Abstract
The Session Initiation Protocol (SIP) is a communication protocol that controls multimedia communication sessions. As the Internet users widely use SIP services, mutual authentication between the user and SIP server becomes an important issue. Several authentication protocols for SIP have been proposed for enhancing security and better complexities. Very recently, Lu et al. proposes an authenticated key agreement protocol for SIP and claims that it withstands various attacks and efficient. This paper points out that their protocol does not provide one of the most important features user anonymity. In addition, the same protocol is not able to resist user impersonation attack, server impersonation attack and fails to provide mutual authentication. The paper also presents an improved mutual authentication and key establishment protocol that conquers the security weaknesses in Lu et al.’s protocol. Informal security analysis is also carried out for several security properties. The formal proof for the correctness of mutual authentication and session key agreement is provided using BAN logic. It is shown that the proposed protocol is provably secure against identity and password guessing attacks in the random oracle model. The performance of the proposed scheme is compared with that of the existing related Elliptic Curve Cryptography (ECC) based schemes for SIP and shown that our scheme outperforms the others.
Similar content being viewed by others
References
Amin R, Biswas G (2015) Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab J Sci Eng 40(11):3135–3149
Amin R, Biswas G (2015) A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J Med Syst 39(3):1–17
Amin R, Biswas G (2015) A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J Med Syst 39(8):1–19
Amin R, Biswas G (2016) A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Netw 36:58–80
Amin R, Islam SH, Biswas G, Khan MK, Kumar N (2015) An efficient and practical smart card based anonymity preserving user authentication scheme for tmis using elliptic curve cryptography. J Med Syst 39(11):1–18
Amin R, Islam SH, Biswas G, Khan MK, Obaidat MS (2015) Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. J Med Syst 39(11):1–20
Arshad H, Nikooghadam M (2016) An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc. Multimed Tools Appl 75(1):181–197
Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. In: Proceedings of the royal society of london a: Mathematical, physical and engineering sciences, vol 426. The Royal Society, pp 233–271
Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU (2015) An improved and provably secure privacy preserving authentication protocol for sip. Peer-to-Peer Network Appl 1–15
Das AK, Paul NR, Tripathy L (2012) Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inform Sci 209:80–92
Duanfeng S, Qin L, Xinhui H, Wei Z (2004) Security mechanisms for sip-based multimedia communication infrastructure. In: International conference on communications, circuits and systems, ICCCAS 2004., vol 1. IEEE, pp 575–578
Farash MS (2016) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Network Appl 9(1):82–91
Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inform Technol Control 42(4):333–342
Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A, Stewart L (1999) Http authentication: Basic and digest access authentication
Giri D, Sherratt RS, Maitra T, Amin R (2015) Efficient biometric and password based mutual authentication for consumer usb mass storage devices. IEEE Trans Consum Electron 61(4):491–499
Gokhroo MK, Jaidhar C, Tomar AS (2011) Cryptanalysis of sip secure and efficient authentication scheme. In: 2011 IEEE 3rd International conference on communication software and networks (ICCSN). IEEE, pp 308–310
He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429
He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823
Huang HF, Wei WC (2006) A new efficient authentication scheme for session initiation protocol. Computing 1(2):1–3
Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2015) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl 74(11):3967–3984
Kumari S, Chaudhry SA, Wu F, Li X, Farash MS, Khan MK (2015) An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl. 1–14
Lu Y, Li L, Peng H, Yang Y (2016) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Network Appl 9(2):449–459
Maitra T, Giri D (2014) An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. J Med Syst 38(12):142
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143
Mishra D, Das AK, Mukhopadhyay S (2016) A secure and efficient ecc-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-peer Network Appl 9(1):171–192
Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R, Handley M, Schooler E et al (2002) Sip: Session initiation protocol. Tech. rep., RFC 3261 Internet Engineering Task Force
Salsano S, Veltri L, Papalilo D (2002) Sip security issues: The sip authentication procedure and its processing load. Netw IEEE 16(6):38–44
Sureshkumar V, Amin R, Anitha R (2017) An enhanced bilinear pairing based authenticated key agreement protocol for multiserver environment. Int J Commun Syst. doi:10.1002/dac.3358
Tam K, Goh H (2002) Session initiation protocol. In: 2002 IEEE International conference on industrial technology, 2002. IEEE ICIT’02., vol 2. IEEE, pp 1310–1314
Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 9(1):12–16
Tu H, Kumar N, Chilamkurti N, Rho S (2015) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Network Appl 8(5):903–910
Tu H, Kumar N, Chilamkurti N, Rho S (2015) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Network Appl 8(5):903–910
Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ecc. Comput Standards Interf 31(2):286–291
Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54
Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386
Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Comput Standards Interf 36(2):397–402
Yoon EJ, Shin YN, Jeon IS, Yoo KY (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27(3):203–213
Yoon EJ, Yoo KY (2009) Cryptanalysis of ds-sip authentication scheme using ecdh. In: International conference on new trends in information and service science, 2009. NISS’09. IEEE, pp 642–647
Yoon EJ, Yoo KY, Kim C, Hong YS, Jo M, Chen HH (2010) A secure and efficient sip authentication scheme for converged voip networks. Comput Commun 33(14):1674–1681
Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702
Zhang L, Tang S, Zhu S (2016) A lightweight privacy preserving authenticated key agreement protocol for sip-based voip. Peer-to-Peer Netw Appl 9(1):108–126
Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong HY (2015) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography. Multimed Tools Appl 74(10):3477–3488
Zheng X, Oleshchuk V (2010) A survey on peer-to-peer sip based communication systems. Peer-to-peer Network Appl 3(4):257–264
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sureshkumar, V., Amin, R. & Anitha, R. A robust mutual authentication scheme for session initiation protocol with key establishment. Peer-to-Peer Netw. Appl. 11, 900–916 (2018). https://doi.org/10.1007/s12083-017-0595-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-017-0595-z