An improved smart card based authentication scheme for session initiation protocol
详细信息 查看全文
- 作者:Saru Kumari ; Shehzad Ashraf Chaudhry ; Fan Wu…
- 关键词:Authentication ; Security ; Anonymity and privacy ; Impersonation attack ; Provable security ; ProVerif
- 刊名:Peer-to-Peer Networking and Applications
- 出版年:2017
- 出版时间:January 2017
- 年:2017
- 卷:10
- 期:1
- 页码:92-105
- 全文大小:
- 刊物类别:Engineering
- 刊物主题:Communications Engineering, Networks; Information Systems and Communication Service; Computer Communication Networks; Signal,Image and Speech Processing;
- 出版者:Springer US
- ISSN:1936-6450
- 卷排序:10
文摘
Sessioninitiation protocol (SIP) reformed the controlling routine of voice over Internet Protocol based communication over public channels. SIP is inherently insecure because of underlying open text architecture. A number of solutions are proposed to boost SIP security. Very recently Farash (Peer to Peer Netw. Appl. 1–10, 2014) proposed an enhanced protocol to improve the security of Tu et al.’s protocol (Peer to Peer Netw. Appl. 1–8, 2014). Further, Farash claimed his protocol to be secure against all known attacks. However, in this paper we show that Farash’s protocol is insecure against impersonation attack, password guessing attack, lacks user anonymity and is vulnerable to session-specific temporary information attack. Further, we have proposed an upgraded protocol to enhance the security. The security and performance analysis shows that the proposed protocol reduced one point multiplication as compared with Farash’s protocol, while resisting all known attacks. We have proved the security of proposed protocol using automated tool ProVerif.