Skip to main content
SpringerLink
Log in

A biometric-based authenticated key agreement scheme for session initiation protocol in ip-based multimedia networks

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Session Initial Protocol (SIP) has been widely adopted for signaling and controlling interactive sessions in multimedia communication networks. Despite its various advantages compared to predecessor protocols, the security and privacy of the SIP remain challenges due to the risk of real-world public networks. While most SIP applications utilize end-to-end communications, existing studies mainly focus on client-server protocols. In this study, we propose a novel SIP authenticated key agreement protocol for all user-server, user-user, and group communications. An end user employs a short-term token to communicate with either end-users or multimedia servers without connecting to a trusted server. Our security analyzes show that the scheme not only resists all known attacks, but provides the system with many desirable features, including direct end-to-end communications, preserving biometric template privacy, user access control, smart card revocation, and long-term secret updates. The latency of the authenticated key agreement phase is relatively small, and thus this signaling protocol is appropriate for a wide range of real-time applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Arshad H, Nikooghadam M (2014) Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J Med Syst 38(12):136

    Article  Google Scholar 

  2. Arshad H, Nikooghadam M (2015) Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol. J Supercomput 71(8):3163–3180

    Article  Google Scholar 

  3. Arshad H, Nikooghadam M (2016) An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc. Multimed Tools Appl 75(1):181–197

    Article  Google Scholar 

  4. Barker E (2016) Recommendation for key management part 1: General (revision 4). NIST Spec Publ 800(57):1–147

    Google Scholar 

  5. Butcher D, Li X, Guo J (2007) Security challenge and defense in VoIP infrastructures. IEEE Trans Syst Man Cybern Part C (Appl Rev) 37(6):1152–1162

    Article  Google Scholar 

  6. Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU (2015) An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Networking and Applications, pp 1–15. https://doi.org/10.1007/s12083-015-0400-9

  7. Das AK, Bruhadeshwar B (2013) An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J Med Syst 37(5):1–17

    Article  Google Scholar 

  8. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198– 208

    Article  MathSciNet  MATH  Google Scholar 

  9. Eckhoff D, Wagner I (2017) Privacy in the smart city–applications, technologies, challenges and solutions. IEEE Communications Surveys & Tutorials. https://doi.org/10.1109/COMST.2017.2748998

  10. Farash MS, Attari MA (2014) An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. International Journal of Communication Systems

  11. Farash MS (2016) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw Appl 9(1):82–91

    Article  Google Scholar 

  12. Farash MS, Kumari S, Bakhtiari M (2016) Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Multimed Tools Appl 75(8):4485–4504

    Article  Google Scholar 

  13. Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A, Stewart L (1999) HTTP authentication: Basic and digest access authentication. Technical report IETF

  14. Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S, Ehlert S, Sisalem D et al (2006) Survey of security vulnerabilities in session initiation protocol. IEEE Commun Surv Tutorials 8(1-4):68–81

    Article  Google Scholar 

  15. Handley M, Schulzrinne H, Schooler E, Rosenberg J (1999) SIP: session initiation protocol. Technical report IETF

  16. Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ashraf Ch S (2014) A secure authentication scheme for session initiation protocol by using ECC on the basis of the tang and liu scheme. Secur Commun Netw 7(8):1210–1218

    Article  Google Scholar 

  17. Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2015) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl 74(11):3967–3984

    Article  Google Scholar 

  18. Islam SH (2015) Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf Sci 312:104–130

    Article  MathSciNet  MATH  Google Scholar 

  19. Jain AK, Nandakumar K, Nagar A (2008) Biometric template security. EURASIP J Adv Signal Process 2008:113

    Article  Google Scholar 

  20. Jiang Q, Ma J, Tian Y (2015) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang others. Int J Commun Syst 28(7):1340–1351

    Article  Google Scholar 

  21. Keromytis AD (2012) A comprehensive survey of voice over ip security research. IEEE Commun Surv Tutorials 14(2):514–537

    Article  Google Scholar 

  22. Kumari S, Chaudhry SA, Wu F, Li X, Farash MS, Khan MK (2015) An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Networking and Applications, pp 1–14. https://doi.org/10.1007/s12083-015-0409-0

  23. Leng L, Zhang J (2013) Palmhash code vs. palmphasor code. Neurocomputing 108:1–12

    Article  Google Scholar 

  24. Leng L, Teoh ABJ, Li M, Khan MK (2014) Analysis of correlation of 2dpalmhash code and orientation range suitable for transposition. Neurocomputing 131:377–387

    Article  Google Scholar 

  25. Leng L, Teoh ABJ, Li M, Khan MK (2014) A remote cancelable palmprint authentication protocol based on multi-directional two-dimensional PalmPhasor-fusion. Secur Commun Netw 7(11):1860–1871

    Article  Google Scholar 

  26. Leng L, Teoh ABJ (2015) Alignment-free row-co-occurrence cancelable palmprint fuzzy vault. Pattern Recogn 48(7):2290–2303

    Article  Google Scholar 

  27. Leng L, Teoh ABJ, Li M, Khan MK (2015) Orientation range of transposition for vertical correlation suppression of 2dpalmphasor code. Multimed Tools Appl 74 (24):11,683–11,701

    Article  Google Scholar 

  28. Leng L, Teoh ABJ, Li M (2017) Simplified 2DPalmHash code for secure palmprint verification. Multimed Tools Appl 76(6):8373–8398

    Article  Google Scholar 

  29. Li Y, Li X, Liu X (2017) A fast and efficient hash function based on generalized chaotic mapping with variable parameters. Neural Comput Appl 28(6):1405–1415

    Article  Google Scholar 

  30. Liao YP, Wang SS (2010) A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves. Comput Commun 33 (3):372–380

    Article  Google Scholar 

  31. Liu Y, Nie L, Liu L, Rosenblum DS (2016) From action to activity: Sensor-based activity recognition. Neurocomputing 181:108–115

    Article  Google Scholar 

  32. Liu Y, Zheng Y, Liang Y, Liu S, Rosenblum DS (2016) Urban water quality prediction based on multi-task multi-view learning. In: Proceedings of the Twenty-Fifth International Joint Conference on Artificial Intelligence, IJCAI’16. AAAI Press, pp 2576–2582

  33. Lu Y, Li L, Yang Y (2015) Robust and efficient authentication scheme for session initiation protocol. Math Probl Eng 2015:1–9

    MathSciNet  Google Scholar 

  34. Lu Y, Li L, Peng H, Yang Y (2016) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl 9(2):449–459

    Article  Google Scholar 

  35. Meng F, Fu G, Butler D (2017) Cost-effective river water quality management using integrated real-time control technology. Environ Sci Technol 51(17):9876–9886

    Article  Google Scholar 

  36. Mishkovski I, Kocarev L (2011) Chaos-based public-key cryptography. In: Chaos-Based Cryptography. Springer, pp 27–65

  37. Mishra D, Das AK, Mukhopadhyay S (2016) A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-peer Netw Appl 9(1):171–192

    Article  Google Scholar 

  38. Mishra D, Das AK, Mukhopadhyay S, Wazid M (2016) A secure and robust smartcard-based authentication scheme for session initiation protocol using elliptic curve cryptography. Wirel Pers Commun 91(3):1361–1391

    Article  Google Scholar 

  39. Okamoto T, Pointcheval D (2001) The gap-problems: A new class of problems for the security of cryptographic schemes. In: International Workshop on Public Key Cryptography. Springer, pp 104–118

  40. Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R, Handley M, Schooler E (2002) SIP: session initiation protocol. Technical report IETF

  41. Schulzrinne H, Wedlund E (2000) Application-layer mobility using SIP. In: Service Portability and Virtual Customer Environments, 2000 IEEE. IEEE, pp 29–36

  42. Tu H, Kumar N, Chilamkurti N, Rho S (2015) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl 8 (5):903–910

    Article  Google Scholar 

  43. Wang CH, Liu Y (2011) A dependable privacy protection for end-to-end VoIP via Elliptic-Curve Diffie-Hellman and dynamic key changes. J Netw Comput Appl 34 (5):1545–1556

    Article  Google Scholar 

  44. Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Stand Interfaces 31(2):286–291

    Article  Google Scholar 

  45. Wu K, Gong P, Wang J, Yan X, Li P (2013) An improved authentication protocol for session initiation protocol using smart card and elliptic curve cryptography. Rom J Inf Sci Technol 16(4):324–335

    Google Scholar 

  46. Wu F, Xu L, Kumari S, Li X (2016) An improved and provably secure three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Networking and Applications, pp 1–20

  47. Xie Q, Tang Z (2016) Biometrics based authentication scheme for session initiation protocol. SpringerPlus 5(1):1045

    Article  Google Scholar 

  48. Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386

    Article  Google Scholar 

  49. Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Comput Stand Interfaces 36(2):397–402

    Article  Google Scholar 

  50. Yoon EJ, Yoo KY (2009) A new authentication scheme for session initiation protocol. CISIS 9:549–554

    Google Scholar 

  51. Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702

    Google Scholar 

  52. Zhang L, Tang S, Cai Z (2014) Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications. IET Commun 8(1):83–91

    Article  Google Scholar 

  53. Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong HY (2015) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 74(10):3477–3488

    Article  Google Scholar 

  54. Zhang L, Tang S, Zhu S (2016) An energy efficient authenticated key agreement protocol for SIP-based green VoIP networks. J Netw Comput Appl 59:126–133

    Article  Google Scholar 

  55. Zhang L, Tang S, Zhu S (2016) A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP. Peer-to-Peer Netw Appl 9(1):108–126

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Engineering and Computer Science, Feng Chia University, Taichung, 40724, Taiwan, Republic of China

    Ngoc-Tu Nguyen & Chin-Chen Chang

  2. Faculty of Natural Science and Technology, Tay Nguyen University, 567 Le Duan Road, Buon Ma Thuot City, DakLak, Vietnam

    Ngoc-Tu Nguyen

Authors
  1. Ngoc-Tu Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chin-Chen Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ngoc-Tu Nguyen.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nguyen, NT., Chang, CC. A biometric-based authenticated key agreement scheme for session initiation protocol in ip-based multimedia networks. Multimed Tools Appl 77, 23909–23947 (2018). https://doi.org/10.1007/s11042-018-5708-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-018-5708-z

Keywords

Search

Navigation