Top

Peer-to-Peer Networking and Applications

Published in:

01-03-2013

Practical authentication scheme for SIP

Authors: Shuhua Wu, Qiong Pu, Fei Kang

Published in: Peer-to-Peer Networking and Applications | Issue 1/2013

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The Session Initiation Protocol (SIP) is commonly used to establish Voice over IP (VoIP) calls. However, the original authentication scheme for SIP-based service typically uses HTTP Digest authentication protocol, which is s not providing security at an acceptable level. In this paper, we propose a secure and practical password-only authenticated key agreement scheme for SIP using elliptic curve cryptography(ECC). Our scheme is remarkable efficient and quite simple to use. And yet we can provide the rigorous proof of the security for it. Therefore, the end result is more suited to be a candidate for SIP authentication scheme. In addition, we also suggest an extended scheme capable of providing anonymity, privacy, and location privacy to protect the user’s personal information and his real identity.

previous article iDispatcher: A unified platform for secure planet-scale information dissemination

next article A popularity-based query scheme in P2P networks using adaptive gossip sampling

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Rosenberg J et al (2002) SIP: Session Initiation Protocol. IETF RFC 3261

Handley M et al (1999) SIP: Session Initiation Protocol. IETF RFC 2543

International Telecommunications Union (1993) ITU-T Recommendation Q.700: Introduction to CCITT Signalling System 7. Recommendation Q.700. International Telecommunications Union

Franks J et al (1999) HTTP authentication: basic and digest access authentication. IETF RFC 2617

Stefano S et al (2002) SIP security issues: the SIP authentication procedure and its processing load. IEEE Network 16(16):38–44

Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S (2006) Survrery of security vulnerabilities in session initial protocol. IEEE Commun Surv Tutor 8(3):68–81CrossRef

Sisalemd D, Kuthan J, Ehlerts S (2006) Denial of service attacks targeting a SIP VoIP infrastructure: stack scenarios and prevention mechanisms. IEEE Network 20(5):26–31CrossRef

Andreas S, Daniel K and Andreas S (2004) SIP security. Security Group, CH-8401

Yoon E, Yoo K, Kim C, Hong Y, Jo M, Chen H (2010) A Secure and efficient SIP authentication scheme for converged VoIP networks. Comput Commun 33(14):1674–1681CrossRef

10.

Vesterinen P (2006) User authentication in SIP. TKK T-110.5290 seminar on Network Security, pp 12–11/12

11.

Yang C et al (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386CrossRef

12.

Ring J,Choo K, Foo E, Looi M (2006) A new authentication mechanism and key agreement protocol for SIP using identity-based cryptography. Proc AusCert R&D Stream pp 61–72

13.

Wang F, Zhang Y (2008) A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography. Comput Commun 31:2142–2149CrossRef

14.

Dimitris G, Costas L (2007) A lightweight protection mechanism against signaling attacks in a SIP-Based VoIP environment. Telecommun Syst 36(4):153–159CrossRef

15.

Wu L et al (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comp Stand Inter 31(2):286–291CrossRef

16.

Liao Y, Wang S (2010) A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves. Comput Commun 33(3):372–380CrossRef

17.

Yoon E, Shin Y, Jeon I, Yoo K (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Techn Rev 27(3):203–213CrossRef

18.

Xie Q (2011) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54. doi:10.1002/dac.1286

19.

Rhee et al (2009) A remote user authentication scheme without using smart cards. Comp Stand Inter 31:6–13CrossRef

20.

Shamir A (1984) Identity-based cryptosystem and signature schemes. In: Proc. Crypto 1984. LCNS, vol 196, pp 47–53

21.

Al-Riyami S, Paterson K (2003) Certificateless public key cryptography. In: Proc. advances in Cryptology-Asiacrypt’2003. LCNS, vol 2894, pp 452–473

22.

Girault M (1991) Self-certified public keys. In: Proc. Eurocrypt’91, pp 491–497

23.

Petersen H, Horster P (1997) Self-certified keys: concepts and applications. In: Proc. the third international conference on communications and multimedia security, pp 102–116

24.

Boyd C,Montague P,Nguyen K (2001) Elliptic curve based password authenticated key exchange protocols. In: Proc. ACISP 2001, pp 487–501

25.

Hankerson D, Menezes A, Vanstone S (2004) Guide to elliptic curve cryptography. Springer, New York, USAMATH

26.

Koblitz N (1987) Elliptic curve cryptosystem. Math Comp 48:203–209MathSciNetMATHCrossRef

27.

Kong L et al (2006) A lightweight scheme for securely and reliably locating SIP users. In Proc. IEEE workshop VoIP management and security: 9–17

28.

Rosenberg J, Schulzrinne H (2002) Session Initiation Protocol (SIP): locating SIP servers, RFC 3263

29.

Phan D, Pointcheval D (2004) About the security of Ciphers. In: Proc. the workshop on selected areas in cryptography 2004. LNCS, vol 3352, pp 185–200

30.

Bresson E, Chevassut O, Pointcheval D (2004) New security results on encrypted key exchange. In: Proc. PKC 2004. LNCS vol 2947. Springer, pp 145–158

31.

Abdalla M, Pointcheval D (2005) Interactive Diffie-Hellman assumptions with applications to password-based authentication. In: Proc. FC’2005, pp 341–356

32.

Choo K, Boyd C, Hitchcock Y (2005) Examining indistinguishability-based proof models for key establishment protocols. In: Proc. ASIACRYPT’2005, pp 585–604

33.

Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks. In: Proc. EUROCRYPT’2000, pp 139–155

34.

Abdalla M, Bellare M, Rogaway P (2001) The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Proc. CT-RSA’2001, pp 143–158

35.

Abdalla M, Chevassut O, Pointcheval D (2005) One-time verifier-based encrypted key exchange. In: Proc. PKC’2005, pp 47–64

36.

Pointcheval D (2005) Provable Security for Public Key Schemes. In: Contemporary cryptology (advanced courses in mathematics—CRM Barcelona), pp 133–189

Title: Practical authentication scheme for SIP
Authors: Shuhua Wu
Qiong Pu
Fei Kang
Publication date: 01-03-2013
Publisher: Springer US
Published in: Peer-to-Peer Networking and Applications / Issue 1/2013
Print ISSN: 1936-6442
Electronic ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-012-0129-7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2013

iDispatcher: A unified platform for secure planet-scale information dissemination

Securing BitTorrent using a new reputation-based trust management system

A popularity-based query scheme in P2P networks using adaptive gossip sampling

Stochastic analysis of a churn-tolerant structured peer-to-peer scheme

Performance evaluation of P2P-TV diffusion algorithms under realistic settings

On enhancing reputation management using Peer-to-Peer interaction history

Premium Partner