A new secure password authenticated key agreement scheme for SIP using self-certified public keys on elliptic curves

Abstract

Voice over Internet Protocol (VoIP) has received much attention and has became a real competitor to traditional Public Switched Telephone Networks (PSTNs), where the Session Initial Protocol (SIP) is widely used as a signaling protocol based on HTTP-like request/response exchange to establish multimedia sessions in both wireline and wireless world. However, the original authentication scheme for SIP-based service typically uses HTTP Digest authentication protocol, which is s not providing security at an acceptable level. In this paper, we present a new secure password authenticated key agreement scheme for SIP-based service using self-certified public keys (SCPKs) on elliptic curves. Due to using SCPKs on elliptic curve, the proposed scheme not only avoids the requirement of a large Public Key Infrastructure (PKI) but also achieve efficient performance in contrast to other public key cryptosystems. The main merits include: (1) it achieves mutual authentication and session key agreement; (2) it does not maintain any password or verification table in the server; (3) it prevents various possible attacks induced by open networks and the standard of SIP message; (4) it can be applied to authenticate the users with different SIP domains; (5) it provides the users to update password quickly and securely; and (6) it can avoid key escrow problem.