Skip to main content
SpringerLink
Log in

A robust mutual authentication scheme for session initiation protocol with key establishment

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

The Session Initiation Protocol (SIP) is a communication protocol that controls multimedia communication sessions. As the Internet users widely use SIP services, mutual authentication between the user and SIP server becomes an important issue. Several authentication protocols for SIP have been proposed for enhancing security and better complexities. Very recently, Lu et al. proposes an authenticated key agreement protocol for SIP and claims that it withstands various attacks and efficient. This paper points out that their protocol does not provide one of the most important features user anonymity. In addition, the same protocol is not able to resist user impersonation attack, server impersonation attack and fails to provide mutual authentication. The paper also presents an improved mutual authentication and key establishment protocol that conquers the security weaknesses in Lu et al.’s protocol. Informal security analysis is also carried out for several security properties. The formal proof for the correctness of mutual authentication and session key agreement is provided using BAN logic. It is shown that the proposed protocol is provably secure against identity and password guessing attacks in the random oracle model. The performance of the proposed scheme is compared with that of the existing related Elliptic Curve Cryptography (ECC) based schemes for SIP and shown that our scheme outperforms the others.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Amin R, Biswas G (2015) Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab J Sci Eng 40(11):3135–3149

    Article  MathSciNet  Google Scholar 

  2. Amin R, Biswas G (2015) A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J Med Syst 39(3):1–17

    Article  Google Scholar 

  3. Amin R, Biswas G (2015) A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J Med Syst 39(8):1–19

    Google Scholar 

  4. Amin R, Biswas G (2016) A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Netw 36:58–80

    Article  Google Scholar 

  5. Amin R, Islam SH, Biswas G, Khan MK, Kumar N (2015) An efficient and practical smart card based anonymity preserving user authentication scheme for tmis using elliptic curve cryptography. J Med Syst 39(11):1–18

    Google Scholar 

  6. Amin R, Islam SH, Biswas G, Khan MK, Obaidat MS (2015) Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. J Med Syst 39(11):1–20

    Google Scholar 

  7. Arshad H, Nikooghadam M (2016) An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc. Multimed Tools Appl 75(1):181–197

    Article  Google Scholar 

  8. Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178

    Article  Google Scholar 

  9. Burrows M, Abadi M, Needham RM (1989) A logic of authentication. In: Proceedings of the royal society of london a: Mathematical, physical and engineering sciences, vol 426. The Royal Society, pp 233–271

  10. Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU (2015) An improved and provably secure privacy preserving authentication protocol for sip. Peer-to-Peer Network Appl 1–15

  11. Das AK, Paul NR, Tripathy L (2012) Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inform Sci 209:80–92

    Article  MathSciNet  MATH  Google Scholar 

  12. Duanfeng S, Qin L, Xinhui H, Wei Z (2004) Security mechanisms for sip-based multimedia communication infrastructure. In: International conference on communications, circuits and systems, ICCCAS 2004., vol 1. IEEE, pp 575–578

  13. Farash MS (2016) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Network Appl 9(1):82–91

    Article  Google Scholar 

  14. Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inform Technol Control 42(4):333–342

    Article  Google Scholar 

  15. Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A, Stewart L (1999) Http authentication: Basic and digest access authentication

  16. Giri D, Sherratt RS, Maitra T, Amin R (2015) Efficient biometric and password based mutual authentication for consumer usb mass storage devices. IEEE Trans Consum Electron 61(4):491–499

    Article  Google Scholar 

  17. Gokhroo MK, Jaidhar C, Tomar AS (2011) Cryptanalysis of sip secure and efficient authentication scheme. In: 2011 IEEE 3rd International conference on communication software and networks (ICCSN). IEEE, pp 308–310

  18. He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429

    Article  Google Scholar 

  19. He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823

    Article  Google Scholar 

  20. Huang HF, Wei WC (2006) A new efficient authentication scheme for session initiation protocol. Computing 1(2):1–3

    Google Scholar 

  21. Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2015) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl 74(11):3967–3984

    Article  Google Scholar 

  22. Kumari S, Chaudhry SA, Wu F, Li X, Farash MS, Khan MK (2015) An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl. 1–14

  23. Lu Y, Li L, Peng H, Yang Y (2016) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Network Appl 9(2):449–459

    Article  Google Scholar 

  24. Maitra T, Giri D (2014) An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. J Med Syst 38(12):142

    Article  Google Scholar 

  25. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  26. Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143

    Article  Google Scholar 

  27. Mishra D, Das AK, Mukhopadhyay S (2016) A secure and efficient ecc-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-peer Network Appl 9(1):171–192

    Article  Google Scholar 

  28. Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R, Handley M, Schooler E et al (2002) Sip: Session initiation protocol. Tech. rep., RFC 3261 Internet Engineering Task Force

  29. Salsano S, Veltri L, Papalilo D (2002) Sip security issues: The sip authentication procedure and its processing load. Netw IEEE 16(6):38–44

    Article  Google Scholar 

  30. Sureshkumar V, Amin R, Anitha R (2017) An enhanced bilinear pairing based authenticated key agreement protocol for multiserver environment. Int J Commun Syst. doi:10.1002/dac.3358

  31. Tam K, Goh H (2002) Session initiation protocol. In: 2002 IEEE International conference on industrial technology, 2002. IEEE ICIT’02., vol 2. IEEE, pp 1310–1314

  32. Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 9(1):12–16

    Google Scholar 

  33. Tu H, Kumar N, Chilamkurti N, Rho S (2015) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Network Appl 8(5):903–910

    Article  Google Scholar 

  34. Tu H, Kumar N, Chilamkurti N, Rho S (2015) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Network Appl 8(5):903–910

    Article  Google Scholar 

  35. Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ecc. Comput Standards Interf 31(2):286–291

    Article  Google Scholar 

  36. Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54

    Article  Google Scholar 

  37. Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386

    Article  Google Scholar 

  38. Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Comput Standards Interf 36(2):397–402

    Article  Google Scholar 

  39. Yoon EJ, Shin YN, Jeon IS, Yoo KY (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27(3):203–213

    Article  Google Scholar 

  40. Yoon EJ, Yoo KY (2009) Cryptanalysis of ds-sip authentication scheme using ecdh. In: International conference on new trends in information and service science, 2009. NISS’09. IEEE, pp 642–647

  41. Yoon EJ, Yoo KY, Kim C, Hong YS, Jo M, Chen HH (2010) A secure and efficient sip authentication scheme for converged voip networks. Comput Commun 33(14):1674–1681

    Article  Google Scholar 

  42. Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702

    Google Scholar 

  43. Zhang L, Tang S, Zhu S (2016) A lightweight privacy preserving authenticated key agreement protocol for sip-based voip. Peer-to-Peer Netw Appl 9(1):108–126

    Article  Google Scholar 

  44. Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong HY (2015) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 74(10):3477–3488

    Article  Google Scholar 

  45. Zheng X, Oleshchuk V (2010) A survey on peer-to-peer sip based communication systems. Peer-to-peer Network Appl 3(4):257–264

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Applied Mathematics and Computational Sciences, PSG College of Technology, Coimbatore, 641004, India

    Venkatasamy Sureshkumar & R. Anitha

  2. Department of Computer Science and Engineering, Thapar University, Patiala, 147004, India

    Ruhul Amin

Authors
  1. Venkatasamy Sureshkumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruhul Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. R. Anitha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Venkatasamy Sureshkumar.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sureshkumar, V., Amin, R. & Anitha, R. A robust mutual authentication scheme for session initiation protocol with key establishment. Peer-to-Peer Netw. Appl. 11, 900–916 (2018). https://doi.org/10.1007/s12083-017-0595-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-017-0595-z

Keywords

Search

Navigation