Skip to main content
SpringerLink
Log in

An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The Session Initiation Protocol (SIP) is a signaling protocol widely applied in the world of multimedia communication. Numerous SIP authenticated key agreement schemes have been proposed with the purpose of ensuring security communication. Farash recently put forward an enhancement employing smart cards counted on Zhang et al.’s scheme. In this study, we observe that the enhanced scheme presented by Farash has also some security pitfalls, such as disclosure of user identity, lack of a pre-authentication in the smart card and vulnerability to key-compromise masquerading attack which results in an off-line guessing attack. We then propose an anonymous modified scheme with elliptic curve cryptography to eliminate the security leakages of the scheme proposed by Farash. We demonstrate that our scheme is immune to different kinds of attacks including attacks involved in Farash’s scheme. We mention Burrows-Abadi-Needham logic for completeness of the proposed scheme. Also, we compare the performance of our scheme with its predecessor schemes and the comparative results shows that it perfectly satisfies the needs of SIP.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178

    Article  Google Scholar 

  2. Arshad H, Nikooghadam M (2014) An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed Tools Appl:1–17. doi:10.1007/s11042-014-2282-x

  3. Burrow M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 08:18–36

    Article  Google Scholar 

  4. Deebak BD, Muthaiah R, Thenmozhi K, Swaminathan PI Analyzing three-party authentication and key agreement protocol for real time IP multimedia server-client systems. Multimed Tools Appl:1–23. doi:10.1007/s11042-015-2542-4

  5. Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A (1999) HTTP authentication: basic and digest access authentication. IETF RFC2617

  6. Farash MS, Kumari S, Bakhtiari M (2015) Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Multimed Tools Appl:1–20. doi:10.1007/s11042-015-2487-7

  7. Farash MS (2014) An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int J Commun Syst. doi:10.1002/dac.2879

    Google Scholar 

  8. Guo L, Zhang C, Sun J, Fang Y (2014) A privacy-preserving attribute-based authentication system for mobile health networks. IEEE Trans Mobile Comput 13 (9):1927–1941

    Article  Google Scholar 

  9. Irshad A, Sher M, Rehman E, Ashraf ChS, Hassan MU, Ghani A (2013) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl. doi:10.1007/s11042-013-1807-z

    Google Scholar 

  10. Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. Int J Commun Syst. doi:10.1002/dac.2767

    Google Scholar 

  11. Jo HJ, Paik JH, Lee DH (2014) Efficient Privacy-Preserving Authentication in Wireless Mobile Networks. IEEE Trans Mob Comput 13(7):1469–1481

    Article  Google Scholar 

  12. Kilinc HH, Yanik T (2014) A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tut 16(2):1005–1023

    Article  Google Scholar 

  13. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209

    Article  MathSciNet  MATH  Google Scholar 

  14. Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Design Code Cryptogr 19:173–193

    Article  MathSciNet  MATH  Google Scholar 

  15. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Advances in Cryptology(Crypto’99), vol 1666, pp 788–797

  16. Liu J, Zhang Z, Chen X, Kwak KS (2014) Certificateless Remote Anonymous Authentication Schemes for WirelessBody Area Networks. IEEE Trans Parall Dister 25 (2):332–342

    Article  Google Scholar 

  17. Lu RX, Lin XD, Zhu HJ, Liang XH, Shen XM (2012) BECAN: a bandwidth-efficient cooperative authentication scheme for filtering injected false data in wireless sensor networks. IEEE Trans Paral Dister 23(1):32–43

    Article  Google Scholar 

  18. Lu YR, Li LX, Peng HP, Yang YX (2015) Robust and efficient authentication scheme for session initiation protocol. Math Probl Eng. 2015, Article ID 894549, p 9. doi:10.1155/2015/894549

  19. Miller V (1986) Uses of elliptic curves in cryptography. In: Advances in cryptology CRYPTO’85. Lecture Notes in Computer Science, vol 218. Springer, Berlin Heidelberg New York, pp 417–426

    Google Scholar 

  20. Qin Z, Xiong H, Zhu G, Chen Z (2014) Certificate-free ad hoc anonymous authentication. Inf Sci 268:447–457

    Article  MathSciNet  MATH  Google Scholar 

  21. Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R, Handley M, Schooler E (2002) SIP: session initiation protocol. IETFRFC 3261

  22. Song R (2010) Advanced smart card based password authentication protocol. Comput Stand & Inter 32(5):321–325

    Article  Google Scholar 

  23. Sun DZ, Huai JP, Sun JZ, Zhang JW, Feng ZY (2009) Improvements of Juang et al.’s password-authenticated key agreement scheme using smart cards. IEEE Trans Ind Electron 56(6):2284–2291

    Article  Google Scholar 

  24. Tang H, Liu X (2013) Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 65(3):321–333

    Article  Google Scholar 

  25. Tu H, Kumar N, Chilamkurti N et al (2014) An improved authentication protocol for session initiation protocol using smart card. Peer Peer Netw Appl, pp 1–8

  26. Turkanović M, Brumen B, Hölbl M (2014) A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Netw 20:96–112

    Article  Google Scholar 

  27. Wang D, He DB, Wang P, Chu CH (2014) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Depend Secure. doi:10.1109/TDSC.2014.2355850

  28. Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386

    Article  Google Scholar 

  29. Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Comput Stand Inter 36(2):397–402

    Article  Google Scholar 

  30. Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst. doi:10.1002/dac.2499

    Google Scholar 

  31. Zhang L, Tang S, Cai Z (2014) Cryptanalysis and improvement of password authenticated key agreement for session initiation protocol using smart cards. Secur Commun Netw. doi:10.1002/sec.951

    Google Scholar 

  32. Zhu XY, Jiang SR, Wang LM, Li H (2014) Efficient privacy-preserving authentication for vehicular ad hoc networks. IEEE Trans Veh Technol 63(2):907–919

    Article  Google Scholar 

Download references

Acknowledgments

The authors are grateful to all the anonymous reviewers for their valuable comments. This study is supported by the National Natural Science Foundation of China (Grant nos. 61472045, and 61573067), the Asia Foresight Program under NSFC Grant (Grant No. 61411146001), the BUPT Excellent Ph.D. Students Foundation (Grant No. CX2015310), and the Beijing Natural Science Foundation (Grant No. 4142016)

Author information

Authors and Affiliations

  1. Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China

    Yanrong Lu, Lixiang Li, Haipeng Peng & Yixian Yang

  2. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing, 100876, China

    Yanrong Lu, Lixiang Li, Haipeng Peng & Yixian Yang

Authors
  1. Yanrong Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lixiang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haipeng Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yixian Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lixiang Li.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lu, Y., Li, L., Peng, H. et al. An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 76, 1801–1815 (2017). https://doi.org/10.1007/s11042-015-3166-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-015-3166-4

Keywords

Search

Navigation