Skip to main content
SpringerLink
Log in

Security analysis and enhancements of an improved authentication for session initiation protocol with provable security

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Very recently, Tu et al. proposed an authentication scheme for session initiation protocol using smart card to overcome the security flaws of Zhang et al.’s protocol. They claimed that their protocol is secure against known security attacks. However, in this paper, we indicate that Tu et al.’s protocol is insecure against impersonation attack. We show that an adversary can easily masquerade as a legal server to fool users. As a remedy, we also improve Tu et al.’s protocol without imposing extra computation cost. To show the security of our protocol, we prove its security in the random oracle model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Rosenberg J et al (2002) SIP: session initiation protocol. IETF, rfc 3261

  2. Li JS, Kao CK, Tzeng JJ (2011) VoIP secure session assistance and call monitoring via building security gateway. Int J Commun Syst. doi:10.1002/dac.1191

  3. Chen WE, Huang YL, Lin YB (2010) An effective IPv4-IPv6 translation mechanism for SIP applications in next generation networks. Int J Commun Syst. doi:10.1002/dac.1040

  4. Chen WE, Lin PJ (2010) A performance study for IPv4-IPv6 translation in IP multimedia core network subsystem. Int J Commun Syst. doi:10.1002/dac.1071

  5. Chiu KL, Chen YS, Hwang RH (2011) Seamless session mobility scheme in heterogeneous wireless networks. Int J Commun Syst. doi:10.1002/dac.1189

  6. Cho K, Pack S, Kwon TT, Choi Y (2010) An extensible and ubiquitous RFID management framework over next-generation networks. Int J Commun Syst. doi:10.1002/dac.1073

  7. Chiang WK, Chang WY (2010) Mobile-initiated network-executed SIP-based handover in IMS over heterogeneous accesses. Int J Commun Syst. doi:10.1002/dac.1115

  8. Chen MX, Wang FJ (2010) Session integration service over multiple devices. Int J Commun Syst. doi:10.1002/dac.1109

  9. Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S, Ehlert S (2006) Survey of security vulnerabilities in session initiation protocol. IEEE Commun Surv Tutorials 8(3):68–81

    Article  Google Scholar 

  10. Farash MS, Attari MA (2014) An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn 77(1–2):399–411

    Article  MathSciNet  Google Scholar 

  11. Farash MS, Bayat M, Attari MA (2011) Vulnerability of two multiple-key agreement protocols. Comput Electr Eng 37(2):199–204

    Article  MATH  Google Scholar 

  12. Farash MS, Attari MA (2012) An id-based key agreement protocol based on ECC among users of separate networks. In: 9th international ISC conference on information security and cryptology (ISCISC’12), pp 32–37

  13. Farash MS, Attari MA (2014) A pairing-free ID-based key agreement protocol with different PKGs. Int J Netw Secur 16(2):143–148

    MathSciNet  Google Scholar 

  14. Farash MS, Attari MA (2014) An enhanced and secure three-party password-based authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Inf Technol Control 43(2):143–150

    MathSciNet  Google Scholar 

  15. Farash MS, Attari MA (2014) Cryptanalysis and improvement of a chaotic maps-based key agreement protocol using Chebyshev sequence membership testing. Nonlinear Dyn 76(2):1203–1213

    Article  MATH  MathSciNet  Google Scholar 

  16. Bayat M, Farash MS, Movahed A (2010) A novel secure bilinear pairing based remote user authentication scheme with smart card. In: IEEE/IFIP international conference on embedded and ubiquitous computing (EUC), pp 578-582

  17. Farash MS, Attari MA, Atani RE, Jami M (2013) A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput Electr Eng 39(2):530–541

    Article  Google Scholar 

  18. Farash MS, Attari MA (2013) Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC. ISC Int J Inf Secur 5(1):18–43

    Google Scholar 

  19. Farash MS, Attari MA, Bayat M (2012) A certificateless multiple-key agreement protocol without hash functions based on bilinear pairings. Int J Eng Technol 4(3):321–325

    Article  Google Scholar 

  20. Farash MS (2014), Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography. J Supercomput. doi:10.1007/s11227-014-1272-0

  21. Farash MS, Attari MA (2014) An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. Int J Commun Syst. doi:10.1002/dac.2848

  22. Farash MS, Attari MA (2014) An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int J Commun Syst. doi:10.1002/dac.2879

  23. Farash MS, Attari MA (2014) An efficient client-client password-based authentication scheme with provable security. J Supercomput. doi:10.1007/s11227-014-1273-z

  24. Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. J Supercomput 69(1):395–411

    Article  MathSciNet  Google Scholar 

  25. Sadat Mousavi-nik S, Yaghmaee-moghaddam MH, Ghaznavi-ghoushchi MB (2012) Proposed secureSIP authentication scheme based on elliptic curve cryptography. Int J Comput Appl 58(8):25–30

    Google Scholar 

  26. Yoon E, Yoo K, Kim C, Hong Y, Jo M, Chen H (2010) A Secure and efficient SIP authentication scheme for converged VoIP networks. Comput Commun 33(14):1674–1681

    Article  Google Scholar 

  27. Wang F, Zhang Y (2008) A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography. Comput Commun 31:2142–2149

    Article  Google Scholar 

  28. Dimitris G, Costas L (2007) A lightweight protection mechanism against signaling attacks in a SIP-Based VoIP environment. Telecommun Syst 36(4):153–159

    Article  Google Scholar 

  29. Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Standards Interfaces 31(2):286–291

    Article  Google Scholar 

  30. Liao Y, Wang S (2010) A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves. Comput Commun 33(3):372–380

    Article  Google Scholar 

  31. Wu S, Pu Q, Kang F (2013) Practical authentication scheme for SIP. Peer-to-Peer Network Appl 6(1):61–74

    Article  Google Scholar 

  32. He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Comm Netw 5:1423–1429

    Article  Google Scholar 

  33. Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386

    Article  Google Scholar 

  34. Huang HF, Wei WC, Brown GE (2006) A new efficient authentication scheme for session initiation protocol. In: 9th joint conference on information sciences

  35. Jo H, Lee Y, Kim M, Kim S, Yang’sOff-line password-guessing attack to Yang’s and Huang’s authentication schemes for session initiation protocol. In: Fifth international joint conference on INC IMS and IDC pp 618–621 (2009)

  36. Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. World Enformatika Socity Transations Eng Comput Technol 8:350–353

    Google Scholar 

  37. Yoon EJ (2009) Yoo KY. Cryptanalysis of DS-SIP authentication scheme using ECDH. In: 2009 international conference on new trends in information and service science, pp 642–647

  38. Liu FW, Koenig H (2011) Cryptanalysis of a SIP authentication scheme. In: communications and multimedia security. Springer, Berlin/Heidelberg, pp 134–143

  39. Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312– 316

    Google Scholar 

  40. Yoon EJ, Yoo KY (2009) A new authentication scheme for session initiation protocol. In: 2009 international conference on complex, intelligent and software intensive systems, CISIS, pp 549–554

  41. Chen TH, Yeh HL, Liu PC, Hsiang HC, Shih WK (2010) A secured authentication protocol for SIP using elliptic curves cryptography. CN, CCIS 119:46–55

    Google Scholar 

  42. Arshad R, Ikram N (2011) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tool Appl. doi:10.1007/s11042-011-0787-0

  43. Tang H, Liu X (2012) Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tool Appl. doi:10.1007/s11042-012-1001-8

  44. Yoon E, Shin Y, Jeon I, Yoo K (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Techn Rev 27 (3):203–213

    Article  Google Scholar 

  45. Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst. doi:10.1002/dac.1286

  46. Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inf Technol Control 42(4):333–342

    Google Scholar 

  47. Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst. doi:10.1002/dac.2499

  48. Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl. doi:10.1007/s12083-014-0248-4

  49. Abdalla M, Pointcheval D (2005) Interactive Diffie-Hellman assumptions with applications to password-based authentication. In: Proceedings of FC’05, LNCS 3570, pp 341–356

Download references

Author information

Authors and Affiliations

  1. Faculty of Mathematical Sciences and Computer, Kharazmi University, Tehran, Iran

    Mohammad Sabzinejad Farash

Authors
  1. Mohammad Sabzinejad Farash
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Sabzinejad Farash.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Farash, M.S. Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw. Appl. 9, 82–91 (2016). https://doi.org/10.1007/s12083-014-0315-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-014-0315-x

Keywords

Search

Navigation