Abstract
In 2014, Arshad and Nikooghadam proposed an authentication and key agreement scheme for SIP to conquer the existing defects in Irshad et al.’s scheme. They claimed that their scheme resists various security attacks and has low computation cost. We found that even though Arshad et al.’s scheme achieves high efficiency, their scheme is insecure against server spoofing attacks, denial of service attacks and privilege insider attacks. Furthermore, the password change phase of their scheme is complicated and their scheme cannot provide user anonymity. To overcome the weaknesses of Arshad et al.’s scheme, we proposed an anonymous and secure authentication and key agreement protocol for SIP. Compared with Arshad et al.’s scheme, our scheme not only withstands more security attacks, but also achieves user anonymity and high efficiency.
Similar content being viewed by others
References
Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178
Arshad H, Nikooghadam M (2014) An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed Tools Appl. doi:10.1007/s11042-014-2282-x
Franks J, Hallam-Baker PM, Hostetler JL, Lawrence SD, Leach PJ, Luotonen A, Stewart LC (1999) HTTP authentication: basic and digest access authentication. IETF RFC 2617
Guo DL, Wen QY, Li WM, Zhang H, Jin ZP (2015) An improved biometrics-based authentication scheme for Telecare medical information systems. J Med Syst. doi:10.1007/s10916-015-0194-6
Irshad A, Sher M, Rehman E, Ashraf ChS, Hassan MU, Ghani A (2013) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl. doi:10.1007/s11042-013-1807-z
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Advances in Cryptology-CRYPTO’99 1666(16):388–397
Leng XF (2009) Smart card applications and security. Inf Secur Tech Rep 14 (2):36–45
Li X, Ma J, Wang WD, Xiong YP (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R (2002) SIP: session initiation protocol. IETF RFC 3261
Wen FT (2014) A more secure anonymous user authentication scheme for the integrated EPR information system. J Med Syst 38(5):1–7
Wen FT, Susilo W, Yang GM (2014) A robust smart card based anonymous user authentication protocol for wireless communications. Secur Commun Netw 7(6):987–993
Wood A, Stankovic JA (2002) Denial of service in sensor networks. Computer 35(10):54–62
Xue KP, Hong PL, Ma CS (2014) A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J Comput Syst Sci 80(1):195–206
Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Comput Stand Inter 36(2):397–402
Zhang Z, Sun Q, Wong WC, Apostolopoulos J, Wee S (2007) Rate-distortion-authentication optimized streaming of authenticated video. IEEE Trans Circuits Syst Video Technol 17(5):544–557
Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int ournal Commun Syst 27(11):2691–2702
Zhou L, Chao HC, Vasilakos AV (2011) Joint forensics-scheduling strategy for delay-sensitive multimedia applications over heterogeneous networks. IEEE J Sel Areas Commun 29(7):1358–1367
Acknowledgments
The authors are grateful to the editor and anonymous reviewers for their valuable suggestions. This work is supported by Natural Science Foundation of Shandong Province (No. ZR2013FM009).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lin, H., Wen, F. & Du, C. An anonymous and secure authentication and key agreement scheme for session initiation protocol. Multimed Tools Appl 76, 2315–2329 (2017). https://doi.org/10.1007/s11042-015-3220-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-015-3220-2