A provably secure anonymous authentication scheme for Session Initiation Protocol

Chaudhry, Shehzad Ashraf; Khan, Imran; Irshad, Azeem; Ashraf, Muhammad Usman; Khan, Muhammad Khurram; Ahmad, Hafiz Farooq

doi:10.1002/sec.1672

Cited by 22 publications

(39 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We now point out that the protocol of Chaudhry et al is vulnerable to privileged insider attack and lacks password update phase. In the following attacks, we assume that a malicious adversary

scriptA

has completed capable of controlling the public insecure channel.…”

Section: Cryptanalysis Of the Scheme Of Chaudhry Et Almentioning

confidence: 94%

“…Thus, when an adversary

scriptA

is a privileged insider malicious member,

scriptA

can impersonate the legal user to the server. Accordingly, the scheme of Chaudhry et al does not withdrawn privileged inside adversary attack.…”

Section: Cryptanalysis Of the Scheme Of Chaudhry Et Almentioning

confidence: 99%

“…The authors demonstrated that their scheme is vulnerable to many known attacks including those attacks found in the scheme of Zhang et al . Unfortunately, Chaudhry et al proved that the protocol of Lu et al is vulnerable to phony attacks. Meanwhile, Kumari et al also pointed out that the protocol of Lu et al does not resist identity guessing attack and forgery attack.…”

Section: Introductionmentioning

confidence: 99%

“…Meanwhile, Kumari et al also pointed out that the protocol of Lu et al does not resist identity guessing attack and forgery attack. Unfortunately, we suspect that the protocols of Chaudhry et al and Kumari et al have some potential security vulnerabilities. We find that schemes of Chaudhry et al and Kumari et al used the timestamps to resist replay attack, as we know that authentication protocols with timestamp must consider the difficult problem of clock synchronization.…”

Section: Introductionmentioning

confidence: 99%

“…Unfortunately, we suspect that the protocols of Chaudhry et al and Kumari et al have some potential security vulnerabilities. We find that schemes of Chaudhry et al and Kumari et al used the timestamps to resist replay attack, as we know that authentication protocols with timestamp must consider the difficult problem of clock synchronization. Thus, those schemes with timestamps may be not suitable for application in some actual scenes.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Cryptanalysis and improvement of 2 mutual authentication schemes for Session Initiation Protocol

Qiu

Guo

et al. 2018

Int J Communication

View full text Add to dashboard Cite

Summary Recently, Chaudhry et al and Kumari et al proposed an advanced mutual authentication protocol for Session Initiation Protocol on the basis of the protocol of Lu et al. The authors claimed that their schemes can be resistant to various attacks. Unfortunately, we observe some important flaws in their respective schemes. We point out that their schemes are prone to off‐line password guessing and privileged insider attacks. To remedy their protocols's drawbacks, in this paper, we present a new improved authentication scheme keeping apart the threats encountered in the design of the schemes of Chaudhry et al and Kumari et al. Furthermore, the security analysis illustrates that our proposed scheme not only removes these drawbacks in their schemes but also can resist all known attacks and provide session key security. We give a heuristic security analysis and also provide the security analysis of the proposed scheme with the help of widespread Burrows‐Abadi‐Needham Logic. Finally, our scheme is compared with the previously proposed schemes on security and performance.

show abstract

“…We now point out that the protocol of Chaudhry et al is vulnerable to privileged insider attack and lacks password update phase. In the following attacks, we assume that a malicious adversary

scriptA

has completed capable of controlling the public insecure channel.…”

Section: Cryptanalysis Of the Scheme Of Chaudhry Et Almentioning

confidence: 94%

“…Thus, when an adversary

scriptA

is a privileged insider malicious member,

scriptA

can impersonate the legal user to the server. Accordingly, the scheme of Chaudhry et al does not withdrawn privileged inside adversary attack.…”

Section: Cryptanalysis Of the Scheme Of Chaudhry Et Almentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Cryptanalysis and improvement of 2 mutual authentication schemes for Session Initiation Protocol

Qiu

Guo

et al. 2018

Int J Communication

View full text Add to dashboard Cite

show abstract

Cryptanalysis of IoT-Based Authentication Protocol Scheme

Doshi

2021

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Perfect forward secrecy in VoIP networks through design a lightweight and secure authenticated communication scheme

Ravanbakhsh

Mohammadi

Nikooghadam

2018

Multimed Tools Appl

View full text Add to dashboard Cite

In this research, we have tried to first focus on the previous work and after getting familiar with the base papers, focus on the main paper. In this paper, we try to determine the security problems in the proposed protocols and present appropriate solutions for them. One of the subjects studied by security and encryption researchers is the matter of authentication and key agreement in SIP. Recently, an authentication and key agreement protocol in SIP has been presented in a scheme. In this paper, it was proven that their presented protocol is vulnerable to the replay attack. Such that if an attacker resends the messages sent on the public channel back to the server, the server does not notice the duplicate messages and proceeds with the session process. Also, their protocol is not resistant to the temporary parameter disclosure attack and it is possible for the attacker to discover the session key in case the temporary parameters are disclosed. Furthermore, user anonymity does neither provide re-registration prevention with the real user ID nor early detection. In this paper, we have tried to present a protocol which prevents replay and parameter disclosure attacks.

show abstract

A provably secure anonymous authentication scheme for Session Initiation Protocol

Cited by 22 publications

References 38 publications

Cryptanalysis and improvement of 2 mutual authentication schemes for Session Initiation Protocol

Cryptanalysis and improvement of 2 mutual authentication schemes for Session Initiation Protocol

Cryptanalysis of IoT-Based Authentication Protocol Scheme

Perfect forward secrecy in VoIP networks through design a lightweight and secure authenticated communication scheme

Contact Info

Product

Resources

About