An Enhanced Authenticated Key Agreement for Session Initiation Protocol

Mohammad Sabzinejad Farash, Mahmoud Ahmadian Attari


In 2012, Xie proposed an authentication scheme based on Elliptic Curve Cryptography (ECC) for Session Initiation Protocol (SIP). However, this paper demonstrates that the Xie’s scheme is vulnerable to impersonation attack by which an active adversary can easily forge the server’s identity. Based on this attack, we also show that the Xie’s scheme is also defenseless to off-line password guessing attack. Therefore, we propose a more secure and efficient scheme, which does not only cover all the security flaws and weaknesses of related previous protocols, but also provides more functionalities. We also evaluate the proposed protocol by AVISPA (Automated Validation of Internet Security Protocols and Applications) tools and confirm its security attributes.



Authenticated Key Agreement; Elliptic Curve; Impersonation Attack; Password Guessing Attack; Session Initiation Protocol; AVISPA tools

Full Text: PDF

Print ISSN: 1392-124X 
Online ISSN: 2335-884X