Cryptanalysis of Arshad et al.'s ECC-based mutual authentication scheme for session initiation protocol

Authors:
Hongbin Tang;Xinsong Liu
Affiliations:
School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China 610054;School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China 610054
Venue:
Multimedia Tools and Applications
Year:
2013

Citing 10
Cited 0

Timestamps in key distribution protocols

Communications of the ACM
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Cryptanalysis of DS-SIP Authentication Scheme Using ECDH

NISS '09 Proceedings of the 2009 International Conference on New Trends in Information and Service Science
A Three-Factor Authenticated Key Agreement Scheme for SIP on Elliptic Curves

NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Cryptanalysis of a SIP authentication scheme

CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Survey of security vulnerabilities in session initiation protocol

IEEE Communications Surveys & Tutorials
New directions in cryptography

IEEE Transactions on Information Theory
A new authenticated key agreement for session initiation protocol

International Journal of Communication Systems
SIP security issues: the SIP authentication procedure and its processing load

IEEE Network: The Magazine of Global Internetworking
Elliptic curve cryptography based mutual authentication scheme for session initiation protocol

Multimedia Tools and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Session Initiation Protocol (SIP) has been widely used in the current Internet protocols such as Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). However, the original SIP authentication scheme was insecure and many researchers tried to propose schemes to overcome the flaws. In the year 2011, Arshad et al. proposed a SIP authentication protocol using elliptic curve cryptography (ECC), but their scheme suffered from off-line password guessing attack along with password change pitfalls. To conquer the mentioned weakness, we proposed an ECC-based authentication scheme for SIP. Our scheme only needs to compute four elliptic curve scale multiplications and two hash-to-point operations, and maintains high efficiency. The analysis of security of the ECC-based protocol shows that our scheme is suitable for the applications with higher security requirement.