SummaryRecently, Chaudhry et al and Kumari et al proposed an advanced mutual authentication protocol for Session Initiation Protocol on the basis of the protocol of Lu et al. The authors claimed that their schemes can be resistant to various attacks. Unfortunately, we observe some important flaws in their respective schemes. We point out that their schemes are prone to off‐line password guessing and privileged insider attacks. To remedy their protocols's drawbacks, in this paper, we present a new improved authentication scheme keeping apart the threats encountered in the design of the schemes of Chaudhry et al and Kumari et al. Furthermore, the security analysis illustrates that our proposed scheme not only removes these drawbacks in their schemes but also can resist all known attacks and provide session key security. We give a heuristic security analysis and also provide the security analysis of the proposed scheme with the help of widespread Burrows‐Abadi‐Needham Logic. Finally, our scheme is compared with the previously proposed schemes on security and performance.
Read full abstract