Cryptanalysis and improvement of a SIP authentication scheme

Jun Zheng; Dongyun Wang

doi:10.1109/ICITEC.2014.7105601

Cryptanalysis and improvement of a SIP authentication scheme

Jun Zheng, Dongyun Wang

School of Cyberspace Science and Technology

Beijing Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

SIP (Session Initial Protocol) has been a very popular protocol for VoIP. However, the authentication of this protocol just derives from HTTP digest authentication, which has been demonstrated insecure in the open network. Recently, Arshad et al. proposed an improved mutual authentication scheme based on ECC and claimed that it's secure enough. In this paper, however, we point out that their protocol still could not resist offline password guessing attacks. Furthermore, we propose an ECC-based mutual authentication and key agreement scheme to overcome such a security problem. Also, an analysis of it is provided to indicate that compared to Arshad et al.'s scheme, this scheme reduces twice hash operation and is more secure with reasonable computation cost.

Original language	English
Title of host publication	Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	199-203
Number of pages	5
ISBN (Electronic)	9781479952984
DOIs	https://doi.org/10.1109/ICITEC.2014.7105601
Publication status	Published - 11 May 2014
Event	2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014 - Dalian, China Duration: 20 Dec 2014 → 21 Dec 2014

Publication series

Name	Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014

Conference

Conference	2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014
Country/Territory	China
City	Dalian
Period	20/12/14 → 21/12/14

Keywords

ECC
Key Agreement
Mutual Authentication
Password Guessing Attacks
Session Initial Protocol

Access to Document

10.1109/ICITEC.2014.7105601

Cite this

Zheng, J., & Wang, D. (2014). Cryptanalysis and improvement of a SIP authentication scheme. In Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014 (pp. 199-203). Article 7105601 (Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICITEC.2014.7105601

Zheng, Jun ; Wang, Dongyun. / Cryptanalysis and improvement of a SIP authentication scheme. Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 199-203 (Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014).

@inproceedings{d768ecdfaf874492871b843713f025c7,

title = "Cryptanalysis and improvement of a SIP authentication scheme",

abstract = "SIP (Session Initial Protocol) has been a very popular protocol for VoIP. However, the authentication of this protocol just derives from HTTP digest authentication, which has been demonstrated insecure in the open network. Recently, Arshad et al. proposed an improved mutual authentication scheme based on ECC and claimed that it's secure enough. In this paper, however, we point out that their protocol still could not resist offline password guessing attacks. Furthermore, we propose an ECC-based mutual authentication and key agreement scheme to overcome such a security problem. Also, an analysis of it is provided to indicate that compared to Arshad et al.'s scheme, this scheme reduces twice hash operation and is more secure with reasonable computation cost.",

keywords = "ECC, Key Agreement, Mutual Authentication, Password Guessing Attacks, Session Initial Protocol",

author = "Jun Zheng and Dongyun Wang",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014 ; Conference date: 20-12-2014 Through 21-12-2014",

year = "2014",

month = may,

day = "11",

doi = "10.1109/ICITEC.2014.7105601",

language = "English",

series = "Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "199--203",

booktitle = "Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014",

address = "United States",

}

Zheng, J & Wang, D 2014, Cryptanalysis and improvement of a SIP authentication scheme. in Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014., 7105601, Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014, Institute of Electrical and Electronics Engineers Inc., pp. 199-203, 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014, Dalian, China, 20/12/14. https://doi.org/10.1109/ICITEC.2014.7105601

Cryptanalysis and improvement of a SIP authentication scheme. / Zheng, Jun; Wang, Dongyun.
Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 199-203 7105601 (Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Cryptanalysis and improvement of a SIP authentication scheme

AU - Zheng, Jun

AU - Wang, Dongyun

PY - 2014/5/11

Y1 - 2014/5/11

N2 - SIP (Session Initial Protocol) has been a very popular protocol for VoIP. However, the authentication of this protocol just derives from HTTP digest authentication, which has been demonstrated insecure in the open network. Recently, Arshad et al. proposed an improved mutual authentication scheme based on ECC and claimed that it's secure enough. In this paper, however, we point out that their protocol still could not resist offline password guessing attacks. Furthermore, we propose an ECC-based mutual authentication and key agreement scheme to overcome such a security problem. Also, an analysis of it is provided to indicate that compared to Arshad et al.'s scheme, this scheme reduces twice hash operation and is more secure with reasonable computation cost.

AB - SIP (Session Initial Protocol) has been a very popular protocol for VoIP. However, the authentication of this protocol just derives from HTTP digest authentication, which has been demonstrated insecure in the open network. Recently, Arshad et al. proposed an improved mutual authentication scheme based on ECC and claimed that it's secure enough. In this paper, however, we point out that their protocol still could not resist offline password guessing attacks. Furthermore, we propose an ECC-based mutual authentication and key agreement scheme to overcome such a security problem. Also, an analysis of it is provided to indicate that compared to Arshad et al.'s scheme, this scheme reduces twice hash operation and is more secure with reasonable computation cost.

KW - ECC

KW - Key Agreement

KW - Mutual Authentication

KW - Password Guessing Attacks

KW - Session Initial Protocol

UR - http://www.scopus.com/inward/record.url?scp=84949929057&partnerID=8YFLogxK

U2 - 10.1109/ICITEC.2014.7105601

DO - 10.1109/ICITEC.2014.7105601

M3 - Conference contribution

AN - SCOPUS:84949929057

T3 - Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014

SP - 199

EP - 203

BT - Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014

Y2 - 20 December 2014 through 21 December 2014

ER -

Zheng J, Wang D. Cryptanalysis and improvement of a SIP authentication scheme. In Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 199-203. 7105601. (Proceedings of 2nd International Conference on Information Technology and Electronic Commerce, ICITEC 2014). doi: 10.1109/ICITEC.2014.7105601

Cryptanalysis and improvement of a SIP authentication scheme

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this