., Chang, A.CC., Li, M., Rong, C., Patrikakis, C.Z., Ślęzak, D. (eds) Communication and Networking. FGCN 2010. Communications in Computer and Information Science, vol 119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17587-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17587-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17586-2

  • Online ISBN: 978-3-642-17587-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation