Skip to main content
Springer Nature Link
Log in

Elliptic curve cryptography based mutual authentication scheme for session initiation protocol

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The Session Initiation Protocol (SIP) is the most widely used signaling protocol for controlling communication on the internet, establishing, maintaining, and terminating the sessions. The services that are enabled by SIP are equally applicable in the world of multimedia communication. Recently, Tsai proposed an efficient nonce-based authentication scheme for SIP. In this paper, we do a cryptanalysis of Tsai’s scheme and show that Tsai’s scheme is vulnerable to the password guessing attack and stolen-verifier attack. Furthermore, Tsai’s scheme does not provide known-key secrecy and perfect forward secrecy. We also propose a novel and secure mutual authentication scheme based on elliptic curve discrete logarithm problem for SIP which is immune to the presented attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Arkko J, Torvinen V, Camarillo G, Niemi A, Haukka T (2002) Security mechanism agreement for SIP sessions. IETF Internet Draft (draft-ietf-sip-sec-agree-04.txt)

  2. Damgard I (1989) A design principle for hash functions. Advances in Cryptology, CRYPTO’89, LNCS 1989, (435): 416–427

  3. Diffie W, Hellman M (1976) New directions in cryptology. IEEE Transaction on Information Theory 22(6)

  4. Durlanik A, Sogukpinar I (2005) SIP Authentication Scheme using ECDH. World Enformatika Socity Trans Eng Comput Technol 8:350–353

    Google Scholar 

  5. Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A (1999) HTTP authentication: basic and digest access authentication. IETF RFC2617

  6. Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S, Ehlert S (2006) Survey of security vulnerabilities in session initiation protocol. IEEE Commun Surv Tutorials 8(3):68–81

    Article  Google Scholar 

  7. Handley M, Schulzrinne H, Schooler E, Rosenberg J (1999) SIP: session initiation protocol. IETF RFC2543

  8. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:417–426

    MathSciNet  Google Scholar 

  9. Lee CC (2009) On security of an efficient nonce based authentication scheme for SIP. Int J Netw Secur 9(3):201–203

    Google Scholar 

  10. Lin CL, Hwang T (2003) A password authentication scheme with secure password updating. Comput Secur 22(1):68–72

    Article  Google Scholar 

  11. Lu R, Cao Z (2006) Off-line password guessing attack on an efficient key agreement protocol for secure authentication. Int J Netw Secur 3(1):35–38

    Google Scholar 

  12. Lu R, Cao Z (2008) A simple user authentication scheme for grid computing. Int J Netw Secur 7(2):202–206

    Google Scholar 

  13. Rosenberg J, Schulzrinne H, Camarillo G, Johnstone A, Peterson J, Sparks R (2002) SIP: session initiation protocol. IETF RFC3261

  14. Thomas M (2001) SIP security requirements. IETF Internet Draft (draftthomas-sip-sec-reg-00. txt) (work in progress)

  15. Toorani M, Shirazi AAB (2009) A directly public verifiable signcryption scheme based on elliptic curves. Proceedings of the 14th IEEE Symposium on Computers and Communications (ISCC 09), pp. 713–716

  16. Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312–316

    Google Scholar 

  17. Veltri L, Salsano S, Papalilo D (2002) SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw 16(6):38–44

    Article  Google Scholar 

  18. Wang B, Li ZQ (2006) A forward-secure user authentication scheme with smart cards. Int J Netw Secur 3(2):116–119

    Google Scholar 

  19. Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386

    Article  Google Scholar 

  20. Yoon EJ, Yoo KY (2009) A new authentication scheme for session initiation protocol. 3rd International Workshop on Intelligent, Mobile and Internet Services in Ubiquitous Computing (IMIS 2009), pp. 549–544

  21. Yoon EJ, Shin YN, Jeon IS, Yoo KY (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27(3):203–213

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National University of Sciences and Technology, Rawalpindi, Pakistan

    R. Arshad & N. Ikram

Authors
  1. R. Arshad
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. N. Ikram
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to R. Arshad.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Arshad, R., Ikram, N. Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66, 165–178 (2013). https://doi.org/10.1007/s11042-011-0787-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-011-0787-0

Keywords