An improved smart card based authentication scheme for session initiation protocol

被引：64

作者：

Kumari, Saru ^{[1
]}

Chaudhry, Shehzad Ashraf ^{[2
]}

Wu, Fan ^{[3
]}

Li, Xiong ^{[4
,5
]}

Farash, Mohammad Sabzinejad ^{[6
]}

Khan, Muhammad Khurram ^{[7
]}

机构：

[1] Ch Charan Singh Univ, Dept Math, Meerut 250004, Uttar Pradesh, India

[2] Int Islamic Univ, Dept Comp Sci & Software Engn, Islamabad, Pakistan

[3] Xiamen Inst Technol, Dept Comp Sci & Engn, Xiamen 361021, Peoples R China

[4] Hunan Univ Sci & Technol, Sch Comp Sci & Engn, Xiangtan 411201, Peoples R China

[5] Nanjing Univ Informat Sci & Technol, Nanjing 210044, Jiangsu, Peoples R China

[6] Kharazmi Univ, Dept Math & Comp Sci, Tehran, Iran

[7] King Saud Univ, Ctr Excellence Informat Assurance CoEIA, Riyadh, Saudi Arabia

来源：

PEER-TO-PEER NETWORKING AND APPLICATIONS | 2017年 / 10卷 / 01期

基金：

中国国家自然科学基金;

关键词：

Authentication; Security; Anonymity and privacy; Impersonation attack; Provable security; ProVerif; UNLINKABILITY;

D O I：

10.1007/s12083-015-0409-0

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Sessioninitiation protocol (SIP) reformed the controlling routine of voice over Internet Protocol based communication over public channels. SIP is inherently insecure because of underlying open text architecture. A number of solutions are proposed to boost SIP security. Very recently Farash (Peer to Peer Netw. Appl. 1-10, 2014) proposed an enhanced protocol to improve the security of Tu et al.'s protocol (Peer to Peer Netw. Appl. 1-8, 2014). Further, Farash claimed his protocol to be secure against all known attacks. However, in this paper we show that Farash's protocol is insecure against impersonation attack, password guessing attack, lacks user anonymity and is vulnerable to session-specific temporary information attack. Further, we have proposed an upgraded protocol to enhance the security. The security and performance analysis shows that the proposed protocol reduced one point multiplication as compared with Farash's protocol, while resisting all known attacks. We have proved the security of proposed protocol using automated tool ProVerif.

引用

页码：92 / 105

页数：14

共 50 条

[41] Improvement on a Smart Card Based Password Authentication Scheme
He, Debiao
Chen, Jianhua
Hu, Jin
JOURNAL OF INTERNET TECHNOLOGY, 2012, 13 (03): : 405 - 409
[42] A smart card based remote user authentication scheme
Centre for Development of Advanced Computing, 68, Electronic City, Bangalore, India
不详
不详
J. Digit. Inf. Manage., 2008, 3 (256-261):
[43] Analysis and design of a smart card based authentication protocol
Kuo-Hui Yeh
Kuo-Yu Tsai
Jia-Li Hou
Journal of Zhejiang University SCIENCE C, 2013, 14 : 909 - 917
[44] Advanced smart card based password authentication protocol
Song, Ronggong
COMPUTER STANDARDS & INTERFACES, 2010, 32 (5-6) : 321 - 325
[45] Analysis and design of a smart card based authentication protocol
Kuo-Hui YEH
Kuo-Yu TSAI
Jia-Li HOU
Frontiers of Information Technology & Electronic Engineering, 2013, (12) : 909 - 917
[46] A smart-card-based remote authentication scheme
Chang, CC
Lee, JS
ICESS 2005: SECOND INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE AND SYSTEMS, 2005, : 445 - 449
[47] Smart card based secure password authentication scheme
Wang, SJ
Chang, JF
COMPUTERS & SECURITY, 1996, 15 (03) : 231 - 237
[48] An Efficient and Secure Smart Card Based Authentication Scheme
Chen, Chien-Ming
Xiang, Bin
Wang, King-Hang
Zhang, Yong
Wu, Tsu-Yang
JOURNAL OF INTERNET TECHNOLOGY, 2019, 20 (04): : 1113 - 1123
[49] Analysis and design of a smart card based authentication protocol
Yeh, Kuo-Hui
Tsai, Kuo-Yu
Hou, Jia-Li
JOURNAL OF ZHEJIANG UNIVERSITY-SCIENCE C-COMPUTERS & ELECTRONICS, 2013, 14 (12): : 909 - 917
[50] Smart Card Based User Authentication Scheme with Anonymity
Toan-Thinh Truong
Minh-Triet Tran
Anh-Duc Duong
FUTURE DATA AND SECURITY ENGINEERING, FDSE 2014, 2014, 8860 : 220 - 233

← 1 2 3 4 5 →