Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards

Lists

Zhang, Liping, Tang, Shanyu ORCID: https://orcid.org/0000-0002-2447-8135 and Cai, Zhihua (2014) Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards. Security and Communication Networks, 7 (12). pp. 2405-2411. ISSN 1939-0114

[thumbnail of Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards.pdf]
Preview
 PDF
Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards.pdf - Accepted Version
Download (91kB) | Preview

Abstract

Session Initiation Protocol (SIP) is one of the most commonly used protocols for handling sessions for Voice over Internet Protocol (VoIP)-based communications, and the security of SIP is becoming increasingly important. Recently, Zhang et al. proposed a password authenticated key agreement protocol for SIP by using smart cards to protect the VoIP communications between users. Their protocol provided some unique features, such as mutual authentication, no password table needed, and password updating freely. In this study, we performed cryptanalysis of Zhang et al.'s protocol and found that their protocol was vulnerable to the impersonation attack although the protocol could withstand several other attacks. A malicious attacker could compute other users’ privacy keys and then impersonated the users to cheat the SIP server. Furthermore, we proposed an improved password authentication key agreement protocol for SIP, which overcame the weakness of Zhang et al.’s protocol and was more suitable for VoIP communications.

Item Type: Article
Identifier: 10.1002/sec.951
Additional Information: © 2014 John Wiley & Sons, Ltd. This is the accepted version of the following article: Zhang L., Tang S., and Cai Z. (2014), Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards, Security Comm. Networks, 7; pages 2405–2411, which has been published in final form at https://doi.org/10.1002/sec.951.
Keywords: authentication; key agreement; session initiation protocol; elliptic curve
Subjects: Computing > Information security > Cyber security
Computing > Information security
Depositing User: Shanyu Tang
Date Deposited: 27 Sep 2017 17:06
Last Modified: 06 Feb 2024 15:54
URI: https://repository.uwl.ac.uk/id/eprint/3950

Downloads

Downloads per month over past year

Actions (login required)

View Item View Item
Tools
CORE (COnnecting REpositories)

Menu