Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography

被引:0
作者
Mohammad Sabzinejad Farash
Saru Kumari
Majid Bakhtiari
机构
[1] Kharazmi University,Faculty of Mathematical Sciences and Computer
[2] Agra College,Department of Mathematics
[3] Agra,Faculty of Computing
[4] Dr. B. R. A. University,undefined
[5] University Technology Malaysia (UTM),undefined
来源
Multimedia Tools and Applications | 2016年 / 75卷
关键词
Elliptic curve cryptography; Authentication scheme; Session initiation protocol; Random oracle model;
D O I
暂无
中图分类号
学科分类号
摘要
The session initiation protocol (SIP) has been receiving a lot of attention to provide security in the Voice over IP (VoIP) in Internet and mobility management. Recently, Yeh et al. proposed a smart card-based authentication scheme for SIP using elliptic curve cryptography (ECC). They claimed that their scheme is secure against known security attacks. However, in this paper, we indicate that Yeh et al.’s scheme is vulnerable to off-line password guessing attack, user impersonation attack and server impersonation attack, in the case that the smart card is stolen and the information stored in the smart card is disclosed. As a remedy, we also propose an improved smart card-based authentication scheme which not only conquers the security weaknesses of the related schemes but also provides a reduction in computational cost. The proposed scheme also provides the user anonymity and untraceability, and allows a user to change his/her password without informing the remote server. To show the security of our protocol, we prove its security the random oracle model.
引用
收藏
页码:4485 / 4504
页数:19
相关论文
共 48 条
[1]  
Arshad R(2013)Elliptic curve cryptography based mutual authentication scheme for session initiation protocol Multimed Tools Appl 66 165-178
[2]  
Ikram N(2014)An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps Nonlinear Dyn 77 399-411
[3]  
Farash MS(2011)Vulnerability of two multiple-key agreement protocols Comput Electr Eng 37 199-204
[4]  
Attari MA(2014)A Pairing-free ID-based Key Agreement Protocol with Different PKGs International journal of Network Security 16 143-148
[5]  
Farash MS(2014)An Enhanced and Secure Three-Party Password-based Authenticated Key Exchange Protocol without Using Server’s Public-Keys and Symmetric Cryptosystems Information Technology And Control 43 143-150
[6]  
Bayat M(2014)Cryptanalysis and improvement of a chaotic maps-based key agreement protocol using Chebyshev sequence membership testing Nonlinear Dyn 76 1203-1213
[7]  
Attari MA(2013)A new efficient authenticated multiple-key exchange protocol from bilinear pairings Comput Electr Eng 39 530-541
[8]  
Farash MS(2013)Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC ISC Int J Inf Secur 5 18-43
[9]  
Attari MA(2012)A certificateless multiple-key agreement protocol without hash functions based on bilinear pairings International Journal of Engineering and Technology 4 321-325
[10]  
Farash MS(2014)A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks J Supercomput 69 395-411
12345