Abstract
With the growth of the internet, development of IP based services has increased. Voice over IP (VoIP) technology is one of the services which works based on the internet and packet switching networks and uses this structure to transfer the multimedia data e.g. voices and images. Recently, Chaudhry et al., Zhang et al. and Nikooghadam et al. have presented three authentication and key agreement protocols, separately. However, in this paper, it is proved that the presented protocols by Chaudhry et al. and also Nikooghadam et al. do not provide the perfect forward secrecy, and the presented protocol by Zhang et al. not only is vulnerable to replay attack, and known session-specific temporary information attack, but also does not provide user anonymity, re-registration and revocation, and violation of fast error detection. Therefore, a secure and efficient two-factor authentication and key agreement protocol is presented. The security analysis proves that our proposed protocol is secure against various attacks. Furthermore, security of proposed scheme is formally analyzed using BAN logic and simulated by means of the AVISPA tool. The simulation results demonstrate security of presented protocol against active and passive attacks. The communication and computation cost of the proposed scheme is compared with previously proposed authentication schemes and results confirm superiority of the proposed scheme.
Highlights
What is VoIP2?VoIP stands for Voice over Internet Protocol and is sometimes called the internet telephone or telephone IP3
We present the possible attacks on the session initiation protocol (SIP) protocol: 1. Stolen verifier attack: In most of the password-based protocols, the user password gets stored in the server database in order to enable user authentication
If an attacker manages to get its hand on the information stored in these databases, it can forge the identity of the legitimate user or the server
Summary
VoIP stands for Voice over Internet Protocol and is sometimes called the internet telephone or telephone IP3. This technology makes it possible to use the internet for making phone calls and unlike the traditional phones based on wire lines, uses digital technology. The operation of the SIP protocol in the VoIP system is as follows:. In the SIP protocol, two-way authentication between the parties in a connection needs to be carried out in the following steps: Registration: At the registration step, the authentication mechanism must be used to prevent the registration of illegal users. Session setup: When making the call using the INVITE message, both parties need to authenticate the identity of the one on the other side. Session termination: When the session is being terminated by either one of the BYE or CANCEL messages, the identity of the party sending these messages should be confirmed for the user receiving the message
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
