Cryptanalysis and Improvement of a User Authentication Scheme for SIP

  • Devender Kumar
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 18)

Abstract

Recently, Lu et al. discussed a user authentication scheme for session initiation protocol(SIP) using elliptic curve cryptography (ECC). In this paper, we cryptanalyze this scheme and find that it is not resistant to the insider attack besides user anonymity. We improve this scheme by overcoming its weaknesses. We show using the Burrows-Abadi-Needham (BAN) logic that our scheme offers mutual authentication. We examine the security of our scheme informally to show that it is secured against various known attacks. Our scheme is more secured than the other related schemes (Lu et al., Inf Techno Control 45(4):393–400, 2016; Arshad and Ikram, Multimed Tools Appl 66(2):165–178, 2013; Kumari et al., Peer-to-Peer Netw Appl 10(1):92–105, 2017; Chaudhry et al., Peer-to-Peer Netw Appl 10(1):1–15, 2017).

Keywords

Authentication user anonymity insider attack session initiation protocol elliptic curve cryptography 

References

  1. 1.
    R. Arshad, N. Ikram, Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed. Tools Appl. 66(2), 165–178 (2013)CrossRefGoogle Scholar
  2. 2.
    M. Burrows, M. Abadi, R.M. Needham, A logic of authentication, in Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering Sciences, vol. 426 (The Royal Society, 1989), pp. 233–271MathSciNetCrossRefGoogle Scholar
  3. 3.
    S.A. Chaudhry, M.S. Farash, H. Naqvi, S. Kumari, M.K. Khan, An enhanced privacy preserving remote user authentication scheme with provable security. Secur. Commun. Netw. 8(18), 3782–3795 (2015)CrossRefGoogle Scholar
  4. 4.
    S.A. Chaudhry, H. Naqvi, M. Sher, M.S. Farash, M.U. Hassan, An improved and provably secure privacy preserving authentication protocol for SIP. Peer Peer Netw. Appl. 10(1), 1–15 (2017)CrossRefGoogle Scholar
  5. 5.
    W. Diffie, M. Hellman, New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  6. 6.
    A. Durlanik, I. Sogukpinar, SIP authentication scheme using ECDH. Screen 137, 3367 (2005)Google Scholar
  7. 7.
    M. Heydari, S.M.S. Sadough, M.S. Farash, S.A. Chaudhry, K. Mahmood, An efficient password-based authenticated key exchange protocol with provable security for mobile client–client networks. Wirel. Pers. Commun. 88(2), 337–356 (2016)CrossRefGoogle Scholar
  8. 8.
    H.H. Kilinc, T. Yanik, A survey of SIP authentication and key agreement schemes. IEEE Commun. Surv. Tutorials 16(2), 1005–1023 (2014)CrossRefGoogle Scholar
  9. 9.
    S. Kumari, S.A. Chaudhry, F. Wu, X. Li, M.S. Farash, M.K. Khan, An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw. Appl. 10(1), 92–105 (2017)CrossRefGoogle Scholar
  10. 10.
    L. Lamport, Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Y. Lu, L. Li, H. Peng, Y. Yang, An advanced elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Inf. Technol. Control 45(4), 393–400 (2016)Google Scholar
  12. 12.
    S. Salsano, L. Veltri, D. Papalilo, SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw. 16(6), 38–44 (2002)CrossRefGoogle Scholar
  13. 13.
    J.L. Tsai, Efficient nonce-based authentication scheme for session initiation protocol. IJ Netw. Secur. 9(1), 12–16 (2009)Google Scholar
  14. 14.
    J.L. Tsai, N.W. Lo, T.C. Wu, Novel anonymous authentication scheme using smart cards. IEEE Trans. Ind. Inf. 9(4), 2004–2013 (2013)CrossRefGoogle Scholar
  15. 15.
    C.C. Yang, R.C. Wang, W.T. Liu, Secure authentication scheme for session initiation protocol. Comput. Secur. 24(5), 381–386 (2005)CrossRefGoogle Scholar
  16. 16.
    H.L. Yeh, T.H. Chen, W.K. Shih, Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Comput. Stand. Interfaces 36(2), 397–402 (2014)CrossRefGoogle Scholar
  17. 17.
    E.J. Yoon, K.Y. Yoo, Cryptanalysis of DS-SIP authentication scheme using ECDH, in 3rd International Conference on New Trends in Information and Service Science (IEEE, 2009), pp. 642–647Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Devender Kumar
    • 1
  1. 1.Department of Information TechnologyNSITNew DelhiIndia

Personalised recommendations