Skip to main content
SpringerLink
Log in

An Improved SIP Authenticated Key Agreement Based on Dongqing et al.

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The IP multimedia subsystem represents an architectural framework to support multimedia-based services using internet protocol over wired and wireless media. These IP-based multimedia services rely on session initiation protocol (SIP) for creating, maintaining and terminating the communicative sessions, which underscores the efficiency and security of SIP protocol. Many SIP based authentication schemes have been put forward in the last decade, however with many limitations. Recently, Lu et al. and Chaudhary et al. presented SIP based authentication protocols. Then, Dongqing et al. discovered limitations in Lu et al. and Chaudhary et al. schemes, and presented an improved SIP authentication protocol. Nonetheless, we ascertain that Dongqing et al.’s protocol is prone to privileged insider attack, denial of service attack, and session specific ephemeral secret-leakage attack. Besides, this protocol assumes a strictly time synchronized system, which limits the practical effectiveness of the protocol for a real environment. We also propose an improved SIP authentication protocol that covers the limitations of Dongqing et al. protocol. Our scheme is formally proved as secure using BAN logic analysis. The performance analysis illustrates the comparison for related schemes with proposed scheme, which depicts the efficiency and robustness of the scheme over previous schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. 3rd Generation Partnership Project: Technical Specification Group Services and System Aspects; IP multimedia subsystem (IMS). 3GPP TS 23.228 V11.4.0 (2012).

  2. Poikselkä, M., Niemi, A., Khartabil, H., & Mayer, G. (2007). The IMS: IP multimedia concepts and services (2nd Edn.). ISBN: 978-0-470-03183-4.

  3. Arkko, J., Torvinen, V., Camarillo, G., Niemi, A., & Haukka, T. (2003). Security mechanism agreement for the session initiation protocol (sip). Cognitiva,12(1), 37–61.

    Google Scholar 

  4. Salsano, S., Veltri, L., & Papalilo, D. (2002). SIP security issues: The SIP authentication procedure and its processing load. Piscataway: IEEE Press.

    Google Scholar 

  5. Chaudhry, S. A., Naqvi, H., Sher, M., Farash, M. S., & Hassan, M. U. (2015). An improved and provably secure privacy preserving authentication protocol for sip. Peer-to-Peer Networking and Applications,10, 1–15.

    Article  Google Scholar 

  6. Yi, P. L., & Wang, S. S. (2010). A new secure password authenticated key agreement scheme for sip using self-certified public keys on elliptic curves. Computer Communications,33(3), 372–380.

    Article  Google Scholar 

  7. Thomas, M. (2001). SIP security requirements. IETF Intemet dren (draftthomas-sip-sec-reg’OO. txt).

  8. Yoon, E. J., Shin, Y. N., Il, S. J., & Yoo, K. Y. (2010). Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Technical Review,27(3), 203–213.

    Article  Google Scholar 

  9. Leach, P. J., Franks, J., Luotonen, A., Hallam-Baker, P. M., Lawrence, S. D., Hostetler, J. L., & Stewart, L. C. (1999). HTTP authentication: Basic and digest access authentication.

  10. Yang, C. C., Wang, R. C., & Liu, W. T. (2005). Secure authentication scheme for session initiation protocol. Computers & Security,24(5), 381–386.

    Article  Google Scholar 

  11. Denning, D. E., & Sacco, G. M. (1981). Timestamps in key distribution systems. Communications of the ACM,24(8), 533–536.

    Article  Google Scholar 

  12. He, D., Chen, J., & Chen, Y. (2012). A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks,5(12), 1423–1429.

    Article  Google Scholar 

  13. Durlanik, A., & Sogukpinar, I. (2005). Sip authentication scheme using ecdh. Screen,137, 3367.

    Google Scholar 

  14. Liufei, W., Zhang, Y., & Wang, F. (2009). A new provably secure authentication and key agreement protocol for sip using ecc. Computer Standards & Interfaces,31(2), 286–291.

    Article  Google Scholar 

  15. Yoon, E. J., Yoo, K. Y., Kim, C., Hong, Y. S., Jo, M., & Chen, H. H. (2010). A secure and efficient sip authentication scheme for converged voip networks. Computer Communications,33(14), 1674–1681.

    Article  Google Scholar 

  16. Gokhroo, M. K., Jaidhar, C. D., & Tomar, A. S. (2011). Cryptanalysis of sip secure and efficient authentication scheme. In: IEEE international conference on communication software and networks, pp. 308–310.

  17. Pu, Q. (2010). Weaknesses of SIP authentication scheme for converged VoIP networks. IACR Cryptol ePrint Arch, 464.

  18. Jia, L. T. (2009). Efficient nonce-based authentication scheme for session initiation protocol. International Journal of Network Security,8(1), 12–16.

    Google Scholar 

  19. Arshad, R., & Ikram, N. (2013). Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimedia Tools and Applications,66(2), 165–178.

    Article  Google Scholar 

  20. Chen, T., Yeh, H., Liu, P., Hsiang, H., & Shih, W. (2010). A secured authentication protocol for sip using elliptic curves cryptography. Communications in Computer and Information Science,119, 46–55.

    Article  Google Scholar 

  21. Lin, C. L., & Hwang, T. (2003). A password authentication scheme with secure password updating. Computers & Security,22(1), 68–72.

    Article  Google Scholar 

  22. Yoon, E. J., & Yoo, K. Y. (2009). Cryptanalysis of ds-sip authentication scheme using ecdh. In: International conference on new trends in information and service science, pp. 642–647.

  23. Xie, Q. (2012). A new authenticated key agreement for session initiation protocol. International Journal of Communication Systems,25(1), 47–54.

    Article  Google Scholar 

  24. Farash, M. S., & Attari, M. A. (2013). An enhanced authenticated key agreement for session initiation protocol. Information Technology And Control,42(4), 333–342.

    Article  Google Scholar 

  25. Zhang, Z., Qi, Q., Kumar, N., Chilamkurti, N., & Jeong, H. Y. (2015). A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimedia Tools and Applications,74(10), 3477–3488.

    Article  Google Scholar 

  26. Yanrong, L., Li, L., Peng, H., & Yang, Y. (2016). A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Networking and Applications,9(2), 1–11.

    Google Scholar 

  27. Chaudhry, S. A., Khan, I., Irshad, A., Ashraf, M. U., Khan, M. K., & Ahmad, H. F. (2016). A provably secure anonymous authentication scheme for session initiation protocol. Security and Communication Networks,9, 5016–5027.

    Article  Google Scholar 

  28. Xu, D., Zhang, S., Chen, J., & Ma, M. (2017). A provably secure anonymous mutual authentication scheme with key agreement for SIP using ECC. Peer-to-Peer Networking and Applications,11, 837–847.

    Article  Google Scholar 

  29. Vanstone, A. (1997). Elliptic curve cryptosystem—The answer to strong, fast public-key cryptography for securing constrained environments. Information Security Technical Report,2(2), 78–87.

    Article  Google Scholar 

  30. Lumini, A., & Loris, N. (2007). An improved Bio-hashing for human authentication. Pattern Recognition,40(3), 1057–1065.

    Article  Google Scholar 

  31. Jin, A. T. B., Ling, D. N. C., & Goh, A. (2004). Bio-hashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition,37(11), 2245–2255.

    Article  Google Scholar 

  32. Odelu, V., Das, A. K., & Goswami, A. (2014). A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Information Sciences,269(4), 270–285.

    Article  MathSciNet  Google Scholar 

  33. Mansoor, K., Ghani, A., Chaudhry, S. A., Shamshirband, S., & Ghayyur, S. A. K. (2019). Securing IoT based RFID systems: A robust authentication protocol using symmetric cryptography. Sensors, 19(21), 4752. https://doi.org/10.3390/s19214752.

    Article  Google Scholar 

  34. Ghani, A., Mansoor, K., Mehmood, S., Chaudhry, S. A., & Rahman, A. U. (2019). M Najmus Saqib, Security and key management in IoT based wireless sensor networks: An authentication protocol using symmetric key. International Journal of Communication Systems, 32(16), e4139. https://doi.org/10.1002/dac.4139.

    Article  Google Scholar 

  35. Burrows, M., Abadi, M., & Needham, R. M. (1871). A logic of authentication. Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences,1989(426), 233–271.

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Mahmood Ul Hassan

  2. Department of Computer Engineering, Istanbul Gelisim University, Istanbul, Turkey

    Shehzad Ashraf Chaudhry

  3. Department of Computer Science, University of Sialkot, Sialkot, Pakistan

    Azeem Irshad

Authors
  1. Mahmood Ul Hassan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Azeem Irshad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Azeem Irshad.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ul Hassan, M., Chaudhry, S.A. & Irshad, A. An Improved SIP Authenticated Key Agreement Based on Dongqing et al.. Wireless Pers Commun 110, 2087–2107 (2020). https://doi.org/10.1007/s11277-019-06831-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06831-y

Keywords

Search

Navigation