An improved and provably secure privacy preserving authentication protocol for SIP

Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarante...

Full description

Saved in:
Bibliographic Details
Published in:Peer-to-peer networking and applications 2017-01, Vol.10 (1), p.1-15
Main Authors: Chaudhry, Shehzad Ashraf, Naqvi, Husnain, Sher, Muhammad, Farash, Mohammad Sabzinejad, Hassan, Mahmood Ul
Format: Article
Language:English
Subjects:
Authentication
Authentication protocols
Communications Engineering
Computer Communication Networks
Cryptography
Cybersecurity
Denial of service attacks
Engineering
Information Systems and Communication Service
Multimedia
Networks
Peer to peer computing
Privacy
Servers
Signal,Image and Speech Processing
Smart cards
Stopping
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarantee secure SIP based communication, a number of authentication schemes are proposed, typically most of these are based on smart card due to its temper resistance property. Recently Zhang et al. presented an authenticated key agreement scheme for SIP based on elliptic curve cryptography. However Tu et al. (Peer to Peer Netw. Appl 1–8, 2014 ) finds their scheme to be insecure against user impersonation attack, furthermore they presented an improved scheme and claimed it to be secure against all known attacks. Very recently Farash (Peer to Peer Netw. Appl 1–10, 2014 ) points out that Tu et al.’s scheme is vulnerable to server impersonation attack, Farash also proposed an improvement on Tu et al.’s scheme. However, our analysis in this paper shows that Tu et al.’s scheme is insecure against server impersonation attack. Further both Tu et al.’s scheme and Farash’s improvement do not protect user’s privacy and are vulnerable to replay and denial of services attacks. In order to cope with these limitations, we have proposed a privacy preserving improved authentication scheme based on ECC. The proposed scheme provides mutual authentication as well as resists all known attacks as mentioned by Tu et al. and Farash.
ISSN:1936-6442
1936-6450
DOI:10.1007/s12083-015-0400-9