A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography
Article first published online: 8 FEB 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 5, Issue 12, pages 1423–1429, December 2012
How to Cite
He, D., Chen, J. and Chen, Y. (2012), A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security Comm. Networks, 5: 1423–1429. doi: 10.1002/sec.506
- Issue published online: 23 NOV 2012
- Article first published online: 8 FEB 2012
- elliptic curve cryptosystem;
- session initiation protocol
The session initiation protocol (SIP) is one of the most important protocols supporting multimedia services. With the wide spread of the internet, the security of SIP is becoming more and more important. In 2009, Tsai proposed an efficient authentication scheme as an enhancement to SIP. However, Arshad et al. demonstrated that Tsai's scheme was vulnerable to the off-line password-guessing attack and the stolen-verifier attack. They also pointed out that Tsai's scheme did not provide known-key secrecy and perfect forward secrecy. To overcome the weaknesses, Arshad et al. also proposed an improved authentication scheme based on the elliptic curve discrete logarithm problem for SIP and claimed that their scheme can withstand various attacks. In this paper, we do a cryptanalysis of the scheme by Arshad et al., and we show that their scheme is vulnerable to the off-line password-guessing attack. We also propose an improved authentication scheme based on the elliptic curve cryptography for SIP which is immune to the presented attacks. Copyright © 2012 John Wiley & Sons, Ltd.