Abstract
Very recently, Tu et al. proposed an authentication scheme for session initiation protocol using smart card to overcome the security flaws of Zhang et al.’s protocol. They claimed that their protocol is secure against known security attacks. However, in this paper, we indicate that Tu et al.’s protocol is insecure against impersonation attack. We show that an adversary can easily masquerade as a legal server to fool users. As a remedy, we also improve Tu et al.’s protocol without imposing extra computation cost. To show the security of our protocol, we prove its security in the random oracle model.
Similar content being viewed by others
References
Rosenberg J et al (2002) SIP: session initiation protocol. IETF, rfc 3261
Li JS, Kao CK, Tzeng JJ (2011) VoIP secure session assistance and call monitoring via building security gateway. Int J Commun Syst. doi:10.1002/dac.1191
Chen WE, Huang YL, Lin YB (2010) An effective IPv4-IPv6 translation mechanism for SIP applications in next generation networks. Int J Commun Syst. doi:10.1002/dac.1040
Chen WE, Lin PJ (2010) A performance study for IPv4-IPv6 translation in IP multimedia core network subsystem. Int J Commun Syst. doi:10.1002/dac.1071
Chiu KL, Chen YS, Hwang RH (2011) Seamless session mobility scheme in heterogeneous wireless networks. Int J Commun Syst. doi:10.1002/dac.1189
Cho K, Pack S, Kwon TT, Choi Y (2010) An extensible and ubiquitous RFID management framework over next-generation networks. Int J Commun Syst. doi:10.1002/dac.1073
Chiang WK, Chang WY (2010) Mobile-initiated network-executed SIP-based handover in IMS over heterogeneous accesses. Int J Commun Syst. doi:10.1002/dac.1115
Chen MX, Wang FJ (2010) Session integration service over multiple devices. Int J Commun Syst. doi:10.1002/dac.1109
Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S, Ehlert S (2006) Survey of security vulnerabilities in session initiation protocol. IEEE Commun Surv Tutorials 8(3):68–81
Farash MS, Attari MA (2014) An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn 77(1–2):399–411
Farash MS, Bayat M, Attari MA (2011) Vulnerability of two multiple-key agreement protocols. Comput Electr Eng 37(2):199–204
Farash MS, Attari MA (2012) An id-based key agreement protocol based on ECC among users of separate networks. In: 9th international ISC conference on information security and cryptology (ISCISC’12), pp 32–37
Farash MS, Attari MA (2014) A pairing-free ID-based key agreement protocol with different PKGs. Int J Netw Secur 16(2):143–148
Farash MS, Attari MA (2014) An enhanced and secure three-party password-based authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Inf Technol Control 43(2):143–150
Farash MS, Attari MA (2014) Cryptanalysis and improvement of a chaotic maps-based key agreement protocol using Chebyshev sequence membership testing. Nonlinear Dyn 76(2):1203–1213
Bayat M, Farash MS, Movahed A (2010) A novel secure bilinear pairing based remote user authentication scheme with smart card. In: IEEE/IFIP international conference on embedded and ubiquitous computing (EUC), pp 578-582
Farash MS, Attari MA, Atani RE, Jami M (2013) A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput Electr Eng 39(2):530–541
Farash MS, Attari MA (2013) Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC. ISC Int J Inf Secur 5(1):18–43
Farash MS, Attari MA, Bayat M (2012) A certificateless multiple-key agreement protocol without hash functions based on bilinear pairings. Int J Eng Technol 4(3):321–325
Farash MS (2014), Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. J Supercomput. doi:10.1007/s11227-014-1272-0
Farash MS, Attari MA (2014) An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. Int J Commun Syst. doi:10.1002/dac.2848
Farash MS, Attari MA (2014) An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int J Commun Syst. doi:10.1002/dac.2879
Farash MS, Attari MA (2014) An efficient client-client password-based authentication scheme with provable security. J Supercomput. doi:10.1007/s11227-014-1273-z
Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. J Supercomput 69(1):395–411
Sadat Mousavi-nik S, Yaghmaee-moghaddam MH, Ghaznavi-ghoushchi MB (2012) Proposed secureSIP authentication scheme based on elliptic curve cryptography. Int J Comput Appl 58(8):25–30
Yoon E, Yoo K, Kim C, Hong Y, Jo M, Chen H (2010) A Secure and efficient SIP authentication scheme for converged VoIP networks. Comput Commun 33(14):1674–1681
Wang F, Zhang Y (2008) A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography. Comput Commun 31:2142–2149
Dimitris G, Costas L (2007) A lightweight protection mechanism against signaling attacks in a SIP-Based VoIP environment. Telecommun Syst 36(4):153–159
Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Standards Interfaces 31(2):286–291
Liao Y, Wang S (2010) A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves. Comput Commun 33(3):372–380
Wu S, Pu Q, Kang F (2013) Practical authentication scheme for SIP. Peer-to-Peer Network Appl 6(1):61–74
He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Comm Netw 5:1423–1429
Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386
Huang HF, Wei WC, Brown GE (2006) A new efficient authentication scheme for session initiation protocol. In: 9th joint conference on information sciences
Jo H, Lee Y, Kim M, Kim S, Yang’sOff-line password-guessing attack to Yang’s and Huang’s authentication schemes for session initiation protocol. In: Fifth international joint conference on INC IMS and IDC pp 618–621 (2009)
Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. World Enformatika Socity Transations Eng Comput Technol 8:350–353
Yoon EJ (2009) Yoo KY. Cryptanalysis of DS-SIP authentication scheme using ECDH. In: 2009 international conference on new trends in information and service science, pp 642–647
Liu FW, Koenig H (2011) Cryptanalysis of a SIP authentication scheme. In: communications and multimedia security. Springer, Berlin/Heidelberg, pp 134–143
Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312– 316
Yoon EJ, Yoo KY (2009) A new authentication scheme for session initiation protocol. In: 2009 international conference on complex, intelligent and software intensive systems, CISIS, pp 549–554
Chen TH, Yeh HL, Liu PC, Hsiang HC, Shih WK (2010) A secured authentication protocol for SIP using elliptic curves cryptography. CN, CCIS 119:46–55
Arshad R, Ikram N (2011) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tool Appl. doi:10.1007/s11042-011-0787-0
Tang H, Liu X (2012) Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tool Appl. doi:10.1007/s11042-012-1001-8
Yoon E, Shin Y, Jeon I, Yoo K (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Techn Rev 27 (3):203–213
Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst. doi:10.1002/dac.1286
Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inf Technol Control 42(4):333–342
Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst. doi:10.1002/dac.2499
Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl. doi:10.1007/s12083-014-0248-4
Abdalla M, Pointcheval D (2005) Interactive Diffie-Hellman assumptions with applications to password-based authentication. In: Proceedings of FC’05, LNCS 3570, pp 341–356
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Farash, M.S. Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw. Appl. 9, 82–91 (2016). https://doi.org/10.1007/s12083-014-0315-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-014-0315-x