Skip to main content
SpringerLink
Log in

An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The session initiation protocol (SIP) is a powerful and superior signaling protocol for the voice over internet protocol (VoIP). Authentication is an important security requirement for SIP. Hitherto, many authentication schemes have been proposed to enhance the security of SIP. Recently, Irshad et al. proposed an improved authentication scheme concerning SIP, in which they claimed that their scheme is secure against various security attacks. However, in this paper, we conclude that Irshad et al.’s scheme is vulnerable to user impersonation attacks. Furthermore, a novel authentication and key agreement scheme is proposed for SIP using elliptic curve cryptosystem (ECC). Security and performance analyses demonstrate that the proposed scheme is secure against security attacks of various types and has low computation cost compared to previously proposed schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178

    Article  Google Scholar 

  2. Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. World Enformatika Soc Trans Eng Comput Technol 8:350–353

    Google Scholar 

  3. Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inform Technol Control 42(4):333–342

    Article  Google Scholar 

  4. Frank M, Biedert R, Ma E, Martinovic I, Song D (2013) Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans Inf Forensic Secur 8(1):136–148

    Article  Google Scholar 

  5. Franks J, Hallam-Baker PM, Hostetler JL, Lawrence SD, Leach PJ, Luotonen A, Stewart LC (1999) HTTP authentication: basic and digest access authentication. IETF RFC 2617

  6. Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S, Ehlert S, Sisalem D (2006) Survey of security vulnerabilities in session initial protocol. IEEE Commun Surv Tutor 8(3):68–81

    Article  Google Scholar 

  7. Hankerson D, Menezes A, Vanstone S (2004) Guide to elliptic curve cryptography. Springer, New York

    MATH  Google Scholar 

  8. Harn L (2013) Group authentication. IEEE Trans Comput 62(9):1893–1898

    Article  MathSciNet  Google Scholar 

  9. He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429

    Article  Google Scholar 

  10. He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf Fusion 13(3):223–230

    Article  Google Scholar 

  11. Irshad A, Sher M, Rehman E, Ashraf Ch S, Hassan MU, Ghani A (2013) A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card. Multimed Tools Appl. doi:10.1007/s11042-013-1807-z

    Google Scholar 

  12. Irshad A, Sher M, Faisal MS, Ghani A, Hassan MU, Ashraf Ch S (2014) A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur Commun Netw 7:1210–1218

    Article  Google Scholar 

  13. Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. Int J Commun Syst. doi:10.1002/dac.2767

    Google Scholar 

  14. Kilinc HH, Yanik T (2014) A survey of SIP authentication and key agreement schemes. IEEE Commun Surv Tutor 16(2):1005–1023

    Article  Google Scholar 

  15. Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Des Code Crypt 19:173–193

    Article  MathSciNet  MATH  Google Scholar 

  16. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Advances in Cryptology, CRYPTO’991999; 1666:788–797

  17. Ku WC, Chen CM, Lee HL (2003) Cryptanalysis of a variant of Peyravian-Zunic’s password authentication scheme. IEICE Trans Commun E86-B(5):1682–1684

    Google Scholar 

  18. Li X, Zhang Y, Zhang G (2013) A new certificateless authenticated key agreement protocol for SIP with different KGCs. Secur Commun Netw 6:631–643

    Article  Google Scholar 

  19. Liu FW, Koenig H (2011) Cryptanalysis of a SIP authentication scheme. In: 12th IFIP TC6/TC11 International Conference, CMS 2011, Ghent, Belgium, pp 134–143

  20. Liu H, Ning H (2011) Zero-knowledge authentication protocol based on alternative mode in RFID systems. IEEE Sensors J 11(12):3235–3245

    Article  MathSciNet  Google Scholar 

  21. Lynn B. Pairing-based cryptography library, available at http://crypto.stanford.edu/pbc/

  22. Ma CG, Wang D, Zhao SD (2012) Security flaws in two improved remote user authentication schemes using smart cards. Int J Commun Syst. doi:10.1002/dac.2468

    Google Scholar 

  23. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  24. Nikooghadam M, Zakerolhosseini A (2012) Secure communication of medical information using mobile agents. J Med Syst 36(6):3839–3850

    Article  Google Scholar 

  25. Nikooghadam M, Zakerolhosseini A, Moghaddam ME (2010) Efficient utilization of elliptic curve cryptosystem for hierarchical access control. J Syst Softw 83(10):1917–1929

    Article  Google Scholar 

  26. Pu Q, Wang J, Wu S (2013) Secure SIP authentication scheme supporting lawful interception. Secur Commun Netw 6:340–350

    Article  Google Scholar 

  27. Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R (2002) SIP: session initiation protocol. IETF RFC3261

  28. Salsano S, Veltri L, Papalilo D (2002) SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw 16:38–44

    Article  Google Scholar 

  29. Sisalem D, Kuthan J, Ehlert S (2006) Denial of service attacks targeting a Sip VoIP infrastructure: stack scenarios and prevention mechanisms. IEEE Netw 20(5):26–31

    Article  Google Scholar 

  30. Sisalem D, Floroiu J, Kuthan J, Abend U, Schulzrinne H (2009) SIP security. Wiley, Chichester

    Book  Google Scholar 

  31. Stallings W (2005) Cryptography and network security: principles and practice, 4th edn. Prentice Hall, Upper Saddle River

    Google Scholar 

  32. Tang H, Liu X (2013) Cryptanalysis of Arshad et al’.s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 65(3):321–333

    Article  Google Scholar 

  33. Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312–316

    Google Scholar 

  34. Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl. doi:10.1007/s12083-014-0248-4

    Google Scholar 

  35. Vanstone SA (1997) Elliptic curve cryptosystem-the answer to strong, fast public-key cryptography for securing constrained environments. Inf Secur Tech Rep 12:78–87

    Article  Google Scholar 

  36. Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Stand Interfaces 31(2):286–291

    Article  Google Scholar 

  37. Wu S, Pu Q, Kang F (2013) Practical authentication scheme for SIP. Peer-to-Peer Netw Appl 6(1):61–74

    Article  Google Scholar 

  38. Wu K, Gong P, Wang J, Yan X, Li P (2013) An improved authentication protocol for session initiation protocol using smart card and elliptic curve cryptography. Rom J Inf Sci Technol 16(4):324–335

    Google Scholar 

  39. Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54

    Article  Google Scholar 

  40. Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386

    Article  Google Scholar 

  41. Yoon EJ, Yoo KY (2009) Cryptanalysis of DS-SIP authentication scheme using ECDH. In: 2009 International Conference on New Trends in Information and Service Science 642–647

  42. Yoon EJ, Yoo KY, Kim C, Hong Y, Jo M, Chen H (2010) A secure and efficient SIP authentication scheme for converged VoIP networks. Comput Commun 33(14):1674–1681

    Article  Google Scholar 

  43. Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst. doi:10.1002/dac.2499

    Google Scholar 

  44. Zhang L, Tang S, Cai Z (2014) Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards. Secur Commun Netw. doi:10.1002/sec.951

    Google Scholar 

  45. Zhou L, Chao H-C, Vasilakos AV (2011) Joint forensics-scheduling strategy for delay-sensitive multimedia applications over heterogeneous networks. IEEE J Sel Areas Commun 29(7):1358–1367

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran

    Hamed Arshad & Morteza Nikooghadam

Authors
  1. Hamed Arshad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Morteza Nikooghadam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Morteza Nikooghadam.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Arshad, H., Nikooghadam, M. An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed Tools Appl 75, 181–197 (2016). https://doi.org/10.1007/s11042-014-2282-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-014-2282-x

Keywords

Search

Navigation