Abstract
Recently, Lu et al. and Chaudhry et al. presented an authenticated key agreement scheme for session initiation protocol (SIP), respectively. They illustrated their schemes are secure against various familiar attacks. However, we demonstrate Lu et al.’s scheme is vulnerable to stolen verifier attack and Chaudhry et al.’s scheme is insecure to session key attack. To solve these problems, we propose a new provably secure mutual authentication scheme for SIP. Informal security analysis illustrates this proposed protocol can withstand different kinds of familiar attacks including stolen verifier attack and session key attack. And the correctness and security of the proposed protocol is also proved through Protocol Composition Logic (PCL) and generic group model. Eventually, security comparison shows our proposed scheme is more secure and performance analysis demonstrates the computation cost is also acceptable.
Similar content being viewed by others
References
Arkko J, Torvinen V, Camarillo G, Niemi A, Haukka T (2003) Security mechanism agreement for the session initiation protocol (sip). Cognitiva 12(1):37–61
Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178
Cao X, Zhong S (2006) Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun Lett 10(8):580–581
Chatterjee S, Das AK, Sing JK (2014) An enhanced access control scheme in wireless sensor networks. Ad Hoc & Sensor Wireless Netw 21(1):121–149
Chaudhry SA, Khan I, Irshad A, Ashraf MU, Khan MK, Ahmad HF (2016) A provably secure anonymous authentication scheme for session initiation protocol. Secur Commun Netw
Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU (2015) An improved and provably secure privacy preserving authentication protocol for sip. Peer-to-Peer Network Appl 1–15
Chen T, Yeh H, Liu P, Hsiang H, Shih W (2010) A secured authentication protocol for sip using elliptic curves cryptography. Commun Comput Inf Sci 119:46–55
Denning DE, Sacco GM (1981) Timestamps in key distribution systems. Commun Acm 24(8):533–536
Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208
Durlanik A, Sogukpinar I (2005) Sip authentication scheme using ecdh. Screen 137:3367
Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani MT (2008) On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Conference on cryptology: Advances in cryptology, pp 203–220
Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inf Technol Control 42(4):333–342
Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A, Stewart L (1999) Rfc 2617: Http authentication: Basic and digest access authentication. In: Ietf Rfc
Gokhroo MK, Jaidhar CD, Tomar AS (2011) Cryptanalysis of sip secure and efficient authentication scheme. In: IEEE International conference on communication software and networks, pp 308–310
He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429
Jia LT (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8 (1):12–16
Hakan Kilinc H, Yanik Tugrul (2014) A survey of sip authentication and key agreement schemes. IEEE Commun Surv Tutor 16(2):1005–1023
Yi PL, Wang SS (2010) A new secure password authenticated key agreement scheme for sip using self-certified public keys on elliptic curves. Comput Commun 33(3):372–380
Lin CL, Hwang T (2003) A password authentication scheme with secure password updating. Comput Secur 22(1):68–72
Yanrong L, Li L, Peng H, Yang Y (2016) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Network Appl 9(2):1–11
Mitchell JC, Datta A (2005) Security analysis of network protocols: Compositional reasoning and complexity-theoretic foundations. pp 468–483
Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inform Sci 269(4):270–285
Pu Q (2010) Weaknesses of sip authentication scheme for converged voip networks. Iacr Cryptology Eprint Archive
Salsano S, Veltri L, Papalilo D (2002) SIP security issues: The SIP authentication procedure and its processing load. IEEE Press
Stinson DR (2006) Some observations on the theory of cryptographic hash functions. Des Codes Crypt 38 (2):259–277
Thomas M et al (2001) Sip security requirements. IETF Intemet dren (draftthomas-sip-sec-reg’OO txt)
Vanstone A (1997) Elliptic curve cryptosystem — the answer to strong, fast public-key cryptography for securing constrained environments. Inf Secur Tech Rep 2(2):78–87
Liufei W, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ecc. Comput Standards Interf 31(2):286–291
Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54
Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386
Yoon EJ, Shin YN, Il SJ, Yoo KY (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. Iete Tech Rev 27(3):203–213
Yoon EJ, Yoo KY (2009) Cryptanalysis of ds-sip authentication scheme using ecdh. In: International conference on new trends in information and service science, pp 642–647
Yoon EJ, Yoo KY, Kim C, Hong YS, Jo M, Chen HH (2010) A secure and efficient sip authentication scheme for converged voip networks. Comput Commun 33(14):1674–1681
Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong HYg (2015) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 74(10):3477–3488
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interests
The authors declare that there is no conflict of interest regarding the publication of the paper.
Rights and permissions
About this article
Cite this article
Xu, D., Zhang, S., Chen, J. et al. A provably secure anonymous mutual authentication scheme with key agreement for SIP using ECC. Peer-to-Peer Netw. Appl. 11, 837–847 (2018). https://doi.org/10.1007/s12083-017-0583-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-017-0583-3