An Enhanced Authenticated Key Agreement for Session Initiation Protocol
Keywords: Authenticated Key Agreement, Elliptic Curve, Impersonation Attack, Password Guessing Attack, Session Initiation Protocol, AVISPA tools
AbstractIn 2012, Xie proposed an authentication scheme based on Elliptic Curve Cryptography (ECC) for Session Initiation Protocol (SIP). However, this paper demonstrates that the Xie’s scheme is vulnerable to impersonation attack by which an active adversary can easily forge the server’s identity. Based on this attack, we also show that the Xie’s scheme is also defenseless to off-line password guessing attack. Therefore, we propose a more secure and efficient scheme, which does not only cover all the security flaws and weaknesses of related previous protocols, but also provides more functionalities. We also evaluate the proposed protocol by AVISPA (Automated Validation of Internet Security Protocols and Applications) tools and confirm its security attributes.
Copyright terms are indicated in the Republic of Lithuania Law on Copyright and Related Rights, Articles 4-37.