Details

Autor(en) / Beteiligte

• Xie, Qi

Titel

A new authenticated key agreement for session initiation protocol

Ist Teil von

• International journal of communication systems, 2012-01, Vol.25 (1), p.47-54

Ort / Verlag

Chichester, UK: John Wiley & Sons, Ltd

Erscheinungsjahr

2012

Quelle

Wiley Online Library - AutoHoldings Journals

Beschreibungen/Notizen

• SUMMARY The session initiation protocol (SIP) is an authentication protocol used in 3G mobile networks. In 2009, Tsai proposed an authenticated key agreement scheme as an enhancement to SIP. Yoon et al. later pointed out that the scheme of Tsai is vulnerable to off‐line password guessing attack, Denning–Sacco attack, and stolen‐verifier attack and does not support perfect forward secrecy (PFS). Yoon et al. further proposed a new scheme with PFS. In this paper, we show that the scheme of Yoon et al. is still vulnerable to stolen‐verifier attack and may also suffer from off‐line password guessing attack. We then propose several countermeasures for solving these problems. In addition, we propose a new security‐enhanced authentication scheme for SIP. Our scheme also maintains low computational complexity. Copyright © 2011 John Wiley & Sons, Ltd. In 2010, Yoon et al. proposed a security‐enhanced scheme for Session Initiation Protocol (SIP) which is an authentication protocol used in 3G mobile networks. In this paper, we showed that Yoon et al.'s SIP is vulnerable to off‐line password guessing attack and stolen‐verifier attack, and proposed several countermeasures for defending against these attacks. In addition, we proposed a new security‐enhanced scheme for SIP which not only defends against the attacks mentioned above, but can also maintain the efficiency of the scheme.