Cryptanalysis and Improvement of a User Authentication Scheme for SIP

Kumar, Devender

doi:10.1007/978-3-319-75626-4_2

Devender Kumar⁴

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 18))

Included in the following conference series:

International Conference on Wireless Intelligent and Distributed Environment for Communication

294 Accesses

Abstract

Recently, Lu et al. discussed a user authentication scheme for session initiation protocol(SIP) using elliptic curve cryptography (ECC). In this paper, we cryptanalyze this scheme and find that it is not resistant to the insider attack besides user anonymity. We improve this scheme by overcoming its weaknesses. We show using the Burrows-Abadi-Needham (BAN) logic that our scheme offers mutual authentication. We examine the security of our scheme informally to show that it is secured against various known attacks. Our scheme is more secured than the other related schemes (Lu et al., Inf Techno Control 45(4):393–400, 2016; Arshad and Ikram, Multimed Tools Appl 66(2):165–178, 2013; Kumari et al., Peer-to-Peer Netw Appl 10(1):92–105, 2017; Chaudhry et al., Peer-to-Peer Netw Appl 10(1):1–15, 2017).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Softcover Book: USD 169.99; Price excludes VAT (USA)

Hardcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

R. Arshad, N. Ikram, Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed. Tools Appl. 66(2), 165–178 (2013)
Article Google Scholar
M. Burrows, M. Abadi, R.M. Needham, A logic of authentication, in Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering Sciences, vol. 426 (The Royal Society, 1989), pp. 233–271
Article MathSciNet Google Scholar
S.A. Chaudhry, M.S. Farash, H. Naqvi, S. Kumari, M.K. Khan, An enhanced privacy preserving remote user authentication scheme with provable security. Secur. Commun. Netw. 8(18), 3782–3795 (2015)
Article Google Scholar
S.A. Chaudhry, H. Naqvi, M. Sher, M.S. Farash, M.U. Hassan, An improved and provably secure privacy preserving authentication protocol for SIP. Peer Peer Netw. Appl. 10(1), 1–15 (2017)
Article Google Scholar
W. Diffie, M. Hellman, New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)
Article MathSciNet Google Scholar
A. Durlanik, I. Sogukpinar, SIP authentication scheme using ECDH. Screen 137, 3367 (2005)
Google Scholar
M. Heydari, S.M.S. Sadough, M.S. Farash, S.A. Chaudhry, K. Mahmood, An efficient password-based authenticated key exchange protocol with provable security for mobile client–client networks. Wirel. Pers. Commun. 88(2), 337–356 (2016)
Article Google Scholar
H.H. Kilinc, T. Yanik, A survey of SIP authentication and key agreement schemes. IEEE Commun. Surv. Tutorials 16(2), 1005–1023 (2014)
Article Google Scholar
S. Kumari, S.A. Chaudhry, F. Wu, X. Li, M.S. Farash, M.K. Khan, An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw. Appl. 10(1), 92–105 (2017)
Article Google Scholar
L. Lamport, Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)
Article MathSciNet Google Scholar
Y. Lu, L. Li, H. Peng, Y. Yang, An advanced elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Inf. Technol. Control 45(4), 393–400 (2016)
Google Scholar
S. Salsano, L. Veltri, D. Papalilo, SIP security issues: the SIP authentication procedure and its processing load. IEEE Netw. 16(6), 38–44 (2002)
Article Google Scholar
J.L. Tsai, Efficient nonce-based authentication scheme for session initiation protocol. IJ Netw. Secur. 9(1), 12–16 (2009)
Google Scholar
J.L. Tsai, N.W. Lo, T.C. Wu, Novel anonymous authentication scheme using smart cards. IEEE Trans. Ind. Inf. 9(4), 2004–2013 (2013)
Article Google Scholar
C.C. Yang, R.C. Wang, W.T. Liu, Secure authentication scheme for session initiation protocol. Comput. Secur. 24(5), 381–386 (2005)
Article Google Scholar
H.L. Yeh, T.H. Chen, W.K. Shih, Robust smart card secured authentication scheme on SIP using elliptic curve cryptography. Comput. Stand. Interfaces 36(2), 397–402 (2014)
Article Google Scholar
E.J. Yoon, K.Y. Yoo, Cryptanalysis of DS-SIP authentication scheme using ECDH, in 3rd International Conference on New Trends in Information and Service Science (IEEE, 2009), pp. 642–647
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Information Technology, NSIT, New Delhi, India
Devender Kumar

Authors

Devender Kumar
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, Ryerson University, Toronto, Ontario, Canada
Isaac Woungang
CAITFS, Division of Information Technology, Netaji Subhas Institute of Technology, University of Delhi, New Delhi, India
Sanjay Kumar Dhurandher

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kumar, D. (2018). Cryptanalysis and Improvement of a User Authentication Scheme for SIP. In: Woungang, I., Dhurandher, S. (eds) International Conference on Wireless, Intelligent, and Distributed Environment for Communication. WIDECOM 2018. Lecture Notes on Data Engineering and Communications Technologies, vol 18. Springer, Cham. https://doi.org/10.1007/978-3-319-75626-4_2

Download citation

DOI: https://doi.org/10.1007/978-3-319-75626-4_2
Published: 18 April 2018
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75625-7
Online ISBN: 978-3-319-75626-4
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics