Skip to main content
SpringerLink
Log in

Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Authentication is an important security requirement for session initiation protocol (SIP). The conventional authentication method for SIP is HTTP Digest authentication which is insecure against several security attacks. Hence, several authentication schemes have been proposed for SIP. Most recently, Jiang et al. and Yeh et al. proposed two separate authentication and key agreement schemes for SIP using smart cards. The present paper shows that Jiang et al.’s scheme is vulnerable to user impersonation attacks and Yeh et al.’s scheme is insecure against offline password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned drawbacks, this paper proposes a new two-factor authentication and key agreement scheme for SIP. Security and performance analyses show that the proposed scheme not only enhances the security, but also improves the efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R (2002) SIP: session initiation protocol. IETF RFC3261

  2. Arshad H, Nikooghadam M (2014) Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J Med Syst. doi:10.1007/s10916-014-0136-8

  3. Franks J, Hallam-Baker PM, Hostetler JL, Lawrence SD, Leach PJ, Luotonen A, Stewart LC (1999) HTTP authentication: basic and digest access authentication. IETF RFC2617

  4. Salsano S, Veltri L, Papalilo D (2002) SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw 16:38–44

    Article  Google Scholar 

  5. Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S, Ehlert S, Sisalem D (2006) Survey of security vulnerabilities in session initial protocol. IEEE Commun Surv Tutor 8(3):68–81

    Article  Google Scholar 

  6. Sisalem D, Kuthan J, Ehlert S (2006) Denial of service attacks targeting a Sip VoIP infrastructure: stack scenarios and prevention mechanisms. IEEE Network 20(5):26–31

    Article  Google Scholar 

  7. Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386

    Article  Google Scholar 

  8. Yoon EJ, Yoo KY, Kim C, Hong Y, Jo M, Chen H (2010) A secure and efficient SIP authentication scheme for converged VoIP networks. Comput Commun 33(14):1674–1681

    Article  Google Scholar 

  9. Tang H, Liu X (2013) Cryptanalysis of Arshad et al’.s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 65((3)):321–333

    Article  MathSciNet  Google Scholar 

  10. Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. World Enformatika Soc Trans Eng Comput Technol 8:350–353

    Google Scholar 

  11. Hankerson D, Menezes A, Vanstone S (2004) Guide to elliptic curve cryptography. Springer, New York

    MATH  Google Scholar 

  12. Yoon EJ, Yoo KY (2009) Cryptanalysis of DS-SIP authentication scheme using ECDH. In: 2009 international conference on new trends in information and service science, pp 642–647

  13. Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Stand Interfaces 31(2):286–291

    Article  Google Scholar 

  14. Liu FW, Koenig H (2011) Cryptanalysis of a SIP authentication scheme. 12th IFIP TC6/TC11 international conference, CMS 2011. Ghent, Belgium, pp 134–143

  15. Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312–316

    Google Scholar 

  16. Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178

    Article  Google Scholar 

  17. He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429

    Article  Google Scholar 

  18. Pu Q, Wang J, Wu S (2013) Secure SIP authentication scheme supporting lawful interception. Secur Commun Netw 6:340–350

    Article  Google Scholar 

  19. Irshad A, Sher M, Faisal MS, Ghani A, Hassan MU, Ashraf ChS (2014) A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur Commun Netw 7:1210–1218

    Article  Google Scholar 

  20. Arshad H, Nikooghadam M (2014) An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed Tools Appl. doi:10.1007/s11042-014-2282-x

  21. Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst. doi:10.1002/dac.2499

  22. Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw. Appl. doi:10.1007/s12083-014-0248-4

  23. Zhang L, Tang S, Cai Z (2014) Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards. Secur Commun Netw. doi:10.1002/sec.951

  24. Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. Int J Commun Syst. doi:10.1002/dac.2767

  25. Irshad A, Sher M, Rehman E, Ashraf ChS, Hassan MU, Ghani A (2013) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl. doi:10.1007/s11042-013-1807-z

  26. Farash MS (2014) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw. Appl. doi:10.1007/s12083-014-0315-x

  27. Farash MS (2014) An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int J Commun Syst. doi:10.1002/dac.2879

  28. Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Comput Stand Interfaces 36(2):397–402

    Article  Google Scholar 

  29. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Advances in Cryptology, CRYPTO’991999. 1666:788–797

  30. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  31. He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Inf Fusion 13(3):223–230

    Article  Google Scholar 

  32. Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Des Code Cryotogr 19:173–193

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran

    Hamed Arshad & Morteza Nikooghadam

Authors
  1. Hamed Arshad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Morteza Nikooghadam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hamed Arshad.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Arshad, H., Nikooghadam, M. Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol. J Supercomput 71, 3163–3180 (2015). https://doi.org/10.1007/s11227-015-1434-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-015-1434-8

Keywords

Search

Navigation