Get access

Secure SIP authentication scheme supporting lawful interception

Authors

  • Qiong Pu,

    Corresponding author
    1. State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China
    2. Department of Networks Engineering, Information Engineering University, Zhengzhou, China
    • CIMS Research Center, Tongji University, Shanghai, China
    Search for more papers by this author
  • Jian Wang,

    1. CIMS Research Center, Tongji University, Shanghai, China
    Search for more papers by this author
  • Shuhua Wu

    1. State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China
    2. Department of Networks Engineering, Information Engineering University, Zhengzhou, China
    3. Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China
    Search for more papers by this author

Qiong Pu, Department of Networks Engineering, Information Engineering University, Zhengzhou, China.

E-mail: pqwsh@yahoo.com.cn

ABSTRACT

The session initiation protocol (SIP) is the most widely used signaling protocol for creating, modifying, and terminating multimedia sessions in an Internet Protocol-based telephony environment. Recently, Arshad et al. proposed an authentication scheme based on elliptic curve cryptosystems for SIP. In this paper, we first show that their scheme is vulnerable to the password-guessing attack. Thereafter, we propose a new authentication and key agreement scheme for SIP, which is immune to the presented attacks. Our scheme achieves provable security and, yet, is efficient. Moreover, we also provide an extended scheme capable of protecting media stream's privacy even against SIP servers while supporting lawful interception, which is inevitably required for protecting the national security or for detecting the criminal evidence. Copyright © 2012 John Wiley & Sons, Ltd.

Get access to the full text of this article

Ancillary