Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards

Zhang, Liping, Tang, Shanyu and Cai, Zhihua (2014) Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards. Security and Communication Networks, 7 (12). pp. 2405-2411. ISSN 1939-0114

[img]
Preview
PDF
Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards.pdf - Accepted Version

Download (91kB) | Preview

Abstract

Session Initiation Protocol (SIP) is one of the most commonly used protocols for handling sessions for Voice over Internet Protocol (VoIP)-based communications, and the security of SIP is becoming increasingly important. Recently, Zhang et al. proposed a password authenticated key agreement protocol for SIP by using smart cards to protect the VoIP communications between users. Their protocol provided some unique features, such as mutual authentication, no password table needed, and password updating freely. In this study, we performed cryptanalysis of Zhang et al.'s protocol and found that their protocol was vulnerable to the impersonation attack although the protocol could withstand several other attacks. A malicious attacker could compute other users’ privacy keys and then impersonated the users to cheat the SIP server. Furthermore, we proposed an improved password authentication key agreement protocol for SIP, which overcame the weakness of Zhang et al.’s protocol and was more suitable for VoIP communications.

Item Type: Article
Additional Information: © 2014 John Wiley & Sons, Ltd. This is the accepted version of the following article: Zhang L., Tang S., and Cai Z. (2014), Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards, Security Comm. Networks, 7; pages 2405–2411, which has been published in final form at https://doi.org/10.1002/sec.951.
Uncontrolled Keywords: authentication; key agreement; session initiation protocol; elliptic curve
Subjects: Computing > Information security > Cyber security
Computing > Information security
Depositing User: Shanyu Tang
Date Deposited: 27 Sep 2017 17:06
Last Modified: 28 Sep 2017 08:41
URI: http://repository.uwl.ac.uk/id/eprint/3950

Downloads

Downloads per month over past year

Actions (login required)

View Item View Item

Menu