Skip to main content
SpringerLink
Log in

Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The session initiation protocol (SIP) has been receiving a lot of attention to provide security in the Voice over IP (VoIP) in Internet and mobility management. Recently, Yeh et al. proposed a smart card-based authentication scheme for SIP using elliptic curve cryptography (ECC). They claimed that their scheme is secure against known security attacks. However, in this paper, we indicate that Yeh et al.’s scheme is vulnerable to off-line password guessing attack, user impersonation attack and server impersonation attack, in the case that the smart card is stolen and the information stored in the smart card is disclosed. As a remedy, we also propose an improved smart card-based authentication scheme which not only conquers the security weaknesses of the related schemes but also provides a reduction in computational cost. The proposed scheme also provides the user anonymity and untraceability, and allows a user to change his/her password without informing the remote server. To show the security of our protocol, we prove its security the random oracle model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Abdalla M, Pointcheval D Interactive Diffie-Hellman assumptions with Applications to Password-based Authentication. In: Proceedings of FC’05, LNCS 3570, 2005, pp 341–356

  2. Arshad H, Nikooghadam M (2014) An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimedia Tools and Applications. doi:10.1007/s11042-014-2282-x

  3. Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178

    Article  Google Scholar 

  4. Bayat M, Farash MS, Movahed A (2010) A Novel Secure Bilinear Pairing Based Remote User Authentication Scheme with Smart Card. In: IEEE/IFIP International Conference on Embedded and Ubiquitous Computing (EUC), pp 578–582

  5. Chen TH, Yeh HL, Liu PC, Hsiang HC, Shih WK (2010) A secured authentication protocol for SIP using elliptic curves cryptography. In: CCIS, vol 119. Springer, pp 46–55

  6. Das AK, Goswami A (2013) A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J Med Syst. doi:10.1007/s10916-013-9948-1

  7. Farash MS, Attari MA (2014) An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn 77(1-2):399–411

    Article  MathSciNet  MATH  Google Scholar 

  8. Farash MS, Bayat M, Attari MA (2011) Vulnerability of two multiple-key agreement protocols. Comput Electr Eng 37(2):199–204

    Article  MATH  Google Scholar 

  9. Farash MS, Attari MA (2012) An id-based key agreement protocol based on ECC among users of separate networks. In: 9th International ISC Conference on Information Security and Cryptology (ISCISC’12), pp 32–37

  10. Farash MS, Attari MA (2014) A Pairing-free ID-based Key Agreement Protocol with Different PKGs. International journal of Network Security 16(2):143–148

    MathSciNet  Google Scholar 

  11. Farash MS, Attari MA (2014) An Enhanced and Secure Three-Party Password-based Authenticated Key Exchange Protocol without Using Server’s Public-Keys and Symmetric Cryptosystems. Information Technology And Control 43(2):143–150

    Article  MathSciNet  Google Scholar 

  12. Farash MS, Attari MA (2014) Cryptanalysis and improvement of a chaotic maps-based key agreement protocol using Chebyshev sequence membership testing. Nonlinear Dyn 76(2):1203–1213

    Article  MathSciNet  MATH  Google Scholar 

  13. Farash MS, Attari MA, Atani RE, Jami M (2013) A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput Electr Eng 39(2):530–541

    Article  Google Scholar 

  14. Farash MS, Attari MA (2013) Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC. ISC Int J Inf Secur 5(1):18–43

    Google Scholar 

  15. Farash MS, Attari MA, Bayat M (2012) A certificateless multiple-key agreement protocol without hash functions based on bilinear pairings. International Journal of Engineering and Technology 4(3):321–325

    Article  Google Scholar 

  16. Farash MS (2014) Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. J Supercomput. doi:10.1007/s11227-014-1272-0

  17. Farash MS, Attari MA (2014) An efficient client-client password-based authentication scheme with provable security. J Supercomput. doi:10.1007/s11227-014-1273-z

  18. Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. J Supercomput 69(1):395–411

    Article  MathSciNet  Google Scholar 

  19. Farash MS, Attari MA (2014) A provably secure and efficient authentication scheme for access control in mobile pay-TV systems. Multimed Tools Appl. doi:10.1007/s11042-014-2296-4

  20. Farash MS, Attari MA, Kumari S (2014) Cryptanalysis and improvement of a three-party password based authenticated key exchange protocol with user anonymity using extended chaotic maps. Int J Commun Syst. doi:10.1002/dac.2912

  21. Farash MS (2014) Cryptanalysis and improvement of “an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks”. Int J Netw Manag 25(1):31–51

    Article  MathSciNet  Google Scholar 

  22. Farash MS, Islam SH, Obaidat MS (2015) A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks. Concurrency and Computation: Practice & Experience. doi:10.1002/cpe.3477

  23. Farash MS, Attari MA (2013) An Enhanced Authenticated Key Agreement for Session Initiation Protocol. Information Technology and Control 42(4):333–342

    Article  Google Scholar 

  24. Farash MS, Attari MA (2014) An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. Int J Commun Syst. doi:10.1002/dac.2848

  25. Farash MS, Attari MA (2014) An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int J Commun Syst. doi:10.1002/dac.2879

  26. Farash MS (2014) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications. doi: 10.1007/s12083-014-0315-x

  27. Irshad A, Sher M, Rehman E, Ashraf Ch S, Hassan MU, Ghani A (2013) A single round-trip SIP authentication scheme for Voice over Internet Protocol using smart card. Multimed Tools Appl. doi:10.1007/s11042-013-1807-z

  28. Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smartcardbased password authenticated key agreement protocol for session initiation protocol of Zhang et al. Int J Commun Syst. 10.1002/dac.2767

  29. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Advances in Cryptology. CRYPTO99 1666:788–797

    Google Scholar 

  30. Lee YC (2013) Weakness and Improvement of the Smart Card Based Remote User Authentication Scheme with Anonymity. J Inf Sci Eng 29(6):1121–1134

    Google Scholar 

  31. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  32. Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312–316

    Google Scholar 

  33. Tang H, Liu X (2013) Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 65(3):321–333

    Article  Google Scholar 

  34. Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl. doi:10.1007/s12083-014-0248-4

  35. Wu S, Zhu Y, Pu Q (2012) Robust smartcardsbased user authentication scheme with user anonymity. Security and Communication Networks 5(2):236–248

    Article  Google Scholar 

  36. Wang Y (2012) Password protected smart card and memory stick authentication against off-line dictionary attacks. In: Proceedings of 27th IFIP TC 11 Information Security and Privacy Conference (SEC 2012). Springer, Heraklion, pp 489–500

  37. Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54

    Article  Google Scholar 

  38. Yoon EJ, Yoo KY A new authentication scheme for session initiation protocol, in 2009 International Conference on Complex, In: Intelligent and Software Intensive Systems, CISIS 2009, pp 549–554

  39. Yoon E, Shin Y, Jeon I, Yoo K (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Techn Rev 27 (3):203–213

    Article  Google Scholar 

  40. Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography. Computer Standards & Interfaces 36 (2):397–402

    Article  Google Scholar 

  41. Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card. Int J Commun Syst. doi:10.1002/dac.2499

  42. Zhang L, Tang S, Cai Z (2014) Cryptanalysis and improvement of password authenticated key agreement for session initiation protocol using smart cards. Secur Comm Networks. doi:10.1002/sec.951

Download references

Author information

Authors and Affiliations

  1. Faculty of Mathematical Sciences and Computer, Kharazmi University, Tehran, Iran

    Mohammad Sabzinejad Farash

  2. Department of Mathematics, Agra College, Agra, Dr. B. R. A. University, Agra, Uttar Pradesh, India

    Saru Kumari

  3. Faculty of Computing, University Technology Malaysia (UTM), Johor Bahru, Malaysia

    Majid Bakhtiari

Authors
  1. Mohammad Sabzinejad Farash
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Majid Bakhtiari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Sabzinejad Farash.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Farash, M.S., Kumari, S. & Bakhtiari, M. Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Multimed Tools Appl 75, 4485–4504 (2016). https://doi.org/10.1007/s11042-015-2487-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-015-2487-7

Keywords

Search

Navigation