Abstract
Authentication is the most security service required by Session Initiation Protocol (SIP). In recently years, Zhang et al. proposed for the first time an efficient and flexible authentication protocol for SIP using smart card and Elliptic Curve Cryptography. But, in 2014, Zhang et al. showed that their latest proposed protocol is vulnerable to impersonation attack. In order to improve their protocol, Zhang et al. proposed a second protocol. However, in this work we demonstrate that Zhang et al.’s protocol is vulnerable to server spoofing attack. Furthermore to overcome the weakness of Zhang et al.’s protocol we propose an improved and secured SIP authentication and key exchange protocol. The security analysis shows that our proposed protocol can resist to various attack including server spoofing attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261 (Proposed Standard). Updated by RFCs 3265, 3853, 4320, 4916, 5393, June 2002
Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP Authentication: Basic and Digest Access Authentication, June 1999
Durlanik, A., Sogukpinar, I.: SIP authentication scheme using ECDH. World Enformatika Soc. Trans. Eng. Comput. Technol. 8, 350–353 (2005)
Huang, H., Wei, W., Brown, G.E.: A new efficient authentication scheme for session initiation protocol. In: Proceedings of the 9th Joint Conference on Information Sciences (2006)
Yoon, E.J., Yoo, K.Y., Kim, C., Hong, Y.S., Jo, M., Chen, H.H.: A secure and efficient SIP authentication scheme for converged VoIP networks. Comput. Commun. 33(14), 1674–1681 (2010)
Liu, W., Koenig, H.: Cryptanalysis of a SIP authentication scheme. In: 12th IFIP TC6/TC11 International Conference, CMS 2011. Lecture Notes in Computer Science, vol. 7025, pp. 134–143 (2011)
Xie, Q.: A new authenticated key agreement for session initiation protocol. Int. J. Commun. Syst. 25(1), 47–54 (2012)
Zhang, L., Tang, S., Cai, Z.: Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int. J. Commun. Syst. 27(11), 2691–2702 (2013)
Wu, K., Gong, P., Wang, J., Yan, X., Li, P.: An improved authentication protocol for session initiation protocol using smart card and elliptic curve cryptography. Rom. J. Inf. Sci. Technol. 16(4), 324–335 (2013)
Tu, H., Kumar, N., Chilamkurti, N., Rho, S.: An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Netw. Appl., 1936–6442 (2013). doi:10.1007/s12083-014-0248-4
Jiang, Q., Ma, J., Tian, Y.: Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang et al. Int. J. Commun. Syst. 28(7), 1340–1351 (2014)
Zhang, L., Tang, S., Cai, Z.: Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards. Secur. Commun. Netw. 7, 2405–2411 (2014)
Farash, M.S.: Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Netw. Appl. doi:10.1007/s12083-014-0315-x
Mishra, D., Das, A.K., Mukhopadhyay, S.: A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Netw. Appl. doi:10.1007/s12083-014-0321-z
Zhu, W., Chen, J., He, D.: Enhanced authentication protocol for session initiation protocol using smart card. Int. J. Electr. Secur. Digital Forensics 7(40), 330–342 (2015)
Chaudhry, S.A., Mahmood, K., Naqvi, H., Sher, M.: A secure authentication scheme for session initiation protocol based on elliptic curve cryptography. In: 2015 IEEE International Conference on Computer and Information Technology, Ubiquitous Computing and Communications. Dependable, Autonomic and Secure Computing, Pervasive Intelligence and Computing (2015)
Kumari, S., Chaudhry, S.A., Wu, F., Li, X., Farash, M.S., Khan, M.K.: An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw. Appl. 10, 92–105 (2015)
Arshad, H., Nikooghadam, M.: An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed Tools Appl. 75, 181–197 (2014)
Lin, H., Wen, F., Du, C.: An anonymous and secure authentication and key agreement scheme for session initiation protocol. Multimed Tools Appl. 76, 2315–2329 (2016)
Azrour, M., Farhaoui, Y., Ouanan, M.: A new secure authentication and key exchange protocol for session initiation protocol using smart card. Int. J. Netw. Secur. 19(6), 866–875 (2017). doi:10.6633/IJNS.201711.19(6).2)
Azrour, M., Ouanan, M., Farhaoui, Y.: SIP authentication protocols based on elliptic curve cryptography: survey and comparison. Indones. J. Electr. Eng. Comput. Sci. 4(1), 231–239 (2016)
Azrour, M., Farhaoui, Y., Ouanan, M.: Cryptanalysis of Farash et al.’s SIP authentication protocol. Int. J. Dyn. Syst. Differ. Equ. (in press)
Azrour, M., Farhaoui, Y., Ouanan, M., et al.: A server spoofing attack on Zhang et al. SIP authentication protocol. Int. J. Tomogr. Simul. 30(3), 47–58 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Azrour, M., Farhaoui, Y., Ouanan, M. (2018). Weakness in Zhang et al.’s Authentication Protocol for Session Initiation Protocol. In: Ezziyyani, M., Bahaj, M., Khoukhi, F. (eds) Advanced Information Technology, Services and Systems. AIT2S 2017. Lecture Notes in Networks and Systems, vol 25. Springer, Cham. https://doi.org/10.1007/978-3-319-69137-4_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-69137-4_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69136-7
Online ISBN: 978-3-319-69137-4
eBook Packages: EngineeringEngineering (R0)