nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

15.09.2015

An improved smart card based authentication scheme for session initiation protocol

verfasst von: Saru Kumari, Shehzad Ashraf Chaudhry, Fan Wu, Xiong Li, Mohammad Sabzinejad Farash, Muhammad Khurram Khan

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 1/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Sessioninitiation protocol (SIP) reformed the controlling routine of voice over Internet Protocol based communication over public channels. SIP is inherently insecure because of underlying open text architecture. A number of solutions are proposed to boost SIP security. Very recently Farash (Peer to Peer Netw. Appl. 1–10, 2014) proposed an enhanced protocol to improve the security of Tu et al.’s protocol (Peer to Peer Netw. Appl. 1–8, 2014). Further, Farash claimed his protocol to be secure against all known attacks. However, in this paper we show that Farash’s protocol is insecure against impersonation attack, password guessing attack, lacks user anonymity and is vulnerable to session-specific temporary information attack. Further, we have proposed an upgraded protocol to enhance the security. The security and performance analysis shows that the proposed protocol reduced one point multiplication as compared with Farash’s protocol, while resisting all known attacks. We have proved the security of proposed protocol using automated tool ProVerif.

Vorheriger Artikel Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks

Nächster Artikel A lightweight data aggregation scheme achieving privacy preservation and data integrity with differential privacy and fault tolerance

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Guo P, Wang J, Geng XH, Kim CS, Kim J-U (2014) A variable threshold-value authentication architecture for wireless mesh networks. Journal of Internet Technology 15(6):929–935

Farash MS, Chaudhry SA, Heydari M, Sadough S, Mohammad S, Kumari S, Khan MK A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int J Commun Syst. doi:10.1002/dac.3019

Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Information Technology And Control 42(4):333–342CrossRef

ul Amin N, Asad M, Din N, Ashraf Ch S (2012) An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. In: 2012 9th IEEE International Conference on networking, sensing and control (ICNSC). IEEE, pp 118–121

Farash MS, Attari MA An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. Int J Commun Syst. doi:10.1002/dac.2848

Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2013) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications:1–18

Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ch SA A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme, Security and Communication Networks

Giri D, Srivastava PD (2007) An asymmetric cryptographic key assignment scheme for access control in tree structural hierarchies. IJ Netw Secur 4(3):348–354

Islam SH, Khan MK (2014) Provably secure and pairing-free identity-based handover authentication protocol for wireless mobile networks. Int J Commun Syst. n/a–n/a doi:10.1002/dac.2847

10.

Islam S, Khan M Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J Med Syst 38(10). doi:10.1007/s10916-014-0135-9

11.

Islam S, Biswas G (2011) A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84(11):1892–1898CrossRef

12.

Liu J, Zhang Z, Chen X, Kwak KS (2014) Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Transactions on Parallel and Distributed Systems 25(2):332–342CrossRef

13.

Jiang Q, Ma J, Tian Y (2015) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang et al. Int J Commun Syst 28(7):1340–1351CrossRef

14.

Jiang Q, Ma J, Li G, Yang L (2014) An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wirel Pers Commun 77(2):1489–1506CrossRef

15.

Jiang Q, Ma J, Lu X, Tian Y (2014) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Networking and Applications:1–12. doi:10.1007/s12083-014-0285-z

16.

Li X, Niu J, Liao J, Liang W (2015) Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. Int J Commun Syst 28(2):374–382. doi:10.1002/dac.2676 CrossRef

17.

Kumari S, Khan MK (2014) Cryptanalysis and improvement of a robust smart-card-based remote user password authentication scheme. Int J Commun Syst 27(12):3939–3955. doi:10.1002/dac.2590 CrossRef

18.

He D, Wang D (2014) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J PP(99):1–8. doi:10.1109/JSYST.2014.2301517

19.

He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks 5(12):1423–1429. doi:10.1002/sec.506 CrossRef

20.

Mehmood Z, Nizamuddin N, Ch S, Nasar W, Ghani A (2012) An efficient key agreement with rekeying for secured body sensor networks. In: 2012 2nd international conference on digital information processing and communications (ICDIPC). IEEE, pp 164–167

21.

Chaudhry SA, Naqvi H, Shon T, Sher M, Farash M Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6). doi:10.1007/s10916-015-0244-0

22.

He D, Kumar N, Chilamkurti N A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf Sci. doi:10.1016/j.ins.2015.02.010

23.

He D, Zeadally S (2015) Authentication protocol for an ambient assisted living system. IEEE Commun Mag 53(1):71–77CrossRef

24.

Amin R, Biswas G (2015) An improved rsa based user authentication and session key agreement protocol usable in tmis. J Med Syst 39(8):1–14

25.

Amin R, Biswas G (2015) A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J Med Syst 39(8):1–19

26.

Amin R, Biswas G (2015) A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J Med Syst 39(3):1–17CrossRef

27.

Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702. doi:10.1002/dac.2499

28.

Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Networking and Applications:1–8. doi:10.1007/s12083-014-0248-4

29.

Farash M (2014) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications:1–10. doi:10.1007/s12083-014-0315-x

30.

Miller VS (1986) Use of elliptic curves in cryptography. In: Advances in Cryptology CRYPTO 85 Proceedings. Springer, pp 417–426

31.

Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209CrossRefMATHMathSciNet

32.

(2000) Certicom research standard for efficient cryptography, sec 1,ec cryptography. ver. 1.0, Tech. rep

33.

Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552CrossRefMathSciNet

34.

Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in Cryptology CRYPTO 99. Springer, pp 388–397

35.

Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. In: Advances in Cryptology EUROCRYPT 2001. Springer, pp 453–474

36.

Bellare M, Rogaway P (1994) Entity authentication and key distribution. In: CRYPTO 93 Advances in Cryptology. Springer, pp 232–249

37.

Bellare M, Rogaway P (1995) Provably secure session key distribution: the three party case. In: Proceedings of the twenty-seventh annual ACM symposium on Theory of computing. ACM, pp 57–66

38.

Chaudhry SA, Farash M, Naqvi H, Sher M (2015) A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron Commer Res:1–27. doi:10.1007/s10660-015-9192-5

39.

Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks:1–13. doi:10.1002/sec.1299

40.

Xie Q, Dong N, Wong DS, Hu B Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. Int J Commun Syst. doi:10.1002/dac.2858

41.

Chaudhry SA, Naqvi H, Sher M, Farash MS, ul Hassan M (2015) An improved and provably secure privacy preserving authentication protocol for SIP, Peer to peer networking and applications. doi:10.1007/s12083-015-0400-9

Titel: An improved smart card based authentication scheme for session initiation protocol
verfasst von: Saru Kumari
Shehzad Ashraf Chaudhry
Fan Wu
Xiong Li
Mohammad Sabzinejad Farash
Muhammad Khurram Khan
Publikationsdatum: 15.09.2015
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 1/2017
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-015-0409-0

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2017

Recommend top-k most downloaded files in the chord-based P2P file-sharing system

A lightweight data aggregation scheme achieving privacy preservation and data integrity with differential privacy and fault tolerance

Robust QoS-aware communication in the smart distribution grid

Outage performance improvement with cooperative relaying in cognitive radio networks

Coverage hole detection and restoration algorithm for wireless sensor networks

A new and secure authentication scheme for wireless sensor networks with formal proof