The session initiation protocol (SIP) is the most widely used signaling protocol for creating, modifying, and terminating multimedia sessions in an Internet Protocol-based telephony environment. Recently, Arshad et al. proposed an authentication scheme based on elliptic curve cryptosystems for SIP. In this paper, we first show that their scheme is vulnerable to the password-guessing attack. Thereafter, we propose a new authentication and key agreement scheme for SIP, which is immune to the presented attacks. Our scheme achieves provable security and, yet, is efficient. Moreover, we also provide an extended scheme capable of protecting media stream's privacy even against SIP servers while supporting lawful interception, which is inevitably required for protecting the national security or for detecting the criminal evidence. Copyright © 2012 John Wiley & Sons, Ltd.