nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

07.09.2015

An improved and provably secure privacy preserving authentication protocol for SIP

verfasst von: Shehzad Ashraf Chaudhry, Husnain Naqvi, Muhammad Sher, Mohammad Sabzinejad Farash, Mahmood Ul Hassan

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 1/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarantee secure SIP based communication, a number of authentication schemes are proposed, typically most of these are based on smart card due to its temper resistance property. Recently Zhang et al. presented an authenticated key agreement scheme for SIP based on elliptic curve cryptography. However Tu et al. (Peer to Peer Netw. Appl 1–8, 2014) finds their scheme to be insecure against user impersonation attack, furthermore they presented an improved scheme and claimed it to be secure against all known attacks. Very recently Farash (Peer to Peer Netw. Appl 1–10, 2014) points out that Tu et al.’s scheme is vulnerable to server impersonation attack, Farash also proposed an improvement on Tu et al.’s scheme. However, our analysis in this paper shows that Tu et al.’s scheme is insecure against server impersonation attack. Further both Tu et al.’s scheme and Farash’s improvement do not protect user’s privacy and are vulnerable to replay and denial of services attacks. In order to cope with these limitations, we have proposed a privacy preserving improved authentication scheme based on ECC. The proposed scheme provides mutual authentication as well as resists all known attacks as mentioned by Tu et al. and Farash.

Nächster Artikel A new and secure authentication scheme for wireless sensor networks with formal proof

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Abadi M, Blanchet B, Comon-Lundh H (2009) Models and proofs of protocol security: A progress report. In: Computer aided verification. Springer, pp 35–49

Abi-Char PE, Mhamed A, El-Hassan B (2007) A fast and secure elliptic curve based authenticated key agreement protocol for low power mobile communications. In: The 2007 international conference on Next generation mobile applications, services and technologies, 2007. NGMAST’07. IEEE, pp 235–240

Abi-Char PE, Mhamed A, El-Hassan B (2007) A secure authenticated key agreement protocol based on elliptic curve cryptography. In: 3rd international symposium on information assurance and security, 2007. IAS 2007. IEEE, pp 89–94

ul Amin N, Asad M, Din N, Ashraf Ch S (2012) An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. In: 9th IEEE international conference on networking, sensing and control (ICNSC), 2012 . IEEE, pp 118–121

Amin R, Biswas G (2015) An improved rsa based user authentication and session key agreement protocol usable in tmis. J Med Syst 39(8):1–14

Amin R, Biswas G (2015) A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J Med Syst 39(8):1–19

Amin R, Biswas G (2015) A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J Med Syst 39(3):1–17CrossRef

Arshad H, Nikooghadam M (2014) An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc. Multimedia Tools and Applications:1–17. doi:10.1007/s11042-014-2282-x

Bala S, Sharma G, Verma AK (2013) An improved forward secure elliptic curve signcryption key management scheme for wireless sensor networks. In: IT convergence and security 2012. Springer, pp 141–149

10.

Bellare M, Rogaway P (1994) Entity authentication and key distribution. In: Advances in Cryptology, CRYPTO 93. Springer, pp 232–249

11.

Bellare M, Rogaway P (1995) Provably secure session key distribution: the three party case. In: Proceedings of the twenty-seventh annual ACM symposium on Theory of computing. ACM, pp 57–66

12.

Chang CC, Wu TC (1991) Remote password authentication with smart cards. IEEE Proceedings Computers and Digital Techniques 138(3):165–168CrossRef

13.

Chaudhry SA (2015) Comment on ‘robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications’. IET Commun 9 (1):1034–1034(1). 10.1049/iet-com.2014.1082 CrossRef

14.

Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks:1–13. doi:10.1002/sec.1299

15.

Chaudhry SA, Farash MS, Naqvi H, Sher M (2015) A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron Commer Res:1–27. doi:10.1007/s10660-015-9192-5

16.

Chaudhry SA, Naqvi H, Shon T, Sher M, Farash M (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6):66. 10.1007/s10916-015-0244-0 CrossRef

17.

Chou CH, Tsai KY, Lu CF (2013) Two id-based authenticated schemes with key agreement for mobile environments. J Supercomput 66(2):973–988CrossRef

18.

Chuang MC, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications 41(4):1411–1418CrossRef

19.

Debiao H, Jianhua C, Jin H (2012) An id-based client authentication with key agreement protocol for mobile client–server environment on ecc with provable security. Information Fusion 13(3):223–230CrossRef

20.

Farash M (2014) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw Appl:1–10. doi:10.1007/s12083-014-0315-x

21.

Farash MS (2014) An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int J Commun Syst. 10.1002/dac.2879

22.

Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J Supercomput 69(1):395–411. 10.1007/s11227-014-1170-5 CrossRef

23.

Farash MS, Chaudhry SA, Heydari M, Sadough SMS, Kumari S, Khan MK (2015) A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int J Commun Syst. 10.1002/dac.3019

24.

Harn L, Lin HY (2001) Authenticated key agreement without using one-way hash functions. Electron Lett 37(10):629–630CrossRef

25.

Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ashraf Ch SA (2014) A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme. Security and Communication Networks 7(8):1210–1218. 10.1002/sec.834 CrossRef

26.

Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2015) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications 74 (11):1–18. 10.1007/s11042-013-1807-z CrossRef

27.

Islam S, Biswas G (2011) A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84(11):1892–1898CrossRef

28.

Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. Int J Commun Syst 28(7):1340–1351CrossRef

29.

Kilinc H, Yanik T (2014) A survey of sip authentication and key agreement schemes. IEEE Commun Surv Tutorials 16(2):1005–1023. 10.1109/SURV.2013.091513.00050 CrossRef

30.

Liao YP, Wang SS (2010) A new secure password authenticated key agreement scheme for sip using self-certified public keys on elliptic curves. Comput Commun 33(3):372–380CrossRef

31.

Mehmood Z, Nizamuddin N, Ch S, Nasar W, Ghani A (2012) An efficient key agreement with rekeying for secured body sensor networks. In: Second International Conference on digital information processing and communications (ICDIPC), 2012. IEEE, pp 164–167

32.

Nicanfar H, Leung VC (2013) Multilayer consensus ecc-based password authenticated key-exchange (mcepak) protocol for smart grid system. IEEE Trans Smart Grid 4(1):253–264CrossRef

33.

Ryu EK, Yoon EJ, Yoo KY (2004) An efficient id-based authenticated key agreement protocol from pairings. In: Networking technologies, services, and protocols; performance of computer and communication networks; mobile and wireless communications networking 2004. Springer, pp 1458– 1463

34.

Sharma G, Bala S, Verma AK (2013) Extending certificateless authentication for wireless sensor networks: A novel insight. International Journal of Computer Science Issues (IJCSI) 10(6)

35.

Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw Appl:1–8. doi:10.1007/s12083-014-0248-4

36.

William S, Stallings W (2006) Cryptography and network security, 4/E. Pearson education india

37.

Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25 (1):47–54CrossRef

38.

Xie Q, Hu B, Dong N, Wong DS (2014) Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PloS one 9(7):e102,747CrossRef

39.

Xu X, Zhu P, Wen Q, Jin Z, Zhang H, He L (2014) A secure and efficient authentication and key agreement scheme based on ecc for telecare medicine information systems. J Med Syst 38(1):1–7CrossRef

40.

Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702

41.

Zhang L, Tang S, Cai Z (2014) Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards. Security and Communication Networks 7(12):2405–2411. 10.1002/sec.951 CrossRef

42.

Zhao Z (2014) An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J Med Syst 38(2):1–7CrossRef

Titel: An improved and provably secure privacy preserving authentication protocol for SIP
verfasst von: Shehzad Ashraf Chaudhry
Husnain Naqvi
Muhammad Sher
Mohammad Sabzinejad Farash
Mahmood Ul Hassan
Publikationsdatum: 07.09.2015
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 1/2017
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-015-0400-9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2017

Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks

Robust QoS-aware communication in the smart distribution grid

Energy-aware and secure routing with trust for disaster response wireless sensor network

Opportunistic cooperation in wireless ad hoc networks with interference correlation

An improved smart card based authentication scheme for session initiation protocol

A lightweight data aggregation scheme achieving privacy preservation and data integrity with differential privacy and fault tolerance