Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
V16-I2-P12-19

V16-I2-P12-19

Ratings:
(0)
|Views: 103|Likes:

More info:

Published by: Journal of Telecommunications on Oct 31, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

12/22/2013

pdf

text

original

 
JOURNAL OF TELECOMMUNICATIONS, VOLUME 16, ISSUE 2, OCTOBER 2012
 © 2012 JOT
www.journaloftelecommunications.co.uk
12
SIP Authentication Scheme Improvement basedon Elliptic Curve Cryptography
Samaneh Sadat Mousavi Nik, Mohammad Hossien Yaghmaee Moghaddam and Mohammad BagherGhaznavi Ghoushchi
 
Abstract
Session Initiation Protocol (SIP) is a powerful signaling protocol that increasingly used for administrating Voice over IP(VoIP) phone calls and in current Internet protocols such as Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol(SMTP). SIP controls communications on the Internet for establishing, maintaining and terminating sessions. But The authenticationmechanism proposed in SIP specification is based on HTTP Digest authentication which this scheme has security problems, such asoff-line password guessing attacks and impersonate other parties or charge calls to others and etc. So, many researches proposeddifferent schemes to secure the SIP authentication. In the year 2012, Tang et al. proposed a SIP authentication protocol using ellipticcurve cryptography (ECC), but their scheme is insecure against off-line password guessing, registration and modification attacks. Inthis paper we try to propose an ECC-based authentication scheme for SIP to overcome such security problems. At the end, analysisof security of the ECC-based protocol shows that our scheme is suitable for the applications with higher security requirement.
Index Terms
SIP protocol, Elliptic curve cryptography, Authentication, vulnerability, security
——————————
 
 
——————————
 
1.
 
I
NTRODUCTION
 
N today's and future wired or wireless networks,multimedia service is a great importance applicationclass. Especially, the next generation of wireless networkswill be based on all-IP architecture. One of the mostimportant protocols supporting multimedia services is thesession initiation protocol (SIP)[5]. Session InitiationProtocol is an open signaling protocol standard developedby the Internet Engineering Task Force (IETF) incooperation with many industry leaders, including Avaya,for establishing, managing, and terminating real-timecommunications over large IP-based networks, such as theInternet.In 1999, SIP proposed by Internet Engineering Task Force(IETF) for the IP-based telephony[2, 3]. SIP is an application
layer control protocol that is a text basedprotocol and can be used for controlling multimediacommunication sessions such as voice and video calls overInternet protocols such as Hyper Text Transport Protocol(HTTP) and Simple Mail Transport Protocol (SMTP)[4]. SIPis the one important protocol because of the widespreadapplication of the voice over IP (VoIP) in the Internet so thesecurity of SIP is becoming too important[5].SIP is a request-response protocol when a user wants toaccess a SIP service, at the first she/he has to authenticatewith SIP server but the original authentication scheme for
SIP doesn‘t provide enough security because it‘s based on
 HTTP Digest authentication noted in RFC2617[6].Different SIP authentication schemes have been proposedespecially based on Elliptic curve cryptography (ECC) toprovide security for SIP. Elliptical curve cryptography(ECC) is apublic keyencryptiontechnique based on elliptic curve theory that can be used to create faster, smaller, andmore efficient cryptographic keys. ECC generates keysthrough the properties of the elliptic curve equation insteadof the traditional method of generation as the product ofvery largeprime numbers [7].In this paper, we investigate SIP Authentication Scheme based on Elliptic CurveCryptography, Currently, the security of SIP is becomingmore and more important. SIP specification does notinclude any specific security mechanisms. SIPauthentication is inherited from HTTP Digestauthentication, which is a challenge-response basedauthentication protocol [2].
2.
 
H
ISTORY AND
R
ELATED
W
ORK
 
In 2005,Yang et al. found that the original SIPauthentication scheme was vulnerable to off-line passwordguessing attack and server-spoofing attack[8]so theyproposed scheme was based on Diffie-Hellman keyexchange algorithm[9],which depended on the difficulty of
I
 ———————————————— 
 
 
S.S Mousavi Nik MSC in department of Engineering , Security inInformation Technology, University of Tehran Kish InternationalCampus, Niayesh Blvd., Kish Island, Iran
 
 M.H. Yaghmaee-Moghaddam
School of Engineering Ferdowsi University Mashhad, Iran
 
 M.B. Ghaznavi-Ghoushchi
School of Engineering Shahed UniversityTehran, Iran
 
JOURNAL OF TELECOMMUNICATIONS, VOLUME 16, ISSUE 2, OCTOBER 2012
 © 2012 JOT
www.journaloftelecommunications.co.uk
13
Discrete Logarithm Problem (DLP)[10]but Yang
et al.‘s
scheme was vulnerable to stolen-verifier attack, off-linepassword guessing attack, and Denning-Sacco attack[11] and Their scheme was high computation cost[12-14]. In thesame year,
Based on Yang et al.‘s scheme, Durlanik et al.
[12].introduced another SIP authentication by using EllipticCurve Diffie-Hellman (ECDH) key exchange algorithm but
this scheme in comparison with Yang et al.‘s scheme
reduced the execution time and memory requirements.However, their scheme still vulnerability from off-linedictionary attack and Denning-Sacco attack[15].In 2008,Tsai[14]proposed SIP authentication scheme based onrandom nonce. In this scheme all the communicationmessages were computed with one-way hash function andexclusive-or operation so computation cost reduces highly.But this scheme vulnerable to off-line password guessing,Denning-Sacco and stolen-verifier attacks; furthermore, itdid not provide any key agreement, known-key secrecy andperfect forward secrecy (PFS)[16-19]In 2009, Wu et al.[20]  suggested an SIP authentication scheme based on ellipticcurve cryptography (ECC). This scheme achievesauthentication and a shared secrecy at the same time. Wu et
al.‘s scheme provides provable security in
 
the Canetti
Krawczyk (CK) security model[21]
and it‘s suitable for
applications that require low memory and rapidtransactions.
But Wu et al.‘s SIP authentication schemes are
still vulnerable to off-line password guessing attacks,Denning-Sacco attacks, and stolen-verifier attacks[10, 18].In 2009, Yoon et al. proposed another authentication for SIPusing ECC in[15].Unfortunately, the scheme wasvulnerable to password guessing attack and stolen-verifierattack. The attack method could be referred to[22].In 2010,Yoon et al. proposed the third and fourth ECC-basedauthentication scheme for SIP[23, 24].But these schemes were vulnerable to offline password guessing and stolen-verifier attacks[22].In 2011, Arshad et al. proposed SIPauthentication scheme based on ECC[16].But Arshad et
al.‘s authentication scheme was vulnerable
to off-linepassword guessing attack[1].In 2012, Tang et al. proposed asecure and efficient authentication scheme based on EllipticCurve Discrete Logarithm Problem (ECDLP) for SIP. We
demonstrate the Tang et al.‘s authentication scheme
vulnerable to off-line password guessing attack,modification attack and registration attack in this paper andthen propose a secure SIP authentication scheme based onECC in order to solve those security problems. Theproposed SIP authentication scheme can provide highsecurity and executes faster than previously proposedschemes.The remainder of this paper is outlined as follows.Section 3 reviews the original SIP authentication procedure.Section 4
introduces of Tang et al.‘s scheme and discusses
attack on it and in Section 5 proposed ECC-based mutualauthentication scheme for SIP is presented. In section 6discuss the security and efficiency of the proposed scheme,In Section 7, evaluate the performance of the proposedscheme. And Section 8 is the conclusion.
3.
 
SIP
AUTHENTICATION PROCEDURE
 
The common authentication scheme for SIP is DigestAccess Authentication (DAA)[6].DAA security is based onthe challenge-response pattern, and this mechanism relieson a shared secret between client and server[8]so Clientpre-shares a password with the server before theauthentication procedure starts. Fig. 1 shows procedure ofthe DAA mechanism in SIP.(1) Client
Server: REQUESTThe client sends a REQUEST to the server.(2) Server
Client: CHALLENGE (nonce, realm)The server generates a CHALLENGE that includes a nonce
and the client‘s realm. Then the server sends a
CHALLENGE to the client.(3)Client
Server: RESPONSE (nonce, realm, username,response)The client computes a response = F(nonce, realm,username, response). Note that F(.) is a one-way hashfunction.It is used to generate a digest authenticationmessage, and then the client sends the RESPONSE to theserver.(4) According to the username, the server extracts the
client‘s password. Then the SIP server
must perform thesame digest operation, and compare the result. If the resultsare identical, the client is authenticated and a 200 OKmessage is sent.Figure 1. The SIP Digest Access Authentication methodduring a SIP REGISTER transaction
 
JOURNAL OF TELECOMMUNICATIONS, VOLUME 16, ISSUE 2, OCTOBER 2012
 © 2012 JOT
www.journaloftelecommunications.co.uk
14
4.
 
REVIEW OF
SIP
AUTHENTICATION SCHEME BY
T
ANG ET AL
.
This section reviews Tang et al.‘s SIP authentication
scheme[1].Then shows that the scheme is vulnerable to off-line password guessing, modification and registration
attacks. Tang et al.‘s scheme consists of four phases: system
setup phase, registration phase, login and authenticationphase, and password change phase.
4.1.
 
T
ANG ET AL
.’
S SCHEME
 
Tang et al. propose an enhanced ECC-based SIP
authentication scheme in order to strength Arshad et al.‘s
scheme. Notations used in this paper are defined in Table 1.Table 1.Notations and their explanations[1] 
4.2.
 
S
YSTEM SETUP PHASE
 
First the members and the server agree on the ECparameters Then server selects a secret key KS, computes Q= KS. P and keeps secret KS and publishes p, a, b, P, n, h, Q[1].
4.3.
 
R
EGISTRATION PHASE
 
In this phase:(1) The user chooses his or her identity IDi andpassword PWi, then through a pre-established securechannel, such as Virtual Private Network (VPN) or SecureSockets Layer (SSL) sends them to the server.(2) The server computes Vi = h (IDi llKS)
PWi andstores (IDi, Vi) in its database.
4.3.1.
 
L
OGIN AND AUTHENTICATION PHASE
 
Fig. 2 illustrates Tang et al.‘s SIP authentication scheme.
 When a legal SIP client U wants to login the SIP server S,the authentication scheme between U and S proceeds asfollows.(1) Ui
S : REQUEST (IDi , R1)Ui selects a random nonce r1
ϵ
Zn* then computes R =r1 .P, R1= R + H(IDi,PWi). And then sends message REQUEST(IDi , R1) To the server S.(2) S
Ui: CHALLENGE (S, R2, V1)First S checks IDi is exist in database. If yes,S computes PWi= Vi
h(IDillKS) , R‘= R1
- h(IDi, PWi)= r1 .P. And then Sselects a random nonce r2
ϵ
Zn*, computes R2 =r2 . P, SKS
=r2 .R‘= r1 .r2. P, V1 =h(S ll IDi ll R‘ ll R2 ll SKs), and sends
CHALLENGE (S, R2, V1) to Ui. At the end, S computes thecommon session key SK =
 
h(IDi ll Sll R‘ ll R2 ll SKs ll PWi )
 (3) Ui
S : RESPONSE (IDi, S, V2)Ui computes SKU = r1 .R2 = r1 .r2 . P and checks V1 is equalto h(S ll IDi llR ll R2 ll SKU ) . If they are equal, Uiauthenticates the server and computes V2 = h(IDi ll S llSKU ll PWi ) . Then Ui sends message RESPONSE (IDi, S,V2) To the server. Then Ui computes the session key SK =h(IDill S ll R ll R2 ll SKU ll PWi ).(4)Upon receiving the response message, S checks V2 isequal to h(IDi ll S ll SKS ll PWi ). If the result is equal Sauthenticates the identity of Ui and he common session keyis:SK = h(IDi ll S ll r1 .P llr2 .P llr1 .r2.P llPWi )Figure 2. Login and authentication phase[1] 
4.3.2.
 
P
ASSWORD CHANGE PHASE
 
In this phase user can change his or her password. Figure3shows the password change phase.
 
Server authenticates Ui with his or her old

Activity (1)

You've already reviewed this. Edit your review.
Javad Njf added this note
perfect..
Javad Njf liked this
1 hundred reads
hamid_fste liked this
Samaneh Mn liked this
Samaneh Mn liked this
Samaneh Mn liked this
samane64 liked this
Samaneh Mn liked this
Samaneh Mn liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->