Weakness in Zhang et al.’s Authentication Protocol for Session Initiation Protocol

Azrour, Mourade; Farhaoui, Yousef; Ouanan, Mohammed

doi:10.1007/978-3-319-69137-4_22

Mourade Azrour⁵,
Yousef Farhaoui⁵ &
Mohammed Ouanan⁵

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 25))

Included in the following conference series:

International Conference on Advanced Information Technology, Services and Systems

845 Accesses
1 Citations

Abstract

Authentication is the most security service required by Session Initiation Protocol (SIP). In recently years, Zhang et al. proposed for the first time an efficient and flexible authentication protocol for SIP using smart card and Elliptic Curve Cryptography. But, in 2014, Zhang et al. showed that their latest proposed protocol is vulnerable to impersonation attack. In order to improve their protocol, Zhang et al. proposed a second protocol. However, in this work we demonstrate that Zhang et al.’s protocol is vulnerable to server spoofing attack. Furthermore to overcome the weakness of Zhang et al.’s protocol we propose an improved and secured SIP authentication and key exchange protocol. The security analysis shows that our proposed protocol can resist to various attack including server spoofing attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261 (Proposed Standard). Updated by RFCs 3265, 3853, 4320, 4916, 5393, June 2002
Google Scholar
Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP Authentication: Basic and Digest Access Authentication, June 1999
Google Scholar
Durlanik, A., Sogukpinar, I.: SIP authentication scheme using ECDH. World Enformatika Soc. Trans. Eng. Comput. Technol. 8, 350–353 (2005)
Google Scholar
Huang, H., Wei, W., Brown, G.E.: A new efficient authentication scheme for session initiation protocol. In: Proceedings of the 9th Joint Conference on Information Sciences (2006)
Google Scholar
Yoon, E.J., Yoo, K.Y., Kim, C., Hong, Y.S., Jo, M., Chen, H.H.: A secure and efficient SIP authentication scheme for converged VoIP networks. Comput. Commun. 33(14), 1674–1681 (2010)
Article Google Scholar
Liu, W., Koenig, H.: Cryptanalysis of a SIP authentication scheme. In: 12th IFIP TC6/TC11 International Conference, CMS 2011. Lecture Notes in Computer Science, vol. 7025, pp. 134–143 (2011)
Google Scholar
Xie, Q.: A new authenticated key agreement for session initiation protocol. Int. J. Commun. Syst. 25(1), 47–54 (2012)
Article Google Scholar
Zhang, L., Tang, S., Cai, Z.: Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int. J. Commun. Syst. 27(11), 2691–2702 (2013)
Google Scholar
Wu, K., Gong, P., Wang, J., Yan, X., Li, P.: An improved authentication protocol for session initiation protocol using smart card and elliptic curve cryptography. Rom. J. Inf. Sci. Technol. 16(4), 324–335 (2013)
Google Scholar
Tu, H., Kumar, N., Chilamkurti, N., Rho, S.: An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw. Appl., 1936–6442 (2013). doi:10.1007/s12083-014-0248-4
Jiang, Q., Ma, J., Tian, Y.: Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang et al. Int. J. Commun. Syst. 28(7), 1340–1351 (2014)
Article Google Scholar
Zhang, L., Tang, S., Cai, Z.: Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards. Secur. Commun. Netw. 7, 2405–2411 (2014)
Article Google Scholar
Farash, M.S.: Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw. Appl. doi:10.1007/s12083-014-0315-x
Mishra, D., Das, A.K., Mukhopadhyay, S.: A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Netw. Appl. doi:10.1007/s12083-014-0321-z
Zhu, W., Chen, J., He, D.: Enhanced authentication protocol for session initiation protocol using smart card. Int. J. Electr. Secur. Digital Forensics 7(40), 330–342 (2015)
Article Google Scholar
Chaudhry, S.A., Mahmood, K., Naqvi, H., Sher, M.: A secure authentication scheme for session initiation protocol based on elliptic curve cryptography. In: 2015 IEEE International Conference on Computer and Information Technology, Ubiquitous Computing and Communications. Dependable, Autonomic and Secure Computing, Pervasive Intelligence and Computing (2015)
Google Scholar
Kumari, S., Chaudhry, S.A., Wu, F., Li, X., Farash, M.S., Khan, M.K.: An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw. Appl. 10, 92–105 (2015)
Article Google Scholar
Arshad, H., Nikooghadam, M.: An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed Tools Appl. 75, 181–197 (2014)
Article Google Scholar
Lin, H., Wen, F., Du, C.: An anonymous and secure authentication and key agreement scheme for session initiation protocol. Multimed Tools Appl. 76, 2315–2329 (2016)
Article Google Scholar
Azrour, M., Farhaoui, Y., Ouanan, M.: A new secure authentication and key exchange protocol for session initiation protocol using smart card. Int. J. Netw. Secur. 19(6), 866–875 (2017). doi:10.6633/IJNS.201711.19(6).2)
Google Scholar
Azrour, M., Ouanan, M., Farhaoui, Y.: SIP authentication protocols based on elliptic curve cryptography: survey and comparison. Indones. J. Electr. Eng. Comput. Sci. 4(1), 231–239 (2016)
Article Google Scholar
Azrour, M., Farhaoui, Y., Ouanan, M.: Cryptanalysis of Farash et al.’s SIP authentication protocol. Int. J. Dyn. Syst. Differ. Equ. (in press)
Google Scholar
Azrour, M., Farhaoui, Y., Ouanan, M., et al.: A server spoofing attack on Zhang et al. SIP authentication protocol. Int. J. Tomogr. Simul. 30(3), 47–58 (2017)
Google Scholar

Download references

Author information

Authors and Affiliations

M2I Laboratory, ASIA Team, Department of Computer Science, Faculty of Sciences and Techniques, Moulay Ismail University, Errachidia, Morocco
Mourade Azrour, Yousef Farhaoui & Mohammed Ouanan

Authors

Mourade Azrour
View author publications
You can also search for this author in PubMed Google Scholar
Yousef Farhaoui
View author publications
You can also search for this author in PubMed Google Scholar
Mohammed Ouanan
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mourade Azrour .

Editor information

Editors and Affiliations

Faculty of Sciences and Technologies, Tangier, Morocco
Mostafa Ezziyyani
Faculty of Sciences and Technologies, University Hassan 1st, Settat, Morocco
Mohamed Bahaj
Faculty of Sciences and Technologies, Mohammedia, Morocco
Faddoul Khoukhi

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Azrour, M., Farhaoui, Y., Ouanan, M. (2018). Weakness in Zhang et al.’s Authentication Protocol for Session Initiation Protocol. In: Ezziyyani, M., Bahaj, M., Khoukhi, F. (eds) Advanced Information Technology, Services and Systems. AIT2S 2017. Lecture Notes in Networks and Systems, vol 25. Springer, Cham. https://doi.org/10.1007/978-3-319-69137-4_22

Download citation

DOI: https://doi.org/10.1007/978-3-319-69137-4_22
Published: 12 November 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69136-7
Online ISBN: 978-3-319-69137-4
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics