A Secure Lightweight Mutual Authentication Scheme for VoIP based on Smart Card

Document Type : Original Article

Authors

1 ferdowsi University of Mashhad

2 Ferdowsi University of Mashhad

Abstract

With the widespread use of Voice over IP (VoIP) technology to transmit multimedia such as voice and video, Session Initiation Protocol (SIP) has been the focus of many research. To establish a secure communication channel between the two parties using SIP, authentication of the parties is of the utmost importance. Many research has been done on authentication protocols in recent years, including the lightweight VoIP authentication scheme presented by Zhang et al. In this article, we first prove that Zhang's authentication scheme is not robust against known-session-specific temporary information attack and does not meet the security requirement of perfect forward secrecy. In addition, we present a lightweight and efficient authentication protocol and show that the proposed protocol is resistant to various attacks and is capable of meeting essential security requirements such as perfect forward secrecy and user anonymity. We have also examined the performance of the proposed protocol in terms of computational complexity and have shown that the proposed method has less computational complexity compared to most similar methods. Finally, we prove the correctness of the proposed protocol with Scyther and Proverif tools.

Keywords

Main Subjects

References

[1] Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A, Stewart L Http
authentication: Basic and digest access authentication. In: IETF RFC2617, 1999.
[2] Yeh H., Chen T., Shih W., Robust smart card secured authentication scheme on SIP using Elliptic Curve Cryptography. Computer Standards & Interfaces; 2014, vol. 36, no.2, pp: 397-402.
[3] Zhang L, Tang S, Zhu S, An energy e_cient authenticated key agreement protocol for SIP-based green VoIP networks, J Netw Comput Appl, 2016, vol. 59, pp. 126-133.
 [4] Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU. An improved and provably secure privacy preserving authentication protocol for sip. Peer-to-Peer Networking and Applications, 2017, vol. 10, no. 1, pp. 1-15.
[5] Sourav S., Odelu V., Prasath R., Enhanced Session Initiation Protocols for Emergency Healthcare Applications. In: Thampi S., Madria S., Wang G., Rawat D., Alcaraz Calero J. (eds) Security in Computing and Communications (SSCC), Communications in Computer and Information Science, 2018, vol 969, pp 278-289.
[6] Arshad H, Nikooghadam M. An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimedia Tools and Applications 2016, vol. 75, no.1, pp.181-197.
[7] H. Arshad and M. Nikooghadam, ‘‘Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol,’’ J. Supercomput., 2015, vol. 71, no. 8, pp. 3163–3180. [8] Dhillon, P.K.; Kalra, S. Secure and efficient ECC based SIP authentication scheme for VoIP communications in internet of things. Multimed.ToolsAppl.2019, vo. 78, no. 16, pp.22199-22222. [9] Zhang Y, Xie K, Ruan O An improved and efficient mutual authentication scheme for session initiation protocol. PLoS ONE, , 2019, vol.14, vo.3.
[10] Ravanbakhsh, N., Mohammadi, M. Nikooghadam, Perfect forward secrecy in VoIP networks through design a lightweight and secure authenticated communication scheme, M. Multimed Tools Appl, 2019, vol. 78, no. 9, pp. 11129-11153.
[11] Amin R, Islam S, Biswas G, Giri D, Khan MK, Kumar N. A more secure and privacy-aware anonymous user authentication scheme for distributed mobile cloud computing environments. Secur Commun Netw. 2016, vol. 9, no.17, pp.4650-4666.
[12] A. Ostad-Sharif, D. Abbasinezhad-Mood, and M. Nikooghadam, ‘‘A robust and efficient ECC-based mutual authentication and session key generation scheme for healthcare applications,’’ J. Med. Syst., 2019, vol. 43, p. 10.
[13] Ostad-Sharif, A, Abbasinezhad-Mood, D, Nikooghadam, M. An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC. Int J Commun Syst. 2019, vol. 32, no. 5.
[14] Cremers, C, Scyther - Semantics and Verification of Security Protocols. Ph.D. dissertation, Eindhoven University of Technology, 2006.
[15] Blanchet B, Cheval V, Allamigeon X, Smyth B. ProVerif: Cryptographic protocol verifier in theformalmodel.(Availableat:http://prosecco.gforge.inria.fr/personal/bblanche/proverif/).
[16] A.Durlanik, I. Sogukpinar. SIP authentication scheme using ECDH. World Enformatika Society Transaction on Engineering Computing and Technology, 2005, vol. 8, pp.350-353.
[17] EJ Yoon, KY Yoo, et al..A secure and efficient SIP authentication scheme for converged VoIP networks. Computer Communications, 2010, vol. 33, pp.1674-1681.
[18] Zhang L., Tang S., Cai Z.. Efficient and flexible password authenticated key agreement for Voice over Internet Protocol Session Initiation Protocol using smart card. International Journal of Communication Systems 2014. [19] Farash MS. Security analysis and enhancements of an improved authentication for session initiation protocol with provable security. Peer-to-Peer Networking and Applications. 2016, vol. 9, no. 1, pp: 82–91. [20] Kumari S, Chaudhry S, Wu F, Li X, Farash M, Khan M. An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Networking and Applications. 2015, vol. 10. no. 1, pp. 92-105.
[21]Zhang L, Tang S, Cai Z. Cryptanalysis and improvement of password-authenticated key
agreement for session initiation protocol using smart cards. Security and Communication
Networks. , 2014, vol. 7, no. 12, pp.2405-2411.
[22] Jiang Q, Ma J, Tian Y, Cryptanalysis of smart-card-based password authenticated key
agreement protocol for session initiation protocol of Zhang et al. Int J Commun Syst, 2015, vol.28, no. 7, pp:1340-1351.
[23]Tu, H., Kumar, N., Chilamkurti, N., Rho, S., An improved authentication protocol for session initiation protocol using smart card. Peer-to-Peer Networking and Applications, 2015, vol. 8, no. 5, pp. 903-910.
[24]Farash MS. Security analysis and enhancements of an improved authentication for ses sion initiation protocol with provable security. Peer-to-Peer Networking and Applications , 2016, vo. 9, no. 1, pp: 82 - 91 , .
[25]Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU. An improved and provably secure privacy preserving authentication protocol for sip. Peer-to-Peer Networking and Applications, 2017, vol. 10, no. 1, pp. 1 - 15.
[26]Mishra D, Das AK, Mukhopadhyay S, A secure and ecient ECC-based user anonymity preserving session initiation authentication protocol using smart card. Peer-to-peer Netw Appl, 2016, vol. 9, no. 1, pp. 171,192.
[27]Farash MS, Attari MA. An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. International Journal of Communication Systems, 2016, vol. 29. no. 13, pp. 1956-1967.
[28]Lu Y, Li L, Peng H, Yang Y, An anonymous two-factor authenticated key agreement
scheme for session initiation protocol using elliptic curve cryptography. Multimedia Tools
and Applications, 2017, vol. 76, no. 2, pp. 1801-1815.
[29]Lu Y, Li L, Peng H, Yang Y, A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl, 2016, vol. 9, no. 2, pp. 449-459.
[30]V. Sureshkumar, R. Amin, and R. Anitha, A robust mutual authentication scheme for session initiation protocol with key establishment, Peer-toPeer Netw. Appl. , 2018, vol. 11, no. 5, pp. 900-91.
[31]Zhang L, Tang S, Zhu S, An energy efficient authenticated key agreement protocol for SIP-based
green VoIP networks. J Netw Comput Appl, 2016, vol.59, pp.126–133.
[32]Qiu S, Xu G, Ahmad H. An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy. PLOS ONE, 2018, vol. 13, no, 3.
[33]M. Nikooghadam, R. Jahantigh, and H. Arshad, ‘‘A lightweight authentication and key agreement protocol preserving user anonymity,’’ Multimedia Tools Appl., 2017, vol.76, no.11, pp. 13401–13423.
[34]Xu, L., Wu, F., Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. Journal of medical systems, 2015, vol. 39, no. 10.
[35]Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., Obaidat, M. S., Design and analysis of an enhanced patient-server mutual authentication protocol for telecare medical information system. Journal of medical systems, 2015, vol. 39, no.11, pp. 137.
[36]Xu L,Wu F Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst, 2015, vol. 39, no. 2, pp:1–9. [37]Kumari S, Karuppiah M, Das AK, Li X, Wu F, Gupta V. Design of a secure anonymity preserving authentication scheme for session initiation protocol using elliptic curve cryptography. J Ambient Intell Human Comput,, 2018, vol. 9, no.3, pp 643–653.

Files

History

  • Receive Date: 10 August 2019
  • Revise Date: 21 September 2019
  • Accept Date: 02 October 2019
  • First Publish Date: 22 November 2019

Share

How to cite

Statistics