An Enhanced Authenticated Key Agreement for Session Initiation Protocol

12 December 2013

journal article
Published by Kaunas University of Technology (KTU) in Information Technology And Control

Vol. 42 (4), 333-342
https://doi.org/10.5755/j01.itc.42.4.2496

Abstract

In 2012, Xie proposed an authentication scheme based on Elliptic Curve Cryptography (ECC) for Session Initiation Protocol (SIP). However, this paper demonstrates that the Xie’s scheme is vulnerable to impersonation attack by which an active adversary can easily forge the server’s identity. Based on this attack, we also show that the Xie’s scheme is also defenseless to off-line password guessing attack. Therefore, we propose a more secure and efficient scheme, which does not only cover all the security flaws and weaknesses of related previous protocols, but also provides more functionalities. We also evaluate the proposed protocol by AVISPA (Automated Validation of Internet Security Protocols and Applications) tools and confirm its security attributes. DOI: http://dx.doi.org/10.5755/j01.itc.42.4.2496

Keywords

Cited by 41 articles