Abstract
Session initiation protocol (SIP) is the most widely used application layer control protocol for creating, modifying, and terminating session processes. Many authentication schemes have been proposed for SIP aimed at providing secure communication. Recently, a new authentication and key agreement scheme for SIP has been proposed, and it was claimed that it could resist a variety of attacks. However, in this paper, we show that this scheme is vulnerable to an offline password guessing attack and a stolen memory device attack. Furthermore, we show that it lacks the verification mechanism for a wrong password, and that the password updating process is not efficient. To mitigate the flaws and inefficiencies of this scheme, we design a new robust mutual authentication with a key agreement scheme for SIP. A security analysis revealed that our proposed scheme was robust to several kinds of attacks. In addition, the proposed scheme was simulated by the automatic cryptographic protocol tool ProVerif. A performance analysis showed that our proposed scheme was superior to other related schemes.
Highlights
Session initiation protocol (SIP) is an application layer control protocol proposed and studied by the Internet Engineering Task Force (IETF) on the Internet Protocol (IP) network for multimedia communication
An important feature of SIP is that it does not define the type of a session to establish, but only defines how to manage a session
Lin et al.’s scheme lacks a verification mechanism for a wrong password and the password updating process is not efficient. To overcome these flaws and inefficiencies, we propose a robust mutual authentication with a key agreement scheme
Summary
National Demonstration Center for Experimental Electronic Information and Electrical Technology.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
