Multimedia Tools and Applications

, Volume 75, Issue 23, pp 16017–16038 | Cite as

Design of a password-based authenticated key exchange protocol for SIP



The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. In recent years, password-based authenticated key exchange protocols are designed to provide strong authentication for SIP. In this paper, we address this problem in two-party setting where the user and server try to authenticate each other, and establish a session key using a shared password. We aim to propose a secure and anonymous authenticated key exchange protocol, which can achieve security and privacy goal without increasing computation and communication overhead. Through the analysis, we show that the proposed protocol is secure, and has computational and computational overheads comparable to related authentication protocols for SIP using elliptic curve cryptography. The proposed protocol is also provably secure in the random oracle model.


Session initiation protocol (SIP) Elliptic curve cryptography (ECC) Authentication Key agreement Anonymity 


Conflict of interests

The author declares that he has no conflict of interest.


  1. 1.
    Abdalla M, Pointcheval D (2005) Interactive diffie-hellman assumptions with applications to password-based authentication. In: Financial Cryptography and Data Security. Springer, pp 341–356Google Scholar
  2. 2.
    Arkko J, Torvinen V, Camarillo G, Niemi A, Haukka T (2003) Security mechanism agreement for sip sessions, draft-ietfsip-sec-agree-04. txtGoogle Scholar
  3. 3.
    Arshad R, Ikram N (2013) Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed Tools Appl 66(2):165–178CrossRefGoogle Scholar
  4. 4.
    Arshad H, Nikooghadam M (2014) An efficient and secure authentication and key agreement scheme for session initiation protocol using ecc, Multimedia Tools and Applications, pp 1–17. doi: 10.1007/s11042-014-2282-x
  5. 5.
    Bellare M, Canetti R, Krawczyk H (1996) Keying hash functions for message authentication. In: Advances in Cryptology (CRYPTO’96). Springer, pp 1–15Google Scholar
  6. 6.
    Boyd C, Mao W (1994) On a limitation of ban logic. In: Advances in CryptologyEUROCRYPT93. Springer, pp 240–247Google Scholar
  7. 7.
    Burrows M, Abadi M, Needham RM (1989) A logic of authentication, Proceedings of the Royal Society of London. A Math Phys Sci 426(1871):233–271MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Durlanik A, Sogukpinar I (2005) Sip authentication scheme using ecdh. World Enformatika Socity Transations on Engineering Computing and Technology 8:350–353Google Scholar
  10. 10.
    Farash M (2014) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security, Peer-to-Peer Networking and Applications, pp 1–10. doi: 10.1007/s12083-014-0315-x
  11. 11.
    Farash M, Attari M (2014) A provably secure and efficient authentication scheme for access control in mobile pay-tv systems. Multimed Tools Appl:1–20. doi: 10.1007/s11042-014-2296-4
  12. 12.
    Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inf Technol Control 42(4):333–342Google Scholar
  13. 13.
    Gokhroo M, Jaidhar C, Tomar A (2011) Cryptanalysis of sip secure and efficient authentication scheme. In: IEEE 3rd International Conference on Communication Software and Networks (ICCSN-2011). IEEE, pp 308–310Google Scholar
  14. 14.
    He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inf Fusion 13(3):223–230CrossRefGoogle Scholar
  15. 15.
    He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Secur Commun Netw 5(12):1423–1429CrossRefGoogle Scholar
  16. 16.
    He D, Kumar N, Chen J, Lee Cc, Ilamkurti NC, Yeo SS (2013) Robust anonymous authentication protocol for health-care applications using wireless. Med Sensor Netw 21(1):49–60Google Scholar
  17. 17.
    Huang H-F, Wei W-C (2006) A new efficient authentication scheme for session initiation protocol. Computing 1(2):1–3Google Scholar
  18. 18.
    Irshad A, Sher M, Rehman E, Ch S, Hassan M, Ghani A (2013) A single round-trip sip authentication scheme for voice over internet protocol using smart card, Multimedia Tools and Applications, pp 1–18. doi: 10.1007/s11042-013-1807-z
  19. 19.
    Islam SH (2014) Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dyn 78(3):2261–2276MathSciNetCrossRefGoogle Scholar
  20. 20.
    Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang et al., International Journal of Communication Systems. doi: 10.1002/dac.2767
  21. 21.
    Jo H, Lee Y, Kim M, Kim S, Won D (2009) Off-line password-guessing attack to Yang’s and Huang’s authentication schemes for session initiation protocol. In: Fifth International Joint Conference on INC, IMS and IDC (NCM ’09), pp 618–621. doi: 10.1109/NCM.2009.251
  22. 22.
    Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Miller VS (1986) Use of elliptic curves in cryptography. In: Advances in Cryptology (CRYPTO’85). Springer, pp 417–426Google Scholar
  24. 24.
    Mishra D, Mukhopadhyay S (2013) Cryptanalysis of Pairing-Free Identity-Based Authenticated Key Agreement Protocols. In: Inf Syst Secur. LNCS, pp 247–254Google Scholar
  25. 25.
    Pu Q (2010) Weaknesses of sip authentication scheme for converged voip networks. IACR Cryptol ePrint Arch 2010:464Google Scholar
  26. 26.
    Riaz S, Lee S-W (2014) A robust multimedia authentication and restoration scheme in digital photography. Multimed Tools Appl 73(3):1291–1321. doi: 10.1007/s11042-013-1592-8 CrossRefGoogle Scholar
  27. 27.
    Rosenberg J, Schulzrinne H, Camarillo G, Johnston A, Peterson J, Sparks R, Handley M, Schooler E, et al. (2002) Sip: session initiation protocol, Technical Report, RFC 3261, Internet Engineering Task ForceGoogle Scholar
  28. 28.
    Salsano S, Veltri L, Papalilo D (2002) Sip security issues: the sip authentication procedure and its processing load. IEEE Netw 16(6):38–44CrossRefGoogle Scholar
  29. 29.
    Secure Hash Standard (1995) FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of CommerceGoogle Scholar
  30. 30.
    Syverson P, Cervesato I (2001) The logic of authentication protocols. In: Foundations of Security Analysis and Design. Springer, pp 63–137Google Scholar
  31. 31.
    Thomas M et al (2001) IETF Intemet dren (draftthomas-sip-sec-reg’OO. txt, Sip security requirementsGoogle Scholar
  32. 32.
    Tsai JL (2009) Efficient nonce-based authentication scheme for session initiation protocol. IJ Netw Secur 9(1):12–16Google Scholar
  33. 33.
    Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card, Peer-to-Peer Networking and Applications, pp 1936–6442. doi: 10.1007/s12083-014-0248-4
  34. 34.
    Wu L, Zhang Y, Wang F (2009) A new provably secure authentication and key agreement protocol for sip using ecc. Comput Stand Interf 31(2):286–291CrossRefGoogle Scholar
  35. 35.
    Wu S, Pu Q, Kang F (2013) Practical authentication scheme for sip. Peer-to-Peer Netw Appl 6(1):61–74CrossRefGoogle Scholar
  36. 36.
    Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54CrossRefGoogle Scholar
  37. 37.
    Xu J, Zhu W-T, Feng D-G (2009) An improved smart card based password authentication scheme with provable security. Comput Stand Interfaces 31(4):723–728CrossRefGoogle Scholar
  38. 38.
    Yang C-C, Wang R-C, Liu W-T (2005) Secure authentication scheme for session initiation protocol. Comput Secur 24(5):381–386CrossRefGoogle Scholar
  39. 39.
    Yeh H-L, Chen T-H, Shih W-K (2014) Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Comput Stand Interf 36(2):397–402CrossRefGoogle Scholar
  40. 40.
    Yi X, Zheng G, Li M, Ma H, Zheng C (2014) Efficient authentication of scalable media streams over wireless networks. Multimed Tools Appl 71(3):1913–1935. doi: 10.1007/s11042-012-1324-5 CrossRefGoogle Scholar
  41. 41.
    Yoon E-J, Yoo K-Y, Kim C, Hong Y-S, Jo M, Chen H-H (2010) A secure and efficient sip authentication scheme for converged voip networks. Comput Commun 33(14):1674–1681CrossRefGoogle Scholar
  42. 42.
    Yoon E-J, Shin Y-N, Jeon I-S, Yoo K-Y (2010) Robust mutual authentication with a key agreement scheme for the session initiation protocol. IETE Tech Rev 27(3):203–213CrossRefGoogle Scholar
  43. 43.
    Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card, International Journal of Communication Systems. doi: 10.1002/dac.2499
  44. 44.
    Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong H-Y (2014) A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography, Multimedia Tools and Applications, pp 1–12. doi: 10.1007/s11042-014-1885-6

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Department of MathematicsThe LNM Institute of Information TechnologyJaipurIndia

Personalised recommendations