Abstract
Session Initiation Protocol (SIP) has been widely used in the current Internet protocols such as Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). However, the original SIP authentication scheme was insecure and many researchers tried to propose schemes to overcome the flaws. In the year 2011, Arshad et al. proposed a SIP authentication protocol using elliptic curve cryptography (ECC), but their scheme suffered from off-line password guessing attack along with password change pitfalls. To conquer the mentioned weakness, we proposed an ECC-based authentication scheme for SIP. Our scheme only needs to compute four elliptic curve scale multiplications and two hash-to-point operations, and maintains high efficiency. The analysis of security of the ECC-based protocol shows that our scheme is suitable for the applications with higher security requirement.
Similar content being viewed by others
References
Arshad R, Ikram N (2011) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tool Appl. doi:10.1007/s11042-011-0787-0
Certicom Research (2000) Standard for efficient cryptography, SEC 1, 2000: EC Cryptography. Ver. 1.0
Chen TH, Yeh HL, Liu PC, Hsiang HC, Shih WK (2010) A secured authentication protocol for SIP using elliptic curves cryptography. CN, CCIS 119:46–55
Denning D, Sacco G (1981) Timestamps in key distribution systems. Commun ACM 24:533–536
Diffie W, Hellman ME (1976) New directions in cryptography. IEEE Transactions on Information Theory IT-22: 644–654
Durlanik A, Sogukpinar I (2005) SIP Authentication Scheme using ECDH. World Enformatika Socity Transations on Engineering Computing and Technology 8:350–353
Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S, Ehlert S (2006) Survey of security vulnerabilities in session initiation protocol. IEEE Commun Surv Tutorials 8(3):68–81
He DB, Chen JH, Hu J (2011) An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Inform Fusion. doi:10.1016/j.inffus.2011.01.001
He DB, Chen JH, Zhang R (2011) A more secure authentication scheme for telecare medicine information systems. J Med Syst. doi:10.1007/s10916-011-9658-5
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209
Lin CL, Hwang T (2003) A password authentication scheme with secure password updating. Comput Secur 22(1):68–72
Liu FW, Koenig H (2011) Cryptanalysis of a SIP authentication scheme, in Communications and Multimedia Security, Springer Berlin/Heidelberg :134–143
Menezes AJ, Oorschot PC, Vanstone SA (1997) Handbook of applied cryptograph. CRC Press New York
Rosenberg J,Schulzrinne H, Camarillo G, Johnstone A, Peterson J, Sparks R (2002) SIP: session initiation protocol. IETF RFC3261
Thomas M (2001) SIP security requirements. IETF Internet Draft (draftthomas-sip-sec-reg-00.txt)
Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312–316
Veltri L, Salsano S, Papalilo D (2002) SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw 16(6):38–44
Xie Q (2011) A new authenticated key agreement for session initiation protocol. Int J Commun Syst. doi:10.1002/dac.1286
Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386
Yoon EJ, Yoo KY (2010) A three-factor authenticated key agreement scheme for SIP on elliptic curves, in Proceedings of the 2010 Fourth International Conference on Network and System Security 334–339
Yoon EJ, Koo KY (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27(3):203–213
Yoon EJ, Yoo KY (2009) Cryptanalysis of DS-SIP authentication scheme using ECDH, in 2009 International Conference on New Trends in Information and Service Science 642–647
Yoon EJ, Yoo KY (2009) A new authentication scheme for session initiation protocol, in 2009 International Conference on Complex, Intelligent and Software Intensive Systems, CISIS '09 549–554
Acknowledgements
We would like to thank the anonymous reviewers for their helpful comments.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Tang, H., Liu, X. Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 65, 321–333 (2013). https://doi.org/10.1007/s11042-012-1001-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-012-1001-8