Designing a secure authentication scheme for session initial protocol (SIP) over internet protocol (VoIP) networks remains challenging. In this paper, we revisit the protocol of Zhang, Tang and Zhu (2015) and reveal that the protocol is vulnerable to key-compromise impersonation attacks. We then propose a SIP authenticated key agreement protocol (AKAP) using elliptic curve cryptography (ECC). We demonstrate the correctness of the protocol using Burrows-Abadi-Needham (BAN), and its security using the AVISPA simulation tool. We also evaluate its performance against those of Zhang, Tang and Zhu, and others.
Citation: Yanrong Lu, Dawei Zhao. An anonymous SIP authenticated key agreement protocol based on elliptic curve cryptography[J]. Mathematical Biosciences and Engineering, 2022, 19(1): 66-85. doi: 10.3934/mbe.2022003
Designing a secure authentication scheme for session initial protocol (SIP) over internet protocol (VoIP) networks remains challenging. In this paper, we revisit the protocol of Zhang, Tang and Zhu (2015) and reveal that the protocol is vulnerable to key-compromise impersonation attacks. We then propose a SIP authenticated key agreement protocol (AKAP) using elliptic curve cryptography (ECC). We demonstrate the correctness of the protocol using Burrows-Abadi-Needham (BAN), and its security using the AVISPA simulation tool. We also evaluate its performance against those of Zhang, Tang and Zhu, and others.
| [1] | C. E. Palau, J. Mares, B. Molina, M. Esteve, Wireless CDN video streaming architecture for IPTV, Multimedia Tools Appl., 53 (2011), 591–613. doi: 10.1007/s11042-010-0516-0. |
| [2] | H. S. Fard, A. G. Rahbar, Physical constraint and load aware seamless handover for IPTV in wireless LANs, Comput. Elec. Eng., 56 (2016), 222–242. doi: 10.1016/j.compeleceng.2016.01.005. |
| [3] | J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, et al., SIP: Session initiation protocol, RFC3261, 2543 (2002), 1–151. |
| [4] | J. Franks, P. {Hallam-Baker}, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, et al., HTTP Authentication: basic and digest access authentication, RFC2617, 2617 (1999), 1–34. |
| [5] | R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, et al., Hypertext transfer protocol – HTTP/1.1, RFC2616, 2068 (1997), 1–162. |
| [6] | H. Arshad, M. Nikooghadam, An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC, Multimedia Tools Appl., 1 (2016), 181–197. doi: 10.1007/s11042-014-2282-x. |
| [7] | M. Nikooghadam, H. Amintoosi, Perfect forward secrecy via an ECC-based authentication scheme for SIP in VoIP, J. Supercomput., 76 (2020), 3086–3104. doi: 10.1007/s11227-019-03086-z. |
| [8] | C. Y. Chen, K. D. Chang, H. C. Chao, Transaction-pattern-based anomaly detection algorithm for IP multimedia subsystem, IEEE Trans. Inf. Forensics Secur., 6 (2011), 152–161. doi: 10.1109/TIFS.2010.2095845. |
| [9] | Y. Zhang, X. Sun, B. Wang, Efficient algorithm for k-barrier coverage based on integer linear programming, China Commun., 13 (2016), 16–23. doi: 10.1109/CC.2016.7559071. |
| [10] | W. E. Chen, Y. L. Huang, H. C. Chao, NAT traversing solutions for SIP applications, Eur. J. Wireless Commun. Networking, 2008 (2008), 639528. doi: 10.1155/2008/639528. |
| [11] | T. Ma, J. Zhou, M. Tang, Y. Tian, A. {Al-Dhelaan}, M. {Al-Rodhaan}, et al., Social network and tag sources based augmenting collaborative recommender system, IEICE Trans. Inf. Syst., 98 (2015), 902–910. doi: 10.1587/transinf.2014EDP7283. |
| [12] | C. M. Huang, C. W. Lin, C. C. Yang, Mobility management for video streaming on heterogeneous networks, IEEE MultiMedia, 17 (2010), 35–35. doi: 10.1109/MMUL.2010.17. |
| [13] | T. Wu, R. Jhang, H. Chao, Efficient architecture and handoff strategy used for VoIP Sessions in SIP based wireless networks, Wireless Pers. Commun., 43 (2007), 201–214. doi: 10.1007/s11277-006-9218-3. |
| [14] | Y. Lu, G. Xu, L. Li, Y. Yang Anonymous three-factor authenticated key agreement for wireless sensor networks, Wireless Networks, 25 (2019), 1461–1475. doi: 10.1007/s11276-017-1604-0. |
| [15] | E. Wilde, Hypertext Transfer Protocol (HTTP), Springer, 1999. |
| [16] | C. C. Yang, R. C. Wang, W. T. Liu, Secure authentication scheme for session initiation protocol, Comput. Secur., 24 (2005), 381–386. doi: 10.1016/j.cose.2004.10.007. |
| [17] | A. Durlanik, I. Sogukpinar, SIP authentication scheme using ECDH, World Enformatika Soc. Trans. Eng. Comput. Technol., 1 (2007), 2659–2662. |
| [18] | N. Koblitz, A. Menezes, S. Vanstone, The state of elliptic curve cryptography, Designs Codes Cryptography, 19 (2000), 173–193. doi: 10.1023/A:1008354106356. |
| [19] | A. J. Menezes, S. A. Vanstone, P. C. Van Oorschot, Handbook of Applied Cryptography, CRC Press, 1996. |
| [20] | V. S. Miller, Use of Elliptic Curves in Cryptography, in Advances in cryptology–-CRYPTO 85 (ed. Hugh C Williams), Springer-VerlagBerlin, Heidelberg, (1985), 417–426. |
| [21] | R. Arshad, N. Ikram, Elliptic curve cryptography based mutual authentication scheme for session initiation protocol, Multimedia Tools Appl., 66 (2013), 165–178. doi: 10.1007/s11042-011-0787-0. |
| [22] | D. He, J. Chen, Y. Chen, A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography, Secur. Commun. Networks, 5 (2012), 1423–1429. doi: 10.1002/sec.506. |
| [23] | Y. Lu, L. Li, H. Peng, Y. Yang, An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography, Multimedia Tools Appl., 76 (2017), 1801–1815. doi: 10.1007/s11042-015-3166-4. |
| [24] | H. Tu, N. Kumar, N. Chilamkurti, S. Rho, An improved authentication protocol for session initiation protocol using smart card, Peer Peer Networking Appl., 8 (2015), 903–910. doi: 10.1007/s12083-014-0248-4. |
| [25] | L. Wu, Y. Zhang, F. Wang, A new provably secure authentication and key agreement protocol for SIP using ECC, Comput. Stand. Interfaces, 31 (2009), 286–291. doi: 10.1016/j.csi.2008.01.002. |
| [26] | E. J. Yoon, K. Y. Yoo, C. Kim, Y. S. Hong, M. Jo, H. Chen, A secure and efficient SIP authentication scheme for converged VoIP networks, Comput. Commun., 33 (2010), 1674–1681. doi: 10.1016/j.comcom.2010.03.026. |
| [27] | A. Irshad, M. Sher, E. Rehman, S. A. Ch, M. U. Hassan, A. Ghani, A single round-trip SIP authentication scheme for voice over Internet protocol using smart card, Multimedia Tools Appl., 74 (2015), 3967–3984. doi: 10.1007/s11042-013-1807-z. |
| [28] | H. L. Yeh, T. H. Chen, W. K. Shih, Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography, Comput. Stand. Interfaces, 36 (2014), 397–402. doi: 10.1016/j.csi.2013.08.010. |
| [29] | M. S. Farash, S. Kumari, M. Bakhtiari, Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography, Multimedia Tools Appl., 75 (2016), 4485–4504. doi: 10.1007/s11042-015-2487-7. |
| [30] | H. Arshad, M. Nikooghadam, Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol, J. Supercomput., 71 (2015), 3163–3180. doi: 10.1007/s11227-015-1434-8. |
| [31] | J. S. Tsai, Efficient nonce-based authentication scheme for session initiation protocol, Int. J. Network Secur., 1 (2009), 12–16. |
| [32] | L. Zhang, S. Tang, S. Zhu, An energy efficient authenticated key agreement protocol for SIP-based green VoIP networks, J. Network Comput. Appl., 59 (2016), 126–133. doi: 10.1016/j.jnca.2015.06.022. |
| [33] | AVISPA, Automated validation of internet security protocols and applications, Available from: http://www.avispa-project.org/. |
| [34] | AVISPA web tool, Available from: http://www.juniperresearch.com/viewpressrelease.php?pr=355. |
| [35] | N. Koblitz, A. Menezes, S. Vanstone, The state of elliptic curve cryptography, in Designs Codes Cryptography, 19 (2000), 173–193. doi: 10.1023/A:1008354106356. |
| [36] | M. Burrows, M. Abadi, R. M. Needham, A logic of authentication, ACM Trans. Comput. Syst., 8 (1990), 18–36. doi: 10.1098/rspa.1989.0125. |
| [37] | Y. Lu, G. Xu, L. Li, Y. Yang, Robust privacy-preserving mutual authenticated key agreement scheme in roaming service for global mobility networks, IEEE Syst. J., 13 (2019), 1454–1465. doi: 10.1109/JSYST.2018.2883349. |
| [38] | Y. Lu, M. Zhang, X. Zheng, An authentication framework in ICN-enabled industrial cyber-physical systems, in International Conference on Security and Privacy in New Computing Environments, (2021), 223–243. doi: 10.1007/978-3-030-66922-5_15. |
| [39] | PBC Library, Pairing Based Cryptography, Available from: http://crypto.stanford.edu/pbc/. |
| [40] | Ben Lynn, On the Implementation of Pairing-Based Cryptography, 2007. Available from: http://crypto.stanford.edu/pbc/thesis.pdf. |
| [41] | A. De Caro, V. Iovino, Java pairing based cryptography, in Proceedings of the 16th IEEE Symposium on Computers and Communications, (2011), 850–855. |
| [42] | M. Rao, T. Newe, I. Grout, A. Mathur, An FPGA-based reconfigurable IPSec AH core with efficient implementation of SHA-3 for high speed IoT applications, Secur. Commun. Networks, 9 (2016), 3282–3295. doi: 10.1002/sec.1533. |
| [43] | NIST, National Institute of Standards and Technology (NIST), 2001. Available from: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. |
Figures(7) / Tables(6)
Yanrong Lu, Dawei Zhao. An anonymous SIP authenticated key agreement protocol based on elliptic curve cryptography[J]. Mathematical Biosciences and Engineering, 2022, 19(1): 66-85. doi: 10.3934/mbe.2022003
DownLoad: