Skip to main content
SpringerLink
Log in

An improved smart card based authentication scheme for session initiation protocol

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Sessioninitiation protocol (SIP) reformed the controlling routine of voice over Internet Protocol based communication over public channels. SIP is inherently insecure because of underlying open text architecture. A number of solutions are proposed to boost SIP security. Very recently Farash (Peer to Peer Netw. Appl. 1–10, 2014) proposed an enhanced protocol to improve the security of Tu et al.’s protocol (Peer to Peer Netw. Appl. 1–8, 2014). Further, Farash claimed his protocol to be secure against all known attacks. However, in this paper we show that Farash’s protocol is insecure against impersonation attack, password guessing attack, lacks user anonymity and is vulnerable to session-specific temporary information attack. Further, we have proposed an upgraded protocol to enhance the security. The security and performance analysis shows that the proposed protocol reduced one point multiplication as compared with Farash’s protocol, while resisting all known attacks. We have proved the security of proposed protocol using automated tool ProVerif.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Guo P, Wang J, Geng XH, Kim CS, Kim J-U (2014) A variable threshold-value authentication architecture for wireless mesh networks. Journal of Internet Technology 15(6):929–935

    Google Scholar 

  2. Farash MS, Chaudhry SA, Heydari M, Sadough S, Mohammad S, Kumari S, Khan MK A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int J Commun Syst. doi:10.1002/dac.3019

  3. Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Information Technology And Control 42(4):333–342

    Article  Google Scholar 

  4. ul Amin N, Asad M, Din N, Ashraf Ch S (2012) An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. In: 2012 9th IEEE International Conference on networking, sensing and control (ICNSC). IEEE, pp 118–121

  5. Farash MS, Attari MA An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. Int J Commun Syst. doi:10.1002/dac.2848

  6. Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2013) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications:1–18

  7. Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ch SA A secure authentication scheme for session initiation protocol by using ecc on the basis of the tang and liu scheme, Security and Communication Networks

  8. Giri D, Srivastava PD (2007) An asymmetric cryptographic key assignment scheme for access control in tree structural hierarchies. IJ Netw Secur 4(3):348–354

    Google Scholar 

  9. Islam SH, Khan MK (2014) Provably secure and pairing-free identity-based handover authentication protocol for wireless mobile networks. Int J Commun Syst. n/a–n/a doi:10.1002/dac.2847

  10. Islam S, Khan M Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J Med Syst 38(10). doi:10.1007/s10916-014-0135-9

  11. Islam S, Biswas G (2011) A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84(11):1892–1898

    Article  Google Scholar 

  12. Liu J, Zhang Z, Chen X, Kwak KS (2014) Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Transactions on Parallel and Distributed Systems 25(2):332–342

    Article  Google Scholar 

  13. Jiang Q, Ma J, Tian Y (2015) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang et al. Int J Commun Syst 28(7):1340–1351

    Article  Google Scholar 

  14. Jiang Q, Ma J, Li G, Yang L (2014) An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wirel Pers Commun 77(2):1489–1506

    Article  Google Scholar 

  15. Jiang Q, Ma J, Lu X, Tian Y (2014) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Networking and Applications:1–12. doi:10.1007/s12083-014-0285-z

  16. Li X, Niu J, Liao J, Liang W (2015) Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. Int J Commun Syst 28(2):374–382. doi:10.1002/dac.2676

    Article  Google Scholar 

  17. Kumari S, Khan MK (2014) Cryptanalysis and improvement of a robust smart-card-based remote user password authentication scheme. Int J Commun Syst 27(12):3939–3955. doi:10.1002/dac.2590

    Article  Google Scholar 

  18. He D, Wang D (2014) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J PP(99):1–8. doi:10.1109/JSYST.2014.2301517

    Google Scholar 

  19. He D, Chen J, Chen Y (2012) A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks 5(12):1423–1429. doi:10.1002/sec.506

    Article  Google Scholar 

  20. Mehmood Z, Nizamuddin N, Ch S, Nasar W, Ghani A (2012) An efficient key agreement with rekeying for secured body sensor networks. In: 2012 2nd international conference on digital information processing and communications (ICDIPC). IEEE, pp 164–167

  21. Chaudhry SA, Naqvi H, Shon T, Sher M, Farash M Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6). doi:10.1007/s10916-015-0244-0

  22. He D, Kumar N, Chilamkurti N A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf Sci. doi:10.1016/j.ins.2015.02.010

  23. He D, Zeadally S (2015) Authentication protocol for an ambient assisted living system. IEEE Commun Mag 53(1):71–77

    Article  Google Scholar 

  24. Amin R, Biswas G (2015) An improved rsa based user authentication and session key agreement protocol usable in tmis. J Med Syst 39(8):1–14

    Google Scholar 

  25. Amin R, Biswas G (2015) A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J Med Syst 39(8):1–19

    Google Scholar 

  26. Amin R, Biswas G (2015) A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J Med Syst 39(3):1–17

    Article  Google Scholar 

  27. Zhang L, Tang S, Cai Z (2014) Efficient and flexible password authenticated key agreement for voice over internet protocol session initiation protocol using smart card. Int J Commun Syst 27(11):2691–2702. doi:10.1002/dac.2499

    Google Scholar 

  28. Tu H, Kumar N, Chilamkurti N, Rho S (2014) An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Networking and Applications:1–8. doi:10.1007/s12083-014-0248-4

  29. Farash M (2014) Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications:1–10. doi:10.1007/s12083-014-0315-x

  30. Miller VS (1986) Use of elliptic curves in cryptography. In: Advances in Cryptology CRYPTO 85 Proceedings. Springer, pp 417–426

  31. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209

    Article  MATH  MathSciNet  Google Scholar 

  32. (2000) Certicom research standard for efficient cryptography, sec 1,ec cryptography. ver. 1.0, Tech. rep

  33. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  34. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in Cryptology CRYPTO 99. Springer, pp 388–397

  35. Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. In: Advances in Cryptology EUROCRYPT 2001. Springer, pp 453–474

  36. Bellare M, Rogaway P (1994) Entity authentication and key distribution. In: CRYPTO 93 Advances in Cryptology. Springer, pp 232–249

  37. Bellare M, Rogaway P (1995) Provably secure session key distribution: the three party case. In: Proceedings of the twenty-seventh annual ACM symposium on Theory of computing. ACM, pp 57–66

  38. Chaudhry SA, Farash M, Naqvi H, Sher M (2015) A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron Commer Res:1–27. doi:10.1007/s10660-015-9192-5

  39. Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks:1–13. doi:10.1002/sec.1299

  40. Xie Q, Dong N, Wong DS, Hu B Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. Int J Commun Syst. doi:10.1002/dac.2858

  41. Chaudhry SA, Naqvi H, Sher M, Farash MS, ul Hassan M (2015) An improved and provably secure privacy preserving authentication protocol for SIP, Peer to peer networking and applications. doi:10.1007/s12083-015-0400-9

Download references

Acknowledgments

This research is supported by the National Natural Science Foundation of China under Grant No. 61300220, and it is also supported by PAPD and CICAEET and Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369. The authors also extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16).

Author information

Authors and Affiliations

  1. Department of Mathematics, Ch. Charan Singh University, Meerut, 250004, Uttar Pradesh, India

    Saru Kumari

  2. Department of Computer Science & Software Engineering, International Islamic University, Islamabad, Pakistan

    Shehzad Ashraf Chaudhry

  3. Department of Computer Science and Engineering, Xiamen Institute of Technology, Xiamen, 361021, China

    Fan Wu

  4. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411201, China

    Xiong Li

  5. Nanjing University of Information Science and Technology, Nanjing, 210044, China

    Xiong Li

  6. Department of Mathematics and Computer Sciences, Kharazmi University, Tehran, Iran

    Mohammad Sabzinejad Farash

  7. Center of Excellence in Information Assurance (CoEIA), King Saud University, Riyadh, Kingdom of Saudi Arabia

    Muhammad Khurram Khan

Authors
  1. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohammad Sabzinejad Farash
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saru Kumari.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumari, S., Chaudhry, S.A., Wu, F. et al. An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw. Appl. 10, 92–105 (2017). https://doi.org/10.1007/s12083-015-0409-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-015-0409-0

Keywords

Search

Navigation