Skip to main content
SpringerLink
Log in

A Secure and Robust Smartcard-Based Authentication Scheme for Session Initiation Protocol Using Elliptic Curve Cryptography

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The session initiation protocol (SIP) is a signaling communications protocol, which is widely used for controlling multimedia communication sessions. Recently, Yeh et al. presented an ECC-based authenticated protocol for SIP to conquer various attacks which were found in earlier schemes. In this paper, we analyze the security of Yeh et al.’s scheme and identify that Yeh et al.’s scheme is insecure. We demonstrate the vulnerability of Yeh et al.’s scheme to resist off-line password guessing attack, and their scheme also lacks the forward secrecy. We aim to propose an efficient improvement on Yeh et al.’s scheme to overcome the security weaknesses found in Yeh et al.’s scheme, while retaining the original merits. Through the rigorous informal security analysis and the formal security analysis using the widely-accepted Burrows–Abadi–Needham logic (BAN logic), we show that our scheme is secure against various known attacks including the attacks found in Yeh et al.’s scheme. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (automated validation of internet security protocols and applications) tool, and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, our proposed scheme is efficient in terms of the communication and computational overheads as compared to Yeh et al.’s scheme and other related existing schemes. To demonstrate the practicality of the scheme, we evaluate the proposed scheme using the broadly-accepted NS-2 network simulator.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Arkko, J., Torvinen, V., Camarillo, G., Niemi, A., Haukka, T. (2002). Security mechanism agreement for sip sessions. draft-ietfsip-sec-agree-04. txt.

  2. Arshad, R., & Ikram, N. (2013). Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimedia Tools and Applications, 66(2), 165–178.

    Article  Google Scholar 

  3. Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication proceedings of the royal society of London. A Mathematical and Physical Sciences, 426(1871), 233–271.

    Article  MathSciNet  MATH  Google Scholar 

  4. Caballero-Gil, C., Caballero-Gil, P., & Molina-Gil, J. (2014). Mutual authentication in self-organized vanets. Computer Standards & Interfaces, 36(4), 704–710.

    Article  Google Scholar 

  5. Durlanik, A., & Sogukpinar, I. (2005). Sip authentication scheme using ecdh. World Enformatika Socity Transations on Engineering Computing and Technology, 8, 350–353.

    Google Scholar 

  6. Farash, M. S. (2016). Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications, 9(1), 82–91.

    Article  Google Scholar 

  7. Gokhroo, M., Jaidhar, C., Tomar, A. (2011). Cryptanalysis of sip secure and efficient authentication scheme. In 2011 IEEE 3rd international conference on communication software and networks (ICCSN), IEEE pp. 308–310.

  8. Khan, M. K., Zhang, J., & Wang, X. (2008). Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaotic, Solitons and Fractals, 35(3), 519–524.

    Article  Google Scholar 

  9. Li, C. T., & Hwang, M. S. (2010). An efficient biometric-based remote authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.

    Article  Google Scholar 

  10. Li, X., Niu, J. W., Ma, J., Wang, W. D., & Liu, C. L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1), 73–79.

    Article  Google Scholar 

  11. Basin, D., Modersheim, S., & Vigano, L. (2005). OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 4(3), 181–208.

    Article  Google Scholar 

  12. Odelu, V., Das, A. K., & Goswami, A. (2015). A secure and efficient ecc-based user anonymity preserving single sign-on scheme for distributed computer networks. Security and Communication Networks, 8(9), 1732–1751.

    Article  Google Scholar 

  13. Lv, C., Ma, M., Li, H., Ma, J., & Zhang, Y. (2013). An novel three-party authenticated key exchange protocol using one-time key. Journal of Network and Computer Applications, 36(1), 498–503.

    Article  Google Scholar 

  14. Automated validation of internet security protocols and applications.http://www.avispa-project.org/package/usermanual. Accessed Mar 2013.

  15. Automated validation of internet security protocols and applications, avispa web tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed Dec 2014.

  16. von Oheimb, D. (2005). The high-level protocol specification language hlpsl developed in the eu project avispa. In Proceedings of APPSEM, 2005, 1–17.

  17. He, D., Chen, J., & Chen, Y. (2012). A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks, 5(12), 1423–1429.

    Article  Google Scholar 

  18. Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., et al. (2006). Survey of security vulnerabilities in session initiation protocol. IEEE Communications Surveys and Tutorials, 8(1–4), 68–81.

    Article  Google Scholar 

  19. Keromytis, A. D. (2012). A comprehensive survey of voice over IP security research. IEEE Communications Surveys & Tutorials, 14(2), 514–537.

    Article  Google Scholar 

  20. Geneiatakis, D., Kambourakis, G., Dagiuklas, T., Lambrinoudakis, C., Gritzalis, S. (2005) SIP Security Mechanisms: A state-of-the-art review. Proceedings of the fifth international network conference (INC 2005), (pp. 147–155).

  21. Geneiatakis, D., Kambourakis, G., Lambrinoudakis, C., Dagiuklas, T., & Gritzalis, S. (2007). A framework for protecting a SIP-based infrastructure against malformed message attacks. Computer Networks, 51(10), 2580–2593.

    Article  MATH  Google Scholar 

  22. Tsakountakis, A., Kambourakis, G., & Gritzalis, S. (2012). SIPA: Generic and secure accounting for SIP. Security and Communication Networks, 5(9), 1006–1027.

    Article  Google Scholar 

  23. Huang, H. F., & Wei, W. C. (2006). A new efficient authentication scheme for session initiation protocol. Computing, 1, 2.

    Google Scholar 

  24. Kambourakis, G. (2014). Anonymity and closely related terms in the cyberspace: An analysis by example. Journal of Information Security and Applications, 19(1), 2–17.

    Article  Google Scholar 

  25. Jo, H., Lee, Y., Kim, M., Kim, S., & Won, D. (2009). Off-line password-guessing attack to Yang’s and Huang’s authentication schemes for session initiation protocol. In Fifth IEEE International Joint Conference on INC, IMS and IDC, Seoul, South Korea (pp. 618–621).

  26. Lee, N. Y., & Chiu, Y. C. (2005). Improved remote authentication scheme with smart card. Computer Standards & Interfaces, 27(2), 177–180.

    Article  Google Scholar 

  27. Pu, Q. (2010). Weaknesses of sip authentication scheme for converged voip networks. IACR Cryptology ePrint Archive, 2010, 464.

    Google Scholar 

  28. Rhee, H. S., Kwon, J. O., & Lee, D. H. (2009). A remote user authentication scheme without using smart cards. Computer Standards & Interfaces, 31(1), 6–13.

    Article  Google Scholar 

  29. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., & Sparks, R., et al. (2002). Sip: Session initiation protocol. Technical report, RFC 3261, Internet Engineering Task Force.

  30. Salsano, S., Veltri, L., & Papalilo, D. (2002). Sip security issues: The sip authentication procedure and its processing load. Network, IEEE, 16(6), 38–44.

    Article  Google Scholar 

  31. Secure Hash Standard: FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, April (1995).

  32. Syverson, P., Cervesato, I. (2001). The logic of authentication protocols. In Foundations of security analysis and design (pp. 63–137). Springer.

  33. Thomas, M., et al. (2001) Sip security requirements. IETF Intemet dren (draftthomas-sip-sec-reg’OO. txt).

  34. Tsai, J. L. (2009). Efficient nonce-based authentication scheme for session initiation protocol. International Journal of Network Security, 9(1), 12–16.

    Google Scholar 

  35. Tu, H., Kumar, N., Chilamkurti, N., & Rho, S. (2015). An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Networking and Applications, 8(5), 903–910.

    Article  Google Scholar 

  36. Wang, X. M., Zhang, W. F., Zhang, J. S., & Khan, M. K. (2007). Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Computer Standards & Interfaces, 29(5), 507–512.

    Article  Google Scholar 

  37. Wu, L., Zhang, Y., & Wang, F. (2009). A new provably secure authentication and key agreement protocol for sip using ecc. Computer Standards & Interfaces, 31(2), 286–291.

    Article  Google Scholar 

  38. Wu, S., Pu, Q., & Kang, F. (2013). Practical authentication scheme for sip. Peer-to-Peer Networking and Applications, 6(1), 61–74.

    Article  Google Scholar 

  39. Xie, Q. (2012). A new authenticated key agreement for session initiation protocol. International Journal of Communication Systems, 25(1), 47–54.

    Article  Google Scholar 

  40. Mishra, D., Das, A. K., & Mukhopadhyay, S. (2016). A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Networking and Applications, 9(1), 171–192.

    Article  Google Scholar 

  41. Yang, C. C., Wang, R. C., & Liu, W. T. (2005). Secure authentication scheme for session initiation protocol. Computers & Security, 24(5), 381–386.

    Article  Google Scholar 

  42. Yeh, H. L., Chen, T. H., & Shih, W. K. (2014). Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Computer Standards & Interfaces, 36(2), 397–402.

    Article  Google Scholar 

  43. Yoon, E. J., Shin, Y. N., Jeon, I. S., & Yoo, K. Y. (2010). Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Technical Review, 27(3), 203–2013.

    Article  Google Scholar 

  44. Yoon, E. J., Yoo, K. Y., Kim, C., Hong, Y. S., Jo, M., & Chen, H. H. (2010). A secure and efficient sip authentication scheme for converged voip networks. Computer Communications, 33(14), 1674–1681.

    Article  Google Scholar 

  45. Das, A. K. (2016). A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Networking and Applications, 9(1), 223–244.

    Article  Google Scholar 

  46. Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.

    Article  Google Scholar 

  47. Barker, E., & Roginsky, A. (2011). SP 800–131A. Transitions: Recommendation for transitioning the use of cryptographic algorithms and key lengths.

  48. Kocher, P., Jaffe, J., Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology—CRYPTO’99, LNCS (vol. 1666, pp. 388–397).

  49. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  50. Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  MATH  Google Scholar 

  51. Zhang, L., Tang, S., & Cai, Z. (2014). Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. International Journal of Communication Systems, 27(11), 2691–2702.

    Google Scholar 

  52. Vanstone, S. (1992). Responses to NIST’s proposal. Communications of the ACM, 35(7), 50–52.

    Google Scholar 

  53. The Network Simulator-ns-2. http://www.isi.edu/nsnam/ns/. Accessed Mar 2016.

  54. Wang, J. (2016). NS-2 Tutorial. http://www.cs.virginia.edu/c̃s757/slidespdf/cs757-ns2-tutorial1. Accessed Apr 2016.

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, LNM Institute of Information Technology, Jaipur, 302 031, India

    Dheerendra Mishra

  2. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Ashok Kumar Das & Mohammad Wazid

  3. Department of Mathematics, Indian Institute of Technology, Kharagpur, 721 302, India

    Sourav Mukhopadhyay

Authors
  1. Dheerendra Mishra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sourav Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohammad Wazid
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dheerendra Mishra.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mishra, D., Das, A.K., Mukhopadhyay, S. et al. A Secure and Robust Smartcard-Based Authentication Scheme for Session Initiation Protocol Using Elliptic Curve Cryptography. Wireless Pers Commun 91, 1361–1391 (2016). https://doi.org/10.1007/s11277-016-3533-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3533-0

Keywords

Search

Navigation