Comment on ‘Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol‐based communications’

I am writing this comment with reference to an article published recently by Zhang et al. [1] in IET communications. The Zhang et al.’s protocol for SIP authentication is robust against all known attacks, further it provide user anonymity. They have alternated the need of storing verification tables to reduce storage and computation burden on SIP server, but I am worried about the correctness of their protocol as during authentication phase the client sends W = r1, R = r1(h(PW||c)⊕ h(username||c))s P and V = Em(r1 P||h(PW||c)⊕ h(username||c)||T ). Upon receiving W and V the SIP server computes m = (s) W and decrypts V by using key m. Then server extracts (h(PW||c)⊕ h(username||c)) from both W and V independently, further server compare both values of (h(PW||c)⊕ h(username||c)), if they are equivalent server continues the authentication process. My concern is the server got user’s password PW, name username and a random number c protected by one way hash function. The user name or password is not even revealed to the server. Hence the user is not recognised by the server, so how can the user be able to obtain user specific services from the server? The authors need to either clarify the protocol or propose an enhanced protocol in order to make server able to recognise the user who has initiated the login request, at the moment protocol cannot distinguish between two different legal users say Ui and Uj.