Abstract
SIP (Session Initiation Protocol) is becoming the mostly deployed signaling protocol for VoIP (Voice over IP). Security is of utmost importance for its usage due to the open architecture of the Internet. Recently, Yoon et al. proposed a SIP authentication scheme based on elliptic curve cryptography (ECC) that claimed to provide higher security than other schemes. However, as demonstrated in this paper, it is still vulnerable to off-line dictionary and partition attacks.
Chapter PDF
Similar content being viewed by others
References
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP - Session Initiation Protocol. IETF RFC3261 (June 2002)
Garcia-Martin, M., Henrikson, E., Mills, D.: Private Header (P-Header) Extensions to the Session Initiation Protocol (SIP) for the 3rd Generation Partnership Project (3GPP), IETF RFC3455 (2003)
Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP Authentication: Basic and Digest Access Authentication. IETF RFC 2617 (June 1999)
Yang, C.C., Wang, R.C., Liu, W.T.: Secure Authentication Scheme for Session Initiation Protocol. Computers and Security 24, 381–386 (2005)
Durlanik, A., Sogukpinar, I.: SIP Authentication Scheme Using ECDH. World Informatika Society Transaction on Engineering Computing and Technology 8, 350–353 (2005)
Wu, L., Zhang, Y., Wang, F.: A New Provably Secure Authentication and Key Agreement Protocol for SIP Using ECC. Computer Standards and Interfaces 31(2), 286–291 (2009)
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Yoon, E.J., Yoo, K.Y., Kim, C., Hong, Y.S., Jo, M., Chen, H.H.: A Secure and Efficient SIP Authentication Scheme for Converged VOIP Networks. Computer Communications 33, 1674–1681 (2010)
Wireshark, http://www.wireshark.org/
Burr, W.E., Dodson, D.F., Polk, W.T.: Electronic Authentication Guideline. NIST Special Publication 800-63 (April 2006)
Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2003)
Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy (May 1992)
Certicom Research: SEC 2: Recommended Elliptic Curve Domain Parameters, http://www.secg.org/collateral/sec2_final.pdf
IEEE P1363.2: Password-Based Public-Key Cryptography (September 2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Liu, F., Koenig, H. (2011). Cryptanalysis of a SIP Authentication Scheme. In: De Decker, B., Lapon, J., Naessens, V., Uhl, A. (eds) Communications and Multimedia Security. CMS 2011. Lecture Notes in Computer Science, vol 7025. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24712-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-24712-5_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24711-8
Online ISBN: 978-3-642-24712-5
eBook Packages: Computer ScienceComputer Science (R0)