Session initiation protocol (SIP), a widely used signal protocol for controlling multimedia communication sessions, is under numerous attacks when performing the authentication steps between the user and server. So secure authentication schemes are needed to be presented for SIP. Recently, Arshad et al. advanced novel schemes for SIP using elliptic curve cryptography (ECC) and claimed their schemes can resist various attacks. However, Lu et al. found that Arshad et al.’s scheme cannot resist trace and key-compromise impersonation attacks; hence, it cannot provide proper mutual authentication. Meanwhile, an enhanced scheme was advanced by Lu et al. and they stated that their scheme can stand up to possible known attacks. Nevertheless, in this paper, we conclude that Arshad and Nikooghadam’s scheme is insecure against impersonation attack and Lu et al.’s scheme is still vulnerable to impersonation attack. To overcome these weaknesses of their schemes, we present a novel anonymous ECC-based scheme for SIP. Security analysis and performance analysis show that our proposed scheme can resist various known attacks and efficient in the meantime.
SIP (session initiation protocol), a text-based application layer signaling control protocol, is used to create, modify, and release sessions between participators. These sessions will be initiated when users request Internet multimedia conferences, IP phones, and multimedia distribution. The participants of SIP can communicate with each other by multicast, unicast, or a mixture of two. SIP is widely used since 2002, the time when it was presented by the Internet Engineering Task Force (IETF) [
In 2009, Tsai [
In 2014, a smart-card-based scheme was advanced by Zhang et al. [
In this paper, we revisit Arshad and Nikooghadam and Lu et al.’s schemes and show that their schemes are vulnerable to impersonation attack. Meanwhile, we propose our enhanced ECC-based scheme for SIP to make up for the shortcomings of Arshad et al.’s and Lu et al.’s schemes.
The rest of the paper is organized as follows. Review and cryptanalysis of Arshad and Nikoofhadam’s scheme are showed in Sections
In this section, we will review Arshad and Nikoofhadam’s [
Notations of Arshad et al.’s scheme.
Firstly, the server selects an elliptic curve equation
The client generates a number If
In this part, we will introduce the authentication and key agreement phase of Arshad and Nikoofhadam’s scheme and the steps of this phase are also represented by Table The client selects an integer If The client computes The server computes
Authentication and key agreement.
Client | Server |
---|---|
Firstly, a new password The server computes The client calculates
In this part, we will prove that Arshad and Nikoofhadam’s scheme cannot withstand server impersonate attack. To do so, the adversary
Suppose
After receiving
After receiving
From what has been discussed above, we can come to the conclusion that Arshad and Nikoofhadam’s scheme cannot resist server impersonation attack.
In this part, Lu et al.’s [
Notations of Lu et al.’s scheme.
In this part, we will briefly introduce the authentication and key agreement phase of Lu et al.’s scheme and the steps of this phase are also represented by Table
Authentication and key agreement.
If
In this part, we will analyze the security of Lu et al.’s scheme and prove that their scheme cannot resist user impersonation attack. To do so, suppose an adversary
From what has been discussed above, we can come to the conclusion that Lu et al.’s scheme cannot resist user impersonation attack.
An enhanced scheme for SIP will be advanced in this section. Our scheme is based on the schemes of Irshad et al and Lu et al. and has corrected the problem that appeared in their schemes. We will list the notations that used throughout our scheme in Figure
Notations of our scheme.
Firstly, an elliptic curve equation
The registration phase will be shown in Table
The user
Steps of the registration phase.
When a legal user
The user
Authentication and key agreement.
Once receiving
After receiving
In this part, we use Burrows-Abadi-Needham logic to prove the correctness of our proposed scheme at first. Then, we use informal security analysis to prove that our scheme is secure under various attacks.
In this section, we will briefly introduce the BAN logic and then prove the security of our proposed scheme by using BAN logic.
BAN logic is a belief-based logic proposed by Burrow, Abadi, and Needham, and this logic plays a significant role in analyzing authentication protocols. When applying BAN logic to protocol analysis, it is essential to idealize the message of the protocol into a formula that BAN logic can recognize. Then, according to the reasonable initialization hypothesis, and the logical reasoning rules are used to infer whether the protocol can reach the expected goal according to the idealized protocol and initialization protocol. Figure
BAN logic notations.
Goals
(
(
(
( Idealized scheme
Initiative premises
(n1)
(n2)
(n3)
(n4)
(n5)
(n6)
(n7)
(n8)
(n9) Proof of the proposed scheme
(p1) From
(p2) From
(p3) From
(p4) From deduction
(p5) From
(p6) From
(p7) From
(p8) From
(p9) From deduction
(p10) From
Therefore, our proposed scheme achieves mutual authentication and key agreement between
The security of our proposed scheme will be discussed in this section. We will prove our scheme is secure in the face of various attacks. We draw on the experience of [
(c1)
(c2)
(c3)
(c4)
(c5)
In Denning-Sacco attack [
Suppose
In this attack,
In our proposed scheme, assume
Off-line password guessing attack means
In our proposed scheme,
In this attack, suppose
In this attack, the goal of
Suppose
Suppose a privileged inside user
If a previous session key
Perfect forward secrecy means that
Suppose
Suppose
Suppose
The performance comparison of our scheme and other related schemes [
In Table
Comparison of computational cost.
Schemes | Total comparison of computational cost | Time (ms) |
---|---|---|
Our scheme | 22.2551 ms | |
Zhang et al.’s scheme [ | 25.0675 ms | |
Irshad et al.’s scheme [ | 22.7839 ms | |
Arshad et al.’s scheme [ | 11.1116 ms | |
Lu et al.’s scheme [ | 16.0832 ms |
Notations for computation cost of times.
According to [
Figure
Comparison of security attributes.
In this paper, we have demonstrated that Arshad et al.’s scheme cannot withstand user impersonation attack and Lu et al.’s scheme is not secure against server impersonation attack. In order to remedy the weaknesses of their schemes, we present an enhanced anonymous and efficient ECC-based authentication scheme for SIP. Our scheme inherits the merits of Arshad and Nikooghadam and Lu et al.’s schemes while standing up to user and server impersonation attacks that their schemes failed to satisfy. We use BAN logic and informal analysis to demonstrate the correctness and security of our scheme. Therefore, our proposed scheme is suitable and practical for SIP.
The data used to support the findings of this study are available from the corresponding author upon request.
The authors declare that they have no conflicts of interest.
Our work was jointly supported by the National Natural Science Foundation of China (No. 61872051, No. 61702067), the Chongqing Natural Science Foundation of China (No. cstc2020jcyj-msxmX0343), and the Venture & Innovation Support Program for Chongqing Overseas Returnees (No. CX2018122).