A survey of SIP authentication and key agreement schemes

IEEE Communications Surveys and Tutorials

Volumn 16, Issue 2, 2014, Pages 1005-1023

  Kilinc, H Hakan ^a   Yanik, Tugrul ^b  

^a GEBZE TECHNICAL UNIVERSITY   (Turkey)

^b CELAL BAYAR UNIVERSITY   (Turkey)

Author keywords

Authentication Protocols; SIP; SIP Security

Indexed keywords

INTERNET TELEPHONY; NETWORK ARCHITECTURE; SECURITY SYSTEMS; SURVEYS; VOICE/DATA COMMUNICATION SYSTEMS;

AUTHENTICATION AND KEY AGREEMENT PROTOCOLS; AUTHENTICATION AND KEY AGREEMENTS; AUTHENTICATION PROTOCOLS; CRITICAL FACTORS; SECURITY FEATURES; SIP; SIP SECURITY; VOIP APPLICATIONS;

NETWORK SECURITY;

EID: 84901189762     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/SURV.2013.091513.00050     Document Type: Article

References (79)

1. H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications," Internet Engineering Task Force, 2003, rFC 3550.
2. J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler, "SIP: Session Initiation Protocol," Internet Engineering Task Force, 2002, rFC 3261.
3. G. Camarillo and M.-A. Garca-Martn, The 3G IP Multimedia Subsystem (IMS): Merging the Internet and the Cellular Worlds, Second Edition. WILEY, 2006.
4. D. Geneiatakis, A. Dagiouklas, G. Kambourakis, C. Lambrinoudakis, S. Gritzalis, S. Ehlert, and D. Sisalem, "Survey of security vulnerabilities in session initiation protocol," IEEE Commun. Surveys Tutorials, vol. 8, no. 3, pp. 68-81, 2006, iEEE Press.
5. D. Geneiatakis, C. Lambrinoudakis, and G. Kambourakis, "An ontology based-policy for deploying secure sip-based voip services," Computer and Security, vol. 27, no. 7-8, pp. 285-297, 2008, elsevier.
6. S. Salsano, L. Veltri, and D. Papalilo, "SIP Security Issues: The SIP Authentication Procedure and its Processing Load," IEEE Network, vol. 16, no. 6, pp. 38-44, 2002, nov/Dec.
7. R. Dantu, S. Fahmyb, H. Schulzrinne, and J. Cangussu, "Issues and Challenges in Securing VoIP," Computers & Security, vol. 28, no. 8, pp. 743-753, November 2009.
8. J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luo-tonen, and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication," Internet Engineering Task Force, 1999, rFC 2617.
9. T. Yanik, H. H. Kilinc, M. Sarioz, and S. S. Erdem, "Evaluating SIP Proxy Servers Based on Real Performance Data," in International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS2008), Edinburgh, Scotland, June 2008.
10. I. Dacosta and P. Traynor, "Proxychain: developing a robust and efficient authentication infrastructure for carrier-scale voip networks," in Proceedings of the 2010 USENIX conference on USENIX annual technical conference, ser. USENIXATC'10, 2010, pp. 10-10.
11. A. Keromytis, "A comprehensive survey of voice over ip security research," IEEE Commun. Surveys Tutorials, vol. 14, no. 2, pp. 514-537, Quarter.
12. S. Ehlert, D. Geneiatakis, and T. Magedanz, "Survey of network security systems to counter sip-based denial-of-service attacks," Computers & Security, vol. 29, no. 2, pp. 225-243, 2010.
13. B. Ramsdell and S. Turner, "Secure/multipurpose internet mail extensions (S/MIME) version 3.2 message specification," Internet Engineering Task Force, 2010, rFC 5741.
14. T. Dierks and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2," Internet Engineering Task Force, 2008, rFC 5246.
15. S. Kent and K. Seo, "Security architecture for the internet protocol," Internet Engineering Task Force, 2005, rFC 4301.
16. M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, "The secure real-time transport protocol (SRTP)," Internet Engineering Tas k Fo r c e, 2004, rFC 3711.
17. E. Rescorla and N. Modadugu, "Datagram transport layer security version 1.2," Internet Engineering Task Force, 2012, rFC 6347.
18. J. Peterson and C. Jennings, "Enhancements for authenticated identity management in the session initiation protocol (sip)," August 2006, http://www.ietf.org/rfc/rfc4474.txt.
19. D. E. Denning and G. M. Sacco, "Timestamps in Key Distribution Protocols," Communications of the ACM, vol. 24, no. 8, pp. 533-536, 1981.
20. U. S. N. I. of Standards and T. (NIST), "Announcing the advanced encryption standart (AES)," November 2001.
21. W. Diffie and M. Hellman, "New directions in cryptography," IEEE Trans. Inf. Theory, no. 22, pp. 644-654, 1976.
22. W. Diffie, "Innovations in internetworking." Norwood, MA, USA: Artech House, Inc., 1988, ch. The first ten years of public-key cryptography, pp. 510-527.
23. R. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Communications of the ACM, vol. 21, no. 2, p. 120126, 1978.
24. V. Miller, "Uses of elliptic curves in cryptography," in In Advances in Cryptology (Crypto 85). Springer Verlag LNCS 218, 1986, pp. 417-426.
25. N. Koblitz, "Elliptic curve cryptosystems," Math. Comp., no. 48, pp. 203-209, 1987.
26. I. for Electrical and E. E. I. S. 1363-2000, "Standard specifications for public key cryptography," January 2000.
27. A. Shamir, "Identity-based cryptosystems and signature schemes," in Proceedings of CRYPTO 84 on Advances in cryptology. New York, NY, USA: Springer-Verlag New York, Inc., 1985, pp. 47-53.
28. D. Boneh and M. Franklin, "Identity-based encryption from the Weil pairing," SIAM J. Computing, vol. 32, no. 3, pp. 586-615, 2003, extended abstract in Crypto'01.
29. D. Knuth, The Art of Computer Programming, 3rd ed. Addison-Wesley, 1997, vol. 2.
30. D. Hankerson, A. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography. New York: Springer-Verlag, 2004.
31. S. M. Bellovin and M. Merritt, "Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attacks," in IEEE Symposium on Research in Security and Privacy, 1992, pp. 72-84. (Pubitemid 23569189)
32. D. Jablon, "Strong password-only authenticated key exchange," ACM Computer Communications Review, vol. 26, no. 5, pp. 5-26, 1996.
33. P. M. V. Boyko and S. Patel, "Provably secure password authenticated key exchange using diffie-hellman," in In Eurocrypt 00, 2000.
34. S. Bellovin and M. Merritt, "Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and passwordfile compromise," in In ACM Conference on Computer and Communications Security, 1993, pp. 244-250.
35. T. Kwon, "Authentication and key agreement via memorable passwords," in In Proc. ISOC Network and Distributed System Security (NDSS), 2001.
36. C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in a Public World, Second Edition. Prentice-Hall, 2002.
37. C.-C. Yang, R.-C. Wang, and W.-T. Liu, "Secure Authentication Scheme for Session Initiation Protocol," Computers & Security, vol. 24, pp. 381-386, August 2005. (Pubitemid 41252265)
38. H. Jo, Y. Lee, M. Kim, S. Kim, and D. Won, "Off-Line Password-Guessing Attack to Yang's and Huang's Authentication Schemes for Session Initiation Protocol," in Fifth International Joint Conference on INC, IMS and IDC, Los Alamitos, CA, USA, 2009, pp. 618-621.
39. H.-F. Huang and W.-C. Wei, "A New Efficient Authentication Scheme for Session Initiation Protocol," in 9th Joint Conference on Information Sciences(JCIS 2006), Koahsiung, Taiwan, October 2006.
40. Y.-P. Liao and S.-S. Wang, "A Secure Authentication Protocol for SIP," in International Conference on Innovation Management (ICIM 2009), Wuhan, China, December 2009.
41. J. L. Tsai, "Efficient Nonce-based Authentication Scheme for Session Initiation Protocol," International Journal of Network Security, vol. 8, no. 3, pp. 312-316, 2009.
42. E.-J. Yoon and K.-Y. Yoo, "A New Authentication Scheme for Session Initiation Protocol," in International Conference on Complex, Intelligent and Software Intensive Systems, Fukuoka, Japan, March 2009.
43. A. Durlanik and I. Sogukpinar, "SIP Authentication Scheme using ECDH," Enformatika, vol. 8, pp. 350-353, 2005.
44. E.-J. Yoon and K.-Y. Yoo, "Cryptanalysis of DS-SIP Authentication Scheme Using Ecdh," in Proceedings of the 2009 International Conference on New Trends in Information and Service Science, Washington, DC, USA, 2009, pp. 642-647.
45. L. Wu, Y. Zhang, and F. Wang, "A New Provably Secure Authentication and Key agreement protocol for sip using ecc," Computer Standard & Interfaces, vol. 31, no. 2, pp. 286-291, 2009.
46. R. Canetti and H. Krawczyk, "Analysis of key-exchange protocols and their use for building secure channels," Pfitzmann ed.Proceedings of Eurocrpt 2001. Lecture Notes in Computer Science, vol. 2045, pp. 453-474.
47. J. Choi, S. Jung, K. Bae, and H. Moon, "A lightweight authentication and hop-by-hop security mechanism for sip network," in Advanced Technologies for Communications, Hanoi, 6-9 Oct 2008, pp. 235-238.
48. E.-J. Yoon, Y.-N. Shin, I.-S. Jeon, and K.-Y. Yoo, "Robust mutual authentication with a key agreement scheme for the session initiation protocol," IETE Technical Review, vol. 27, 2010.
49. E.-J. Yoon, K.-Y. Yoo, C. Kim, Y.-S. Hong, M. Jo, and H.-H. Chen, "A Secure and Efficient SIP Authentication Scheme for Converged VoIP Networks," Computer Communications, vol. 33, no. 14, pp. 1674-1681, 2010.
50. D. Geneiatakis and C. Lambrinoudakis, "A lightweight protection mechanism against signaling attacks in a sip-based voip environment." Telecommunication Systems, vol. 36, no. 4, pp. 153-159, 2007.
51. H. Krawczyk, M. Bellare, and R. Canetti, "Hmac: Keyed-hashing for message authentication," February 1997, rFC2104.
52. C. Tao, G. Qiang, and H. Baohong, "A lightweight authentication scheme for session initiation protocol," in Proc. IEEE Inter-national Conference on Communications, Circuits and Systems (ICCCAS), 2008, p. 502505.
53. C.-C. Lee, "On security of an efficient nonce-based authentication scheme for sip," International Journal of Network Security, vol. 9, no. 3, pp. 201-203, November 2009.
54. L. Lamport, "Password authentication with insecure communication," Commun. ACM, vol. 24, no. 11, pp. 770-772, Nov. 1981.
55. R. Srinivasan, V. Vaidehi, K. Harish, K. LakshmiNarasimhan, S. Lokesh-werBabu, and V. Srikanth, "Authentication of Signaling in VoIP Applications," in 11th Asia Pacific Conference on Communication(APCC), Perth, Australia, October 2005.
56. A. M. Nodooshan, Y. Darmani, R. Jalili, and M. Nourani, "A Robust and Efficient SIP Authentication Scheme," Communications in Computer and Information Science, vol. 6, pp. 551-558, 2009.
57. P. Vesterinen, "User Authentication in SIP," Tech. Rep., December 2006, tKK T-110.5290 seminar on Network Security.
58. L. Kong, V. A. Balasubramaniyan, and M. Ahamad, "A Lightweight Scheme for Securely and Reliably Locating SIP Users," in IEEE/IFIP Network Operations & Management Symposium, Vancouver, Canada, April 2006.
59. C. Y. Yeun, K. Han, and K. Kim, "New Novel Approaches for Securing VoIP Applications," in Sixth International Workshop for Applied PKC (IWAP 2007), Perth, Western Australia, 3-4 December 2007.
60. "http://www.avispa-project.org
61. Y.-P. Liao and S.-S. Wang, "A New Secure Password Authenticated Key Agreement Scheme for SIP using Self-certified Public Keys on Elliptic Curves," Computer Communications, vol. 33, no. 3, pp. 372-380, 2010.
62. F. Wang and Y. Zhang, "A New Provably Secure Authentication and Key Agreement Mechanism for SIP using Certificateless Public-Key Cryptography," Computer Communication, pp. 2142-2149, 2008.
63. J. Ring, K.-K. R. Choo, E. Foo, and M. Looi, "A New Authentication Mechanism and Key Agreement Protocol for SIP Using Identity-based Cryptography," in AusCERT Asia Pacific Information Technology Security Conference, Gold Coast, Australia, 23 May 2006.
64. L. Chen and C. Kudla, "Identity based authenticated key agreement protocols from pairings," CSFW, p. 219233, 2003, iEEEComputerSo-cietyPress, (Corrected version at http://eprint.iacr.org/2002/184/).
65. K. Han, C. Yeun, and K. Kim, "Design of Secure VoIP using ID-Based Cryptosystem," in The Symposium on Cryptography and Information Security (SCIS2008), Miyazaki, Japan, Jan.22-25 2008.
66. A. A. Hasib, A. Azfar, and M. S. Morshed, "Towards public key infrastructure less authentication in session initiation protocol," CoRR, vol. abs/1002.1160, 2010.
67. F. Hess, "Efficient Identity Based Signature Schemes Based on Pairings," in Proceedings of the 9thWorkshop on Selected Areas in Cryptography. Springer-Verlag, 2003, pp. 310-324, LNCS 2595.
68. T. Okamoto, R. Tso, and E. Okamoto, "One-way and two-party authenticated id-based key agreement protocols using pairing," Modeling Decisions for Artificial Intelligence, vol. 3558/2005, pp. 122-133, 2005.
69. H. K. Patil and D. Willis, "Identity based authentication in the session initiation protocol," February 2008, http://tools.ietf.org/html/ draft-kupwade-sip-iba-00.
70. B. Lynn, "Authenticated identity-based encryption," Cryptology ePrint Archive, Report 2002/072, 2002, http://eprint.iacr.org/2002/072.
71. C. Gentry and A. Silverberg, "Hierarchical id-based cryptography," in Proc. Asiacrypt 2002. Springer-Verlag, 2002, pp. 548-566, vol. 2501 of Lecture Notes on Computer Science.
72. S. S. M. Chow, T. H. Yuen, L. C. K. Hui, and S. M. Yiu, "Signcryption in hierarchical identity based cryptosystem," Security and Privacy in the Age of Ubiquitous Computing IFIP Advances in Information and Communication Technology, vol. 181/2005, pp. 443-457, 2005.
73. B. Lynn, "Pairing-based cryptography library," available at http://crypto.stanford.edu/pbc/.
74. S. Al-Riyami and K. Paterson, "Certificateless public key cryptography," Advances in Cryptology-Asiacrypt 2003, Lecture Notes in Computer Science, vol. 2894, pp. 452-473.
75. H. H. Kilinc, Y. Allaberdiyev, and T. Yanik, "Performance Evaluation of ID Based Authentication Methods in the SIP Protocol," in Application of Information And Communication Technologies 3rd IEEE International Conference(AICT 2009), Oct. 2009.
76. J. C. Choon and J. H. Cheon, "An Identity-Based Signature from Gap Diffie-Hellman Groups," in 6th International Workshop on Practice and Theory in Public Key Cryptography (PKC2003), Miami, FL, USA, January 68 2003, pp. 18-30, LNCS 2567. (Pubitemid 137638339)
77. "http://www.opensips.org/.
78. L. Ni, G. Chen, and J. Li, "A pairing-free identity-based authenticated key agreement mechanism for sip," in Proceedings of the 2011 International Conference on Network Computing and Information Security-Volume 01, ser. NCIS '11. Washington, DC, USA: IEEE Computer Society, 2011, pp. 209-217.
79. "http://www.madboa.com/geek/openssl/.