Premium
A new authenticated key agreement for session initiation protocol
Author(s) -
Xie Qi
Publication year - 2012
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.1286
Subject(s) - computer science , password , forward secrecy , computer security , session key , session (web analytics) , scheme (mathematics) , computer network , authentication (law) , session initiation protocol , password cracking , secrecy , key (lock) , protocol (science) , one time password , password strength , public key cryptography , encryption , world wide web , server , medicine , mathematical analysis , mathematics , alternative medicine , pathology
SUMMARY The session initiation protocol (SIP) is an authentication protocol used in 3G mobile networks. In 2009, Tsai proposed an authenticated key agreement scheme as an enhancement to SIP. Yoon et al. later pointed out that the scheme of Tsai is vulnerable to off‐line password guessing attack, Denning–Sacco attack, and stolen‐verifier attack and does not support perfect forward secrecy (PFS). Yoon et al . further proposed a new scheme with PFS. In this paper, we show that the scheme of Yoon et al. is still vulnerable to stolen‐verifier attack and may also suffer from off‐line password guessing attack. We then propose several countermeasures for solving these problems. In addition, we propose a new security‐enhanced authentication scheme for SIP. Our scheme also maintains low computational complexity. Copyright © 2011 John Wiley & Sons, Ltd.