An Enhanced Authenticated Key Agreement for Session Initiation Protocol

  • Mohammad Sabzinejad Farash Department of Mathematics and Computer Sciences, Tarbiat Moallem University
  • Mahmoud Ahmadian Attari Faculty of Electrical and Computer Engineering, K.N. Toosi University of Technology
Keywords: Authenticated Key Agreement, Elliptic Curve, Impersonation Attack, Password Guessing Attack, Session Initiation Protocol, AVISPA tools


In 2012, Xie proposed an authentication scheme based on Elliptic Curve Cryptography (ECC) for Session Initiation Protocol (SIP). However, this paper demonstrates that the Xie’s scheme is vulnerable to impersonation attack by which an active adversary can easily forge the server’s identity. Based on this attack, we also show that the Xie’s scheme is also defenseless to off-line password guessing attack. Therefore, we propose a more secure and efficient scheme, which does not only cover all the security flaws and weaknesses of related previous protocols, but also provides more functionalities. We also evaluate the proposed protocol by AVISPA (Automated Validation of Internet Security Protocols and Applications) tools and confirm its security attributes.