nach oben

The Journal of Supercomputing

Erschienen in:

01.08.2015

Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol

verfasst von: Hamed Arshad, Morteza Nikooghadam

Erschienen in: The Journal of Supercomputing | Ausgabe 8/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Authentication is an important security requirement for session initiation protocol (SIP). The conventional authentication method for SIP is HTTP Digest authentication which is insecure against several security attacks. Hence, several authentication schemes have been proposed for SIP. Most recently, Jiang et al. and Yeh et al. proposed two separate authentication and key agreement schemes for SIP using smart cards. The present paper shows that Jiang et al.’s scheme is vulnerable to user impersonation attacks and Yeh et al.’s scheme is insecure against offline password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned drawbacks, this paper proposes a new two-factor authentication and key agreement scheme for SIP. Security and performance analyses show that the proposed scheme not only enhances the security, but also improves the efficiency.

Vorheriger Artikel A GPU-based implementations of the fuzzy C-means algorithms for medical image segmentation

Nächster Artikel Maximizing destructiveness of node capture attack in wireless sensor networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R (2002) SIP: session initiation protocol. IETF RFC3261

Arshad H, Nikooghadam M (2014) Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J Med Syst. doi:10.1007/s10916-014-0136-8

Franks J, Hallam-Baker PM, Hostetler JL, Lawrence SD, Leach PJ, Luotonen A, Stewart LC (1999) HTTP authentication: basic and digest access authentication. IETF RFC2617

Salsano S, Veltri L, Papalilo D (2002) SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw 16:38–44CrossRef

Geneiatakis D, Dagiuklas T, Kambourakis G, Lambrinoudakis C, Gritzalis S, Ehlert S, Sisalem D (2006) Survey of security vulnerabilities in session initial protocol. IEEE Commun Surv Tutor 8(3):68–81CrossRef

Sisalem D, Kuthan J, Ehlert S (2006) Denial of service attacks targeting a Sip VoIP infrastructure: stack scenarios and prevention mechanisms. IEEE Network 20(5):26–31CrossRef

Yang CC, Wang RC, Liu WT (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24:381–386CrossRef

Yoon EJ, Yoo KY, Kim C, Hong Y, Jo M, Chen H (2010) A secure and efficient SIP authentication scheme for converged VoIP networks. Comput Commun 33(14):1674–1681CrossRef

Tang H, Liu X (2013) Cryptanalysis of Arshad et al’.s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 65((3)):321–333MathSciNetCrossRef

10.

Durlanik A, Sogukpinar I (2005) SIP authentication scheme using ECDH. World Enformatika Soc Trans Eng Comput Technol 8:350–353

11.

Hankerson D, Menezes A, Vanstone S (2004) Guide to elliptic curve cryptography. Springer, New YorkMATH

12.

Yoon EJ, Yoo KY (2009) Cryptanalysis of DS-SIP authentication scheme using ECDH. In: 2009 international conference on new trends in information and service science, pp 642–647

13.

Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for SIP using ECC. Comput Stand Interfaces 31(2):286–291CrossRef

14.

Liu FW, Koenig H (2011) Cryptanalysis of a SIP authentication scheme. 12th IFIP TC6/TC11 international conference, CMS 2011. Ghent, Belgium, pp 134–143

15.

Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. Int J Netw Secur 8(3):312–316

16.

Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178CrossRef

17.

He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429CrossRef

18.

Pu Q, Wang J, Wu S (2013) Secure SIP authentication scheme supporting lawful interception. Secur Commun Netw 6:340–350CrossRef

19.

Irshad A, Sher M, Faisal MS, Ghani A, Hassan MU, Ashraf ChS (2014) A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur Commun Netw 7:1210–1218CrossRef

20.

Arshad H, Nikooghadam M (2014) An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed Tools Appl. doi:10.1007/s11042-014-2282-x

21.

Zhang L, Tang S, Cai Z (2013) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst. doi:10.1002/dac.2499

22.

Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw. Appl. doi:10.1007/s12083-014-0248-4

23.

Zhang L, Tang S, Cai Z (2014) Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards. Secur Commun Netw. doi:10.1002/sec.951

24.

Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al. Int J Commun Syst. doi:10.1002/dac.2767

25.

Irshad A, Sher M, Rehman E, Ashraf ChS, Hassan MU, Ghani A (2013) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl. doi:10.1007/s11042-013-1807-z

26.

Farash MS (2014) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw. Appl. doi:10.1007/s12083-014-0315-x

27.

Farash MS (2014) An improved password-based authentication scheme for session initiation protocol using smart cards without verification table. Int J Commun Syst. doi:10.1002/dac.2879

28.

Yeh HL, Chen TH, Shih WK (2014) Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Comput Stand Interfaces 36(2):397–402CrossRef

29.

Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Advances in Cryptology, CRYPTO’991999. 1666:788–797

30.

Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552MathSciNetCrossRef

31.

He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Inf Fusion 13(3):223–230CrossRef

32.

Koblitz N, Menezes A, Vanstone S (2000) The state of elliptic curve cryptography. Des Code Cryotogr 19:173–193MathSciNetCrossRefMATH

Titel: Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol
verfasst von: Hamed Arshad
Morteza Nikooghadam
Publikationsdatum: 01.08.2015
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 8/2015
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-015-1434-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 8/2015

A GPU-based implementations of the fuzzy C-means algorithms for medical image segmentation

A framework for evaluating comprehensive fault resilience mechanisms in numerical programs

Erratum to: Special section on support technology and architecture for networked and distributed applications in big data era

Evolutionary optimization of neural networks with heterogeneous computation: study and implementation

A statistical performance analyzer framework for OpenCL kernels on Nvidia GPUs

Power-efficient prefetching on GPGPUs