A provably secure anonymous authentication scheme for Session Initiation Protocol

Security and Communication Networks

Volumn 9, Issue 18, 2016, Pages 5016-5027

  Chaudhry, Shehzad Ashraf ^a   Khan, Imran ^a   Irshad, Azeem ^a   Ashraf, Muhammad Usman ^a   Khan, Muhammad Khurram ^b   Ahmad, Hafiz Farooq ^c  

^a INTERNATIONAL ISLAMIC UNIVERSITY   (Pakistan)

^b KING SAUD UNIVERSITY   (Saudi Arabia)

^c KING FAISAL UNIVERSITY   (Saudi Arabia)

Author keywords

authentication; correctness; impersonation attack; key agreement; password; provable security; PROVERIF

Indexed keywords

COPYRIGHTS; SECURITY SYSTEMS;

CORRECTNESS; IMPERSONATION ATTACK; KEY AGREEMENT; PASSWORD; PROVABLE SECURITY; PROVERIF;

AUTHENTICATION;

EID: 84995685454     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.1672     Document Type: Article

References (40)

1. Salsano S, Veltri L, Papalilo D. SIP security issues: the SIP authentication procedure and its processing load. IEEE Network 2002; 16(6): 38–44.
2. Arkko J, Camarillo G, Haukka T, Sen S, Torvinen V. Security mechanism agreement for SIP sessions. IETF Internet draft 2003.
3. Thomas M. SIP security requirements. IETF Internet Draft (draftthomas-sip-sec-reg'OO. txt) 2001.
4. Leng L, Teoh ABJ, Li M, Khan MK. A remote cancelable palmprint authentication protocol based on multi-directional two-dimensional PalmPhasor-fusion. Security and Communication Networks 2014; 7(11): 1860–1871.
5. Wang D, Wang P. On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Computer Networks 2014; 73: 41–57.
6. Wang D, Wang P. Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Networks 2014; 20: 1–15.
7. He D, Wang D. Robust biometrics-based authentication scheme for multiserver environment. IEEE Systems Journal 2015; 9(3): 816–823.
8. He D, Kumar N, Chilamkurti N. A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Information Sciences 2015; 321: 263–277.
9. Alizadeh M, Abolfazli S, Zamani M, Baharun S, Sakurai K. Authentication in mobile cloud computing: a survey. Journal of Network and Computer Applications 2016; 61: 59–80.
10. Alizadeh M, Baharun S, Zamani M, Khodadadi T, Darvishi M, Gholizadeh S, Ahmadi H. Anonymity and untraceability assessment of authentication protocols in proxy mobile IPv6. Jurnal Teknologi 2015; 72(5): 31–34.
11. Leach PJ, Franks J, Luotonen A, Hallam-Baker PM, Lawrence SD, Hostetler JL, Stewart LC. HTTP authentication: basic and digest access authentication. IETF RFC:2617 1999.
12. Yang CC, Wang RC, Liu WT. Secure authentication scheme for Session Initiation Protocol. Computers & Security 2005; 24(5): 381–386.
13. Denning DE, Sacco GM. Timestamps in key distribution protocols. Communications of the ACM 1981; 24(8): 533–536.
14. He D, Chen J, Chen Y. A secure mutual authentication scheme for Session Initiation Protocol using elliptic curve cryptography. Security and Communication Networks 2012; 5(12): 1423–1429.
15. Durlanik A, Sogukpinar I. SIP authentication scheme using ECDH. World Enformatika Socity Transations on Engineering Computing and Technology 2005; 8: 350–353.
16. Koblitz N. Elliptic curve cryptosystems. Mathematics of Computation 1987; 48(177): 203–209.
17. Liao YP, Wang SS. A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves. Computer Communications 2010; 33(3): 372–380.
18. Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan M. An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Networking and Applications 2015: 1–14. DOI: 10.1007/s12083-015-0400-9.
19. Chaudhry SA, Farash MS, Naqvi H, Sher M. A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electronic Commerce Research 2015; 16(1): 113–139.
20. Wu L, Zhang Y, Wang F. A new provably secure authentication and key agreement protocol for SIP using ECC. Computer Standards & Interfaces 2009; 31(2): 286–291.
21. Yoon EJ, Yoo KY, Kim C, Hong YS, Jo M, Chen HH. A secure and efficient SIP authentication scheme for converged VoIP networks. Computer Communications 2010; 33(14): 1674–1681.
22. Pu Q. Weaknesses of SIP authentication scheme for converged VoIP networks. IACR Cryptology ePrint Archive 2010; 2010: 464.
23. Gokhroo MK, Jaidhar CD, Tomar AS. Cryptanalysis of SIP secure and efficient authentication scheme. 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN), Xi'an, China, 2011; 308–310.
24. Tsai JL. Efficient nonce-based authentication scheme for Session Initiation Protocol. IJ Network Security 2009; 9(1): 12–16.
25. Yoon E-J, Yoo K-Y. Cryptanalysis of DS-SIP authentication scheme using ECDH. 2009 NISS'09 International Conference on New trends in Information and Service Science, Beijing, China, 2009; 642–647.
26. Yoon EJ, Shin YN, Jeon IS, Yoo KY. Robust mutual authentication with a key agreement scheme for the Session Initiation Protocol. IETE Technical Review 2010; 27(3): 203–213.
27. Xie Q. A new authenticated key agreement for Session Initiation Protocol. International Journal of Communication Systems 2012; 25(1): 47–54.
28. Farash MS, Attari MA. An enhanced authenticated key agreement for Session Initiation Protocol. Information Technology and Control 2013; 42(4): 333–342.
29. Zhang Z, Qi Q, Kumar N, Chilamkurti N, Jeong HY. A secure authentication scheme with anonymity for Session Initiation Protocol using elliptic curve cryptography. Multimedia Tools and Applications 2014; 74(10): 3477–3488.
30. Lu Y, Li L, Peng H, Yang Y. A secure and efficient mutual authentication scheme for Session Initiation Protocol. Peer-to-Peer Networking and Applications 2016; 9(2): 449–459.
31. Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Manzuri Shalmani MohammadT. On the power of power analysis in the real world: a complete break of the KEELOQ code hopping scheme. In Advances in Cryptology, CRYPTO 2008, Wagner D (ed.)., Lecture Notes in Computer Science, vol. 5157 Springer: Berlin Heidelberg, 2008; 203–220. http://dx.doi.org/10.1007/978354085174_12.
32. Dolev D, Yao AC. On the security of public key protocols. IEEE Transactions on Information Theory 1983; 29(2): 198–208.
33. Cao X, Zhong S. Breaking a remote user authentication scheme for multi-server architecture. Communications Letters, IEEE 2006; 10(8): 580–581.
34. Mishra D, Das AK, Mukhopadhyay S. A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications 2014; 41(18): 8129–8143.
35. Mir O, Nikooghadam M. A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wireless Personal Communications 2015; 83(4): 2439–2461.
36. Burrows M, Abadi M, Needham RM. A logic of authentication. Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering Sciences, vol. 426, The Royal Society: London, United Kingdom, 1989; 233–271.
37. Abadi M, Blanchet B, Comon-Lundh H. Models and proofs of protocol security: a progress report. Computer aided verification, Springer: Grenoble, France, 2009; 35–49.
38. Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK. An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks 2015: 1–13.
39. Xie Q, Hu B, Dong N, Wong DS. Anonymous three-party password-authenticated key exchange scheme for Telecare Medical Information Systems. PloS one 2014; 9(7): e102747.
40. Kilinc HH, Yanik T. A survey of SIP authentication and key agreement schemes. Communications Surveys & Tutorials, IEEE 2014; 16(2): 1005–1023.