nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

01.01.2016

A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card

verfasst von: Dheerendra Mishra, Ashok Kumar Das, Sourav Mukhopadhyay

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 1/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. The proposed authentication in SIP is HTTP digest based authentication. Recently, Tu et al. presented an improvement of Zhang et al.’s smart card-based authenticated key agreement protocol for SIP. Their scheme efficiently resists password guessing attack. However, in this paper, we analyze the security of Tu et al.’s scheme and demonstrate their scheme is still vulnerable to user’s impersonation attack, server spoofing attack and man-in-the middle attack. We aim to propose an efficient improvement on Tu et al.’s scheme to overcome the weaknesses of their scheme, while retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Tu et al.’s scheme. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, the proposed scheme is comparable in terms of the communication and computational overheads with Tu et al.’s scheme and other related existing schemes.

Vorheriger Artikel TEA-CBRP: Distributed cluster head election in MANET by using AHP

Nächster Artikel CAPS: A cloud-assisted approach to handle spikes in peer-to-peer web search

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Arkko J, Torvinen V, Camarillo G, Niemi A, Haukka T (2002) Security mechanism agreement for sip sessions. draft-ietfsip-sec-agree-04. txt

Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimedia Tools and Applications 66(2):165–178CrossRef

Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proceedings of the royal society of London. A Math Phys Sci 426(1871):233–271MATHMathSciNetCrossRef

Chuang YH, Tseng YM (2010) An efficient dynamic group key agreement protocol for imbalanced wireless networks. Int J Netw Manag 20(4):167–180

Das AK, Goswami A (2013) A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(3):1–16CrossRef

Das AK, Paul NR, Tripathy L (2012) Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Inf Sci 209(C):80–92MATHMathSciNetCrossRef

Durlanik A, Sogukpinar I (2005) Sip authentication scheme using ECDH. World Enformatika Socity Transations on Engineering Computing and Technology 8:350–353

Gokhroo M, Jaidhar C, Tomar A (2011) Cryptanalysis of sip secure and efficient authentication scheme. In: IEEE 3rd international conference on communication software and networks (ICCSN), pp 308–310. IEEE

He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks 5(12):1423–1429CrossRef

10.

Huang HF, Wei WC (2006) A new efficient authentication scheme for session initiation protocol. Computing 1:2

11.

Irshad A, Sher M, Eid R, Ch SA, Hassan M, Ghani A (2002) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications

12.

Jiang Q, Ma J, Lu X, Tian Y (2014) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw Appl:1–12

13.

Jiang Q, Ma J, Tian Y Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. International Journal of Communication Systems (2014)

14.

Jo H, Lee Y, Kim M, Kim S, Won D (2009) Off-line password-guessing attack to yang’s and huang’s authentication schemes for session initiation protocol. In: Fifth international joint conference on INC, IMS and IDC, 2009 (NCM’09), pp. 618–621. IEEE

15.

Kim SJ, Kim BH Key exchange process of pim-sm-based for multiple group communication in p2p. Peer-to-Peer networking and applications, pp. 1–9 (2014). doi:10.1007/s12083-014-0274-2

16.

Madhusudhan R, Mittal R (2012) Dynamic id-based remote user password authentication schemes using smart cards: a review. J Netw Comput Appl 35 (4):1235–1248CrossRef

17.

Odelu V, Das AK, Goswami A (2014) A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Inf Sci 269 (C):270–285MathSciNetCrossRef

18.

Pu Q (2010) Weaknesses of sip authentication scheme for converged voip networks. IACR Cryptology ePrint Archive 2010 :464

19.

Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R, Handley M, Schooler E et al (2002) Sip: session initiation protocol. Technical Report, RFC 3261, Internet engineering task force

20.

Salsano S, Veltri L, Papalilo D (2002) Sip security issues: the sip authentication procedure and its processing load. IEEE Netw 16 (6):38–44CrossRef

21.

Secure Hash Standard FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, April 1995

22.

Shin S, Shon T, Yeh H, Kim K (2013) An effective authentication mechanism for ubiquitous collaboration in heterogeneous computing environment. Peer-to-Peer Netw Appl 1–8. doi:10.1007/s12083-013-0220-8

23.

Shin S, Yeh H, Kim K (2013) An efficient secure authentication scheme with user anonymity for roaming user in ubiquitous networks. Peer-to-Peer Networking and Applications. doi:10.1007/s12083-013-0218-2

24.

Srivastava K, Awasthi AK, Mittal R (2013) A review on remote user authentication schemes using smart cards. In: Quality, reliability, security and robustness in heterogeneous networks, pp 729–749. Springer

25.

Syverson P, Cervesato I (2001) The logic of authentication protocols. In: Foundations of security analysis and design. Springer, pp 63–137

26.

Thomas M et al (2001) Sip security requirements. IETF Intemet dren (draftthomas-sip-sec-reg’OO. txt)

27.

Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. IJ Netw Secur 9(1):12–16

28.

Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl. doi:10.1007/s12083-014-0248-4

29.

Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ECC. Computer Standards & Interfaces 31(2):286–291CrossRef

30.

Wu S, Pu Q, Kang F (2013) Practical authentication scheme for sip. Peer-to-Peer Netw Appl 6(1):61–74CrossRef

31.

Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54CrossRef

32.

Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Computers & Security 24(5):381–386CrossRef

33.

Yang T, Lai C, Lu R, Jiang R (2014) EAPSG: Efficient authentication protocol for secure group communications in maritime wideband communication networks. Peer-to-Peer networking and applications. doi:10.1007/s12083-014-0251-9

34.

Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Computer Standards & Interfaces 36(2):397–402CrossRef

35.

Yoon EJ, Shin YN, Jeon IS, Yoo KY (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Technical Review (Medknow Publications & Media Pvt. Ltd.) 27(3)

36.

Yoon EJ, Yoo KY, Kim C, Hong YS, Jo M, Chen HH (2010) A secure and efficient sip authentication scheme for converged voip networks. Comp Commun 33(14):1674–1681CrossRef

37.

Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. International Journal of Communication Systems

38.

Cheng C-M, Tsao S-L, Chou J-C (2007) Unstructured Peer-to-Peer session initiation protocol for mobile environment. In: IEEE 18th international symposium on personal, indoor and mobile radio communications (PIMRC’07), pp 1–5, 3-7 September

39.

Sarkar P (2010) A simple and generic construction of authenticated encryption with associated data. ACM Trans Inf Syst Secur 13(4):33CrossRef

40.

Stinson DR (2006) Some observations on the theory of cryptographic hash functions. Des Codes Crypt 38(2):259–277MATHMathSciNetCrossRef

41.

Stallings W (2003) Cryptography and network security: principles and practices, 3rd edn. Pearson Education, India

42.

Dutta R, Barua R (2008) Provably secure constant round contributory group key agreement. IEEE Trans Inf Theory 54(5):2007–2025MATHMathSciNetCrossRef

43.

Jina ATB, Linga DNC, Goh A (2004) Biohashing: two factor authentication featuring fingerprint data and tokenized random number. Pattern Recogn 37(11):2245–2255CrossRef

44.

Lumini A, Nanni L (2007) An improved BioHashing for human authentication. Pattern Recogn 40(3):1057–1065MATHCrossRef

45.

Jain A, Hong L, Pankanti S (2000) Biometric identification. Communi ACM 43(2):90–98CrossRef

46.

Das AK, Chatterjee S, Sing JK (2014) A new biometric-based remote user authentication scheme in hierarchical wireless body area sensor networks. Ad Hoc & sensor wireless networks. In Press

47.

Ratha NK, Connell JH, Bolle RM (2001) Enhancing security and privacy in biometrics-based authentication systems. IBM Syst J 40(3):614–634CrossRef

48.

Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of advances in cryptology - CRYPTO’99, LNCS, vol. 1666, pp. 388–397

49.

Odelu V, Das AKD, Goswami A (2014) A secure and efficient time-bound hierarchical access control scheme for secure broadcasting. International Journal of Ad Hoc and Ubiquitous Computing. In Press

50.

Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552MathSciNetCrossRef

51.

Armando A et al (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: 17th international conference on computer aided verification (CAV’05), Lecture notes in computer science, vol 3576. Springer, pp 281–285

52.

AVISPA: automated validation of internet security protocols and applications. http://www.avispa-project.org/. Accessed on January 2013

53.

von Oheimb D (2005) The high-level protocol specification language hlpsl developed in the eu project avispa. In: Proceedings of APPSEM 2005 workshop

54.

Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MATHMathSciNetCrossRef

55.

Basin D, Modersheim S, Vigano L (2005) OFMC: A symbolic model checker for security protocols. Int J Inf Secur 4(3):181–208CrossRef

56.

AVISPA: AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/ . Accessed on April 2014

57.

Li C-T, Hwang M-S (2010) An efficient biometric-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5CrossRef

Titel: A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card
verfasst von: Dheerendra Mishra
Ashok Kumar Das
Sourav Mukhopadhyay
Publikationsdatum: 01.01.2016
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 1/2016
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-014-0321-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2016

A channel-hopping scheme for continuous rendezvous and data delivery in cognitive radio network

A novel fairness-aware parallel download scheme

Chance-constraint optimization of power control in cognitive radio networks

Security analysis and enhancements of an improved authentication for session initiation protocol with provable security

A scalable and automatic mechanism for resource allocation in self-organizing cloud

A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks