Abstract
Session initiation protocol (SIP), a widely used signal protocol for controlling multimedia communication sessions, is under numerous attacks when performing the authentication steps between the user and server. So secure authentication schemes are needed to be presented for SIP. Recently, Arshad et al. advanced novel schemes for SIP using elliptic curve cryptography (ECC) and claimed their schemes can resist various attacks. However, Lu et al. found that Arshad et al.’s scheme cannot resist trace and key-compromise impersonation attacks; hence, it cannot provide proper mutual authentication. Meanwhile, an enhanced scheme was advanced by Lu et al. and they stated that their scheme can stand up to possible known attacks. Nevertheless, in this paper, we conclude that Arshad and Nikooghadam’s scheme is insecure against impersonation attack and Lu et al.’s scheme is still vulnerable to impersonation attack. To overcome these weaknesses of their schemes, we present a novel anonymous ECC-based scheme for SIP. Security analysis and performance analysis show that our proposed scheme can resist various known attacks and efficient in the meantime.
Highlights
Session initiation protocol (SIP), a text-based application layer signaling control protocol, is used to create, modify, and release sessions between participators
SIP is widely used since 2002, the time when it was presented by the Internet Engineering Task Force (IETF) [1]
To overcome the shortcomings of Tsai’s scheme, Yoon et al proposed a scheme based on the elliptic curve discrete logarithm problem (ECDLP) for SIP and they claimed their scheme can resist various attacks while providing more efficiency than Tsai’s scheme
Summary
SIP (session initiation protocol), a text-based application layer signaling control protocol, is used to create, modify, and release sessions between participators. Many researchers devote to proposing secure and efficient schemes for SIP to prevent various attacks and provide mutual authentication between a legal user and server nowadays. To overcome the shortcomings of Tsai’s scheme, Yoon et al proposed a scheme based on the elliptic curve discrete logarithm problem (ECDLP) for SIP and they claimed their scheme can resist various attacks while providing more efficiency than Tsai’s scheme. To cover the demerits of Zhang et al.’s scheme, Lu et al advanced a Wireless Communications and Mobile Computing new scheme and they demonstrate that their scheme is resistant to possible known attacks while having lower computation cost than other related schemes. Irshad et al [11] demonstrated that Zhang et al.’s scheme is vulnerable to denial of service (DOS) attack and impersonation attack and advanced an improved scheme while optimizing the cost in their protocol. We observe that Lu et al.’s [13] scheme is insecure against server impersonation attack
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
