An anonymous and secure authentication and key agreement scheme for session initiation protocol

Lin, Hao; Wen, Fuxi; Du, Chunxia

doi:10.1007/s11042-015-3220-2

Cited by 11 publications

(8 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this subsection, the estimated time of the proposed scheme was compared with other related protocols [1][2][3][4]. First, a personal smart device (iPhone 6s with ARM(armv8-a) CPU, 2GB RAM, and iOS 10.1.1 operating system) was used to calculate the execution time of SHA-256, symmetric encryption/decryption operation (AES-GCM), scalar multiplication on ECC (256bits), and modular multiplication.…”

Section: Performance Discussionmentioning

confidence: 99%

“…The proposed scheme was compared with other related schemes [1][2][3][4]. The comparison results are presented in Table 2, from which it is clear that our proposed scheme performed better in terms of security features.…”

Section: The Security Featuresmentioning

confidence: 99%

“…To guarantee a secure communication in SIP, a secure authentication with a key agreement scheme should be executed before the communication begins. For this reason, many related schemes for SIP have been proposed [1][2][3][4][5][6][7][8][9][10][11] in the past few years.In 2014, Zhang et al [1] proposed a flexible smart card based authentication scheme for SIP and claimed that it has strong security. However, Irshad et al [2] pointed out that Zhang et al's scheme is vulnerable to a DOS attack, and that it could become more secure by adding a few modifications.…”

mentioning

confidence: 99%

See 2 more Smart Citations

A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol

et al. 2018

View full text Add to dashboard Cite

Session initiation protocol (SIP) is the most widely used application layer control protocol for creating, modifying, and terminating session processes. Many authentication schemes have been proposed for SIP aimed at providing secure communication. Recently, a new authentication and key agreement scheme for SIP has been proposed, and it was claimed that it could resist a variety of attacks. However, in this paper, we show that this scheme is vulnerable to an offline password guessing attack and a stolen memory device attack. Furthermore, we show that it lacks the verification mechanism for a wrong password, and that the password updating process is not efficient. To mitigate the flaws and inefficiencies of this scheme, we design a new robust mutual authentication with a key agreement scheme for SIP. A security analysis revealed that our proposed scheme was robust to several kinds of attacks. In addition, the proposed scheme was simulated by the automatic cryptographic protocol tool ProVerif. A performance analysis showed that our proposed scheme was superior to other related schemes.Transport Protocol (RTP), Resource Reservation Protocol (RSVP), and so on. Therefore, since many parts of the infrastructure are in place or ready for use, there is no need to introduce new services to support the SIP infrastructure.Although users enjoy the services provided by SIP, security has emerged as a major issue because the transmitted data usually contains people's sensitive and private information. To guarantee a secure communication in SIP, a secure authentication with a key agreement scheme should be executed before the communication begins. For this reason, many related schemes for SIP have been proposed [1][2][3][4][5][6][7][8][9][10][11] in the past few years.In 2014, Zhang et al. [1] proposed a flexible smart card based authentication scheme for SIP and claimed that it has strong security. However, Irshad et al. [2] pointed out that Zhang et al.'s scheme is vulnerable to a DOS attack, and that it could become more secure by adding a few modifications. They then proposed an improved SIP scheme [2]. Unfortunately, Arshad et al. [3] later found that the scheme of Irshad et al. cannot resist a user impersonation attack. To overcome this weakness, Arshad et al. proposed a new efficient and secure scheme based on ECC [3]. Very recently, Lin et al. [4]demonstrated that the scheme of Arshad et al. is vulnerable to a server spoofing attack, a DOS attack, a privilege insider attack, and that it cannot achieve user anonymity. To mitigate these weaknesses, they proposed a new scheme for SIP using ECC.In this paper, we analyze the security of Lin et al.'s anonymous authentication and key agreement SIP scheme. We show that their scheme cannot withstand an offline password guessing attack nor a stolen memory device attack. Furthermore, Lin et al.'s scheme lacks a verification mechanism for a wrong password and the password updating process is not efficient. To overcome these flaws and inefficiencies, we propose a robust mutual authen...

show abstract

Section: Performance Discussionmentioning

confidence: 99%

Section: The Security Featuresmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol

et al. 2018

View full text Add to dashboard Cite

show abstract

“…In wireless communication, especially in the human-centered IoT environment, guaranteeing a secure SIP for the communication requires secure authentication with a key agreement protocol executed before actual communication is initiated. In order to fulfill this criterion, several SIP-based schemes have been proposed [6,12,13,32,33]. Specifically, Arshad and Nikooghadam presented an effective authentication scheme for a SIP based on elliptic curve cryptography (ECC).…”

Section: Related Workmentioning

confidence: 99%

An Efficient Fractional Chebyshev Chaotic Map-Based Three-Factor Session Initiation Protocol for the Human-Centered IoT Architecture

Meshram¹,

Lee

Bahkali

et al. 2023

Mathematics

View full text Add to dashboard Cite

One of the most frequently used signaling techniques for initiating, sustaining, and dismissing sessions on the internet is a session initiation protocol (SIP). Currently, SIPs are gaining widespread applications in the human-centered Internet of Things (HC-IoT) domain. In HC-IoT environments, sensitive user data are transmitted over open communication channels that require secure authentication to protect sensitive user information from unlawful exploitation. In order to provide robust authentication for critical user data, SIP-based authentication mechanisms have been proposed; however, these authentication schemes have not provided perfect authentication and effective security for users. Additionally, the existing schemes are computationally intensive and cost-prohibitive in design and implementation. In order to address this problem, especially in the human-centered IoT context, this work introduces a provably secure, lightweight, three-factor SIP-based scheme to tackle the shortcomings of traditional schemes. The presented scheme is based on an extended fractional Chebyshev chaotic map. A formal security verification of the session key in the real-or-random (ROR) model is conducted to evaluate the projected scheme. The investigation results indicate that the new scheme is SIP compatible and achieves secure mutual authentication with robust security features compared to the existing schemes. Therefore, the proposed SIP-enabled scheme can be deployed in the human-centered Internet of Things to secure critical user information.

show abstract

“…In the same year, Arshad and Nikooghadam [3] also presented a single factor method. However, in 2016 Lin et al [4] showed that the method proposed by Arshad and Nikooghadam [3] is vulnerable to privilege insider attack and server spoofing attack and does not provide user anonymity. Therefore, they presented a new single factor method.…”

Section: Overview Of Recent Workmentioning

confidence: 99%

Perfect forward secrecy in VoIP networks through design a lightweight and secure authenticated communication scheme

Ravanbakhsh

Mohammadi

Nikooghadam

2018

Multimed Tools Appl

View full text Add to dashboard Cite

In this research, we have tried to first focus on the previous work and after getting familiar with the base papers, focus on the main paper. In this paper, we try to determine the security problems in the proposed protocols and present appropriate solutions for them. One of the subjects studied by security and encryption researchers is the matter of authentication and key agreement in SIP. Recently, an authentication and key agreement protocol in SIP has been presented in a scheme. In this paper, it was proven that their presented protocol is vulnerable to the replay attack. Such that if an attacker resends the messages sent on the public channel back to the server, the server does not notice the duplicate messages and proceeds with the session process. Also, their protocol is not resistant to the temporary parameter disclosure attack and it is possible for the attacker to discover the session key in case the temporary parameters are disclosed. Furthermore, user anonymity does neither provide re-registration prevention with the real user ID nor early detection. In this paper, we have tried to present a protocol which prevents replay and parameter disclosure attacks.

show abstract

An anonymous and secure authentication and key agreement scheme for session initiation protocol

Cited by 11 publications

References 17 publications

A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol

A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol

An Efficient Fractional Chebyshev Chaotic Map-Based Three-Factor Session Initiation Protocol for the Human-Centered IoT Architecture

Perfect forward secrecy in VoIP networks through design a lightweight and secure authenticated communication scheme

Contact Info

Product

Resources

About