Authors: Haoran Chen; Jianhua Chen; Han Shen
Addresses: Department of Mathematics and Statistics, Wuhan University, Wuhan 430072, China ' Department of Mathematics and Statistics, Wuhan University, Wuhan 430072, China ' Department of Mathematics and Statistics, Wuhan University, Wuhan 430072, China
Abstract: As a lightweight and flexible signalling protocol, session initiation protocol (SIP) has been widely used for establishing, modifying and terminating the sessions in the multimedia environment. The increasing concerns about the security of communication sessions that run over the public Internet has made authentication protocols for SIP more desired. Recently, Lu et al. proposed an authentication scheme for SIP and claimed that their scheme is secure against various known attacks while maintaining efficiency. However, in this paper we will indicate that their protocol suffers from server spoofing attacks and failed to provide mutual authentication as they claimed. Further, we have presented an improved authentication protocol for SIP and proved its security using BAN logic. Though the security and performance analysis, we illustrate that the proposed scheme is more secure and flexible.
Keywords: mutual authentication; session initiation protocol; SIP; elliptic curve; key agreement; communication security.
International Journal of Electronic Security and Digital Forensics, 2017 Vol.9 No.2, pp.132 - 149
Received: 01 Jul 2016
Accepted: 12 Dec 2016
Published online: 07 Apr 2017 *