Loading…
An improved and provably secure privacy preserving authentication protocol for SIP
Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarante...
Saved in:
| Published in: | Peer-to-peer networking and applications 2017-01, Vol.10 (1), p.1-15 |
|---|---|
| Main Authors: | , , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c415t-c0b0bef14fb66cbfdd8b50d5b91aa9fd0a1a4d086e8b2c6d2a6a6a46fd532ea93 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c415t-c0b0bef14fb66cbfdd8b50d5b91aa9fd0a1a4d086e8b2c6d2a6a6a46fd532ea93 |
| container_end_page | 15 |
| container_issue | 1 |
| container_start_page | 1 |
| container_title | Peer-to-peer networking and applications |
| container_volume | 10 |
| creator | Chaudhry, Shehzad Ashraf Naqvi, Husnain Sher, Muhammad Farash, Mohammad Sabzinejad Hassan, Mahmood Ul |
| description | Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarantee secure SIP based communication, a number of authentication schemes are proposed, typically most of these are based on smart card due to its temper resistance property. Recently Zhang et al. presented an authenticated key agreement scheme for SIP based on elliptic curve cryptography. However Tu et al. (Peer to Peer Netw. Appl 1–8,
2014
) finds their scheme to be insecure against user impersonation attack, furthermore they presented an improved scheme and claimed it to be secure against all known attacks. Very recently Farash (Peer to Peer Netw. Appl 1–10,
2014
) points out that Tu et al.’s scheme is vulnerable to server impersonation attack, Farash also proposed an improvement on Tu et al.’s scheme. However, our analysis in this paper shows that Tu et al.’s scheme is insecure against server impersonation attack. Further both Tu et al.’s scheme and Farash’s improvement do not protect user’s privacy and are vulnerable to replay and denial of services attacks. In order to cope with these limitations, we have proposed a privacy preserving improved authentication scheme based on ECC. The proposed scheme provides mutual authentication as well as resists all known attacks as mentioned by Tu et al. and Farash. |
| doi_str_mv | 10.1007/s12083-015-0400-9 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1879997396</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1879997396</sourcerecordid><originalsourceid>FETCH-LOGICAL-c415t-c0b0bef14fb66cbfdd8b50d5b91aa9fd0a1a4d086e8b2c6d2a6a6a46fd532ea93</originalsourceid><addsrcrecordid>eNp1kFtLxDAQhYMouF5-gG8FX3ypTtombR6XxcvCguLlOeS6dukmmrQL--9NqYgIMg8zA98ZzhyELjBcY4D6JuICmjIHTHKoAHJ2gGaYlTSnFYHDn7kqjtFJjBsAiktSzNDz3GXt9iP4ndGZcDobRyG7fRaNGoJJe7sTap-6iSbsWrfOxNC_G9e3SvStd6Oi98p3mfUhe1k-naEjK7pozr_7KXq7u31dPOSrx_vlYr7KVYVJnyuQII3FlZWUKmm1biQBTSTDQjCrQWBRaWioaWShqC4ETVVRq0lZGMHKU3Q13U0GPgcTe75tozJdJ5zxQ-S4qRljdcloQi__oBs_BJfcJYqQGgpGykThiVLBxxiM5en5rQh7joGPKfMpZZ5S5mPKfDRRTJqYWLc24dflf0Vfyh-A8Q</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1855702953</pqid></control><display><type>article</type><title>An improved and provably secure privacy preserving authentication protocol for SIP</title><source>Springer Nature</source><creator>Chaudhry, Shehzad Ashraf ; Naqvi, Husnain ; Sher, Muhammad ; Farash, Mohammad Sabzinejad ; Hassan, Mahmood Ul</creator><creatorcontrib>Chaudhry, Shehzad Ashraf ; Naqvi, Husnain ; Sher, Muhammad ; Farash, Mohammad Sabzinejad ; Hassan, Mahmood Ul</creatorcontrib><description>Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarantee secure SIP based communication, a number of authentication schemes are proposed, typically most of these are based on smart card due to its temper resistance property. Recently Zhang et al. presented an authenticated key agreement scheme for SIP based on elliptic curve cryptography. However Tu et al. (Peer to Peer Netw. Appl 1–8,
2014
) finds their scheme to be insecure against user impersonation attack, furthermore they presented an improved scheme and claimed it to be secure against all known attacks. Very recently Farash (Peer to Peer Netw. Appl 1–10,
2014
) points out that Tu et al.’s scheme is vulnerable to server impersonation attack, Farash also proposed an improvement on Tu et al.’s scheme. However, our analysis in this paper shows that Tu et al.’s scheme is insecure against server impersonation attack. Further both Tu et al.’s scheme and Farash’s improvement do not protect user’s privacy and are vulnerable to replay and denial of services attacks. In order to cope with these limitations, we have proposed a privacy preserving improved authentication scheme based on ECC. The proposed scheme provides mutual authentication as well as resists all known attacks as mentioned by Tu et al. and Farash.</description><identifier>ISSN: 1936-6442</identifier><identifier>EISSN: 1936-6450</identifier><identifier>DOI: 10.1007/s12083-015-0400-9</identifier><language>eng</language><publisher>New York: Springer US</publisher><subject>Authentication ; Authentication protocols ; Communications Engineering ; Computer Communication Networks ; Cryptography ; Cybersecurity ; Denial of service attacks ; Engineering ; Information Systems and Communication Service ; Multimedia ; Networks ; Peer to peer computing ; Privacy ; Servers ; Signal,Image and Speech Processing ; Smart cards ; Stopping</subject><ispartof>Peer-to-peer networking and applications, 2017-01, Vol.10 (1), p.1-15</ispartof><rights>Springer Science+Business Media New York 2015</rights><rights>Peer-to-Peer Networking and Applications is a copyright of Springer, 2017.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c415t-c0b0bef14fb66cbfdd8b50d5b91aa9fd0a1a4d086e8b2c6d2a6a6a46fd532ea93</citedby><cites>FETCH-LOGICAL-c415t-c0b0bef14fb66cbfdd8b50d5b91aa9fd0a1a4d086e8b2c6d2a6a6a46fd532ea93</cites><orcidid>0000-0002-9321-6956</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27922,27923</link.rule.ids></links><search><creatorcontrib>Chaudhry, Shehzad Ashraf</creatorcontrib><creatorcontrib>Naqvi, Husnain</creatorcontrib><creatorcontrib>Sher, Muhammad</creatorcontrib><creatorcontrib>Farash, Mohammad Sabzinejad</creatorcontrib><creatorcontrib>Hassan, Mahmood Ul</creatorcontrib><title>An improved and provably secure privacy preserving authentication protocol for SIP</title><title>Peer-to-peer networking and applications</title><addtitle>Peer-to-Peer Netw. Appl</addtitle><description>Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarantee secure SIP based communication, a number of authentication schemes are proposed, typically most of these are based on smart card due to its temper resistance property. Recently Zhang et al. presented an authenticated key agreement scheme for SIP based on elliptic curve cryptography. However Tu et al. (Peer to Peer Netw. Appl 1–8,
2014
) finds their scheme to be insecure against user impersonation attack, furthermore they presented an improved scheme and claimed it to be secure against all known attacks. Very recently Farash (Peer to Peer Netw. Appl 1–10,
2014
) points out that Tu et al.’s scheme is vulnerable to server impersonation attack, Farash also proposed an improvement on Tu et al.’s scheme. However, our analysis in this paper shows that Tu et al.’s scheme is insecure against server impersonation attack. Further both Tu et al.’s scheme and Farash’s improvement do not protect user’s privacy and are vulnerable to replay and denial of services attacks. In order to cope with these limitations, we have proposed a privacy preserving improved authentication scheme based on ECC. The proposed scheme provides mutual authentication as well as resists all known attacks as mentioned by Tu et al. and Farash.</description><subject>Authentication</subject><subject>Authentication protocols</subject><subject>Communications Engineering</subject><subject>Computer Communication Networks</subject><subject>Cryptography</subject><subject>Cybersecurity</subject><subject>Denial of service attacks</subject><subject>Engineering</subject><subject>Information Systems and Communication Service</subject><subject>Multimedia</subject><subject>Networks</subject><subject>Peer to peer computing</subject><subject>Privacy</subject><subject>Servers</subject><subject>Signal,Image and Speech Processing</subject><subject>Smart cards</subject><subject>Stopping</subject><issn>1936-6442</issn><issn>1936-6450</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><recordid>eNp1kFtLxDAQhYMouF5-gG8FX3ypTtombR6XxcvCguLlOeS6dukmmrQL--9NqYgIMg8zA98ZzhyELjBcY4D6JuICmjIHTHKoAHJ2gGaYlTSnFYHDn7kqjtFJjBsAiktSzNDz3GXt9iP4ndGZcDobRyG7fRaNGoJJe7sTap-6iSbsWrfOxNC_G9e3SvStd6Oi98p3mfUhe1k-naEjK7pozr_7KXq7u31dPOSrx_vlYr7KVYVJnyuQII3FlZWUKmm1biQBTSTDQjCrQWBRaWioaWShqC4ETVVRq0lZGMHKU3Q13U0GPgcTe75tozJdJ5zxQ-S4qRljdcloQi__oBs_BJfcJYqQGgpGykThiVLBxxiM5en5rQh7joGPKfMpZZ5S5mPKfDRRTJqYWLc24dflf0Vfyh-A8Q</recordid><startdate>20170101</startdate><enddate>20170101</enddate><creator>Chaudhry, Shehzad Ashraf</creator><creator>Naqvi, Husnain</creator><creator>Sher, Muhammad</creator><creator>Farash, Mohammad Sabzinejad</creator><creator>Hassan, Mahmood Ul</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7SC</scope><scope>7XB</scope><scope>88I</scope><scope>8AL</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8G5</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>GUQSH</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0N</scope><scope>M2O</scope><scope>M2P</scope><scope>MBDVC</scope><scope>P5Z</scope><scope>P62</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope><orcidid>https://orcid.org/0000-0002-9321-6956</orcidid></search><sort><creationdate>20170101</creationdate><title>An improved and provably secure privacy preserving authentication protocol for SIP</title><author>Chaudhry, Shehzad Ashraf ; Naqvi, Husnain ; Sher, Muhammad ; Farash, Mohammad Sabzinejad ; Hassan, Mahmood Ul</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c415t-c0b0bef14fb66cbfdd8b50d5b91aa9fd0a1a4d086e8b2c6d2a6a6a46fd532ea93</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Authentication</topic><topic>Authentication protocols</topic><topic>Communications Engineering</topic><topic>Computer Communication Networks</topic><topic>Cryptography</topic><topic>Cybersecurity</topic><topic>Denial of service attacks</topic><topic>Engineering</topic><topic>Information Systems and Communication Service</topic><topic>Multimedia</topic><topic>Networks</topic><topic>Peer to peer computing</topic><topic>Privacy</topic><topic>Servers</topic><topic>Signal,Image and Speech Processing</topic><topic>Smart cards</topic><topic>Stopping</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Chaudhry, Shehzad Ashraf</creatorcontrib><creatorcontrib>Naqvi, Husnain</creatorcontrib><creatorcontrib>Sher, Muhammad</creatorcontrib><creatorcontrib>Farash, Mohammad Sabzinejad</creatorcontrib><creatorcontrib>Hassan, Mahmood Ul</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>Science Database (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>Research Library (Alumni Edition)</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>Advanced Technologies & Aerospace Database (1962 - current)</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>ProQuest Central Student</collection><collection>Research Library Prep</collection><collection>SciTech Premium Collection (Proquest) (PQ_SDU_P3)</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Computing Database</collection><collection>ProQuest research library</collection><collection>ProQuest Science Journals</collection><collection>Research Library (Corporate)</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>Peer-to-peer networking and applications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Chaudhry, Shehzad Ashraf</au><au>Naqvi, Husnain</au><au>Sher, Muhammad</au><au>Farash, Mohammad Sabzinejad</au><au>Hassan, Mahmood Ul</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An improved and provably secure privacy preserving authentication protocol for SIP</atitle><jtitle>Peer-to-peer networking and applications</jtitle><stitle>Peer-to-Peer Netw. Appl</stitle><date>2017-01-01</date><risdate>2017</risdate><volume>10</volume><issue>1</issue><spage>1</spage><epage>15</epage><pages>1-15</pages><issn>1936-6442</issn><eissn>1936-6450</eissn><abstract>Session Initiation Protocol (SIP) has proved to be the integral part and parcel of any multimedia based application or IP-based telephony service that requires signaling. SIP supports HTTP digest based authentication, and is responsible for creating, maintaining and terminating sessions. To guarantee secure SIP based communication, a number of authentication schemes are proposed, typically most of these are based on smart card due to its temper resistance property. Recently Zhang et al. presented an authenticated key agreement scheme for SIP based on elliptic curve cryptography. However Tu et al. (Peer to Peer Netw. Appl 1–8,
2014
) finds their scheme to be insecure against user impersonation attack, furthermore they presented an improved scheme and claimed it to be secure against all known attacks. Very recently Farash (Peer to Peer Netw. Appl 1–10,
2014
) points out that Tu et al.’s scheme is vulnerable to server impersonation attack, Farash also proposed an improvement on Tu et al.’s scheme. However, our analysis in this paper shows that Tu et al.’s scheme is insecure against server impersonation attack. Further both Tu et al.’s scheme and Farash’s improvement do not protect user’s privacy and are vulnerable to replay and denial of services attacks. In order to cope with these limitations, we have proposed a privacy preserving improved authentication scheme based on ECC. The proposed scheme provides mutual authentication as well as resists all known attacks as mentioned by Tu et al. and Farash.</abstract><cop>New York</cop><pub>Springer US</pub><doi>10.1007/s12083-015-0400-9</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0002-9321-6956</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1936-6442 |
| ispartof | Peer-to-peer networking and applications, 2017-01, Vol.10 (1), p.1-15 |
| issn | 1936-6442 1936-6450 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1879997396 |
| source | Springer Nature |
| subjects | Authentication Authentication protocols Communications Engineering Computer Communication Networks Cryptography Cybersecurity Denial of service attacks Engineering Information Systems and Communication Service Multimedia Networks Peer to peer computing Privacy Servers Signal,Image and Speech Processing Smart cards Stopping |
| title | An improved and provably secure privacy preserving authentication protocol for SIP |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-14T10%3A20%3A52IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20improved%20and%20provably%20secure%20privacy%20preserving%20authentication%20protocol%20for%20SIP&rft.jtitle=Peer-to-peer%20networking%20and%20applications&rft.au=Chaudhry,%20Shehzad%20Ashraf&rft.date=2017-01-01&rft.volume=10&rft.issue=1&rft.spage=1&rft.epage=15&rft.pages=1-15&rft.issn=1936-6442&rft.eissn=1936-6450&rft_id=info:doi/10.1007/s12083-015-0400-9&rft_dat=%3Cproquest_cross%3E1879997396%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c415t-c0b0bef14fb66cbfdd8b50d5b91aa9fd0a1a4d086e8b2c6d2a6a6a46fd532ea93%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1855702953&rft_id=info:pmid/&rfr_iscdi=true |