Abstract
The Session Initiation Protocol (SIP) is an authentication protocol generally used as a signaling protocol to control communications on the Internet for establishing, maintaining and terminating sessions between different participants. Authentication is the most security service required for SIP. To provide secure communication, many authentication schemes for SIP have been proposed. In 2013 Farash et al. proposed an enhanced authenticated key agreement for SIP. They showed that their protocol is secured against several attacks. However, in this paper we show that Farash et al.’s protocol suffer from Denning-Sacco attack and Denial of service attack. To solve the problem, we propose an improved SIP authentication protocol. The security analysis shows that the proposed protocol is more secure and can resist to various attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP authentication: basic and digest access authentication (1999)
Handley, M., Schulzrinne, H., Schooler, E., Rosenberg, J.: SIP: Session Initiation Protocol (1999)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol (2002)
Yang, C.-C., Wang, R.-C., Liu, W.-T.: Secure authentication scheme for session initiation protocol. Comput. Secur. 24, 381–386 (2005)
Diffie, W., Hellman, M.: New directions in cryptology. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)
Huang, H., Wei, W., Brown, G.E.: A new efficient authentication scheme for session initiation protocol. In: Proceedings of the 9th Joint Conference on Information Sciences (2006)
Jo, H., Lee, Y., Kim, M., Kim, S., Won, D.: Of-line password guessing attack to Yang’s and Huang’s authentication schemes for session initiation protocol. In: Proceedings of the 5th International Joint Conference on INC, IMS and IDC (NCM 2009), pp. 618–621 (2009)
Durlanik, A., Sogukpinar, I.: SIP Authentication Scheme using ECDH. World EnformatikaSocityTransations on Engineering Computing and Technology, vol. 8, pp. 350–353 (2005)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Yoon, E.J., Yoo, K.Y.: Cryptanalysis of DS-SIP authentication scheme using ECDH. In: 2009 International Conference on New Trends in Information and Service Science, pp. 642–647 (2009)
Yoon, E.-J., Yoo, K.-Y., Kim, C., Hong, Y.-S., Jo, M., Chen, H.-H.: A secure and efficient SIP authentication scheme for converged VoIP networks. Comput. Commun. 33(14), 1674–1681 (2010)
Wu, L., Zhang, Y., Wang, F.: A new provably secure authentication and key agreement protocol for SIP using ECC. Comput. Stand. Interfaces 31(2), 286–291 (2009)
Yoon, E.J., Yoo, K.Y.: Cryptanalysis of NAKE protocol based on ECC for SIP and its improvement. In: Second International Conference on Future Generation Communication and Networking Symposia (2008)
Tsai, J.L.: Efficient nonce-based authentication scheme for session initiation protocol. Int. J. Netw. Secur. 8(3), 312–316 (2009)
Yoon, E.J., Yoo, K.Y.: A new authentication scheme for session initiation protocol. In: 2009 International Conference on Complex, Intelligent and Software Intensive Systems, CISIS 2009, pp. 549–554 (2009)
Liu, F.W., Koenig, H.: Cryptanalysis of a SIP authentication scheme. In: 12th IFIP TC6/TC11 International Conference, CMS 2011, Lecture Notes in Computer Science, vol. 7025, pp. 134–143 (2011)
Xie, Q.: A new authenticated key agreement for session initiation protocol. Int. J. Commun. Syst. 25(1), 47–54 (2012)
Farash, M.S.: An enhanced authenticated key agreement for session initiation protocol. Inf. Technol. Control 42(4), 333–342 (2013)
Tang, H., Liu, X.: Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol. Multimed. Tools Appl. 65(3), 165–178 (2013)
Mousavi-nik, S.S., et al.: Proposed secureSIP authentication scheme based on elliptic curve cryptography. Int. J. Comput. Appl. 58(8), 25–30 (2012). (0975–8887)
Arshad, R., Ikram, N.: Elliptic curve cryptography based mutual authentication scheme for session initiation protocol. Multimed. Tools Appl. 66(2), 165–178 (2013)
Nik, S.S.M., Shahrab, M.: Mutual SIP authentication scheme based on ECC. Int. J. Comput. Electr. Eng. 6(2), 196–200 (2014)
Azrour, M., Farhaoui, Y., Ouanan, M.: A new secure authentication and key exchange protocol for session initiation protocol using smart card. Int. J. Netw. Sec. 19(6), 870–879 (2017). doi:10.6633/IJNS.201711.19(6).02
Azrour, M., Ouanan, M., Farhaoui, Y.: Sip authentication protocols based on elliptic curve cryptography: survey and comparison. Indones. J. Electr. Eng. Comput. Sci. 4(1), 231–239 (2016)
Zhang, L., Tang, S., Cai, Z.: Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int. J. Commun Syst 27(11), 2691–2702 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Azrour, M., Ouanan, M., Farhaoui, Y. (2018). A New Secure SIP Authentication Scheme Based on Elliptic Curve Cryptography. In: Noreddine, G., Kacprzyk, J. (eds) International Conference on Information Technology and Communication Systems. ITCS 2017. Advances in Intelligent Systems and Computing, vol 640. Springer, Cham. https://doi.org/10.1007/978-3-319-64719-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-64719-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64718-0
Online ISBN: 978-3-319-64719-7
eBook Packages: EngineeringEngineering (R0)