An anonymous and untraceable password‐based authentication scheme for session initiation protocol using smart cards

Farash, Mohammad Sabzinejad; Attari, Mahmoud Ahmadian

doi:10.1002/dac.2848

Cited by 30 publications

(19 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The ECC security has been proved to be more efficient cryptographic scheme as compared to earlier conventional techniques like RSA, DH and DSA [12][13][14][15][16][17][18][19][20][21]. This technique provides an equivalent level of security with much less key sizes.…”

Section: Elliptic Curve Cryptographymentioning

confidence: 94%

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Chaudhry

Farash

Naqvi

et al. 2015

Electron Commer Res

Self Cite

View full text Add to dashboard Cite

The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient. Contrarily, there are a number of security issues to be addressed, user anonymity and fair exchange have become important concerns along with authentication, confidentiality, integrity and non-repudiation. In a number of existing e-payment schemes, the customer pays for the product before acquiring it. Furthermore, many such schemes require very high computation and communication costs. To address such issues recently Yang et al. proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption. They excluded the need of digital signatures for authentication. Further they claimed their schemes to resist replay, man-in-middle, impersonation and identity theft attack while providing confidentiality, authenticity, integrity and privacy protection. However our analysis exposed that Yang et al.'s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An adversary just having knowledge of public parameters can easily masquerade as a legal user. Furthermore, we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.'s schemes. We prove the security of our schemes using automated tool ProVerif. The & Mohammad Sabzinejad Farash improved schemes are more robust and more lightweight than Yang et al.'s schemes which is evident from security and performance analysis.

show abstract

Section: Elliptic Curve Cryptographymentioning

confidence: 94%

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Chaudhry

Farash

Naqvi

et al. 2015

Electron Commer Res

Self Cite

View full text Add to dashboard Cite

show abstract

“…According to step A3 of the proposed scheme, the legitimate server will successfully be authenticated if Equation (15) holds. This equation holds, becauseW D W 0 and SK D SK 0 .…”

Section: Proofmentioning

confidence: 99%

An improved password‐based authentication scheme for session initiation protocol using smart cards without verification table

Farash

2014

Int J Communication

View full text Add to dashboard Cite

Authentication schemes have been widely deployed access control and mobility management in various communication networks. Especially, the schemes that are based on multifactor authentication such as on password and smart card come to be more practical. One of the standard authentication schemes that have been widely used for secure communication over the Internet is session initiation protocol (SIP). The original authentication scheme proposed for SIP was vulnerable to some crucial security weaknesses. To overcome the security problems, various improved authentication schemes have been developed, especially based on elliptic curve cryptography (ECC). Very recently, Zhang et al. proposed an improved authentication scheme for SIP based on ECC using smart cards to overcome the security flaws of the related protocols. Zhang et al. claimed that their protocol is secure against all known security attacks. However, this paper indicates that Zhang et al. protocol is still insecure against impersonation attack. We show that an active attacker can easily masquerade as a legal server to fool users. As a remedy, we also improve Zhang et al. protocol by imposing a little extra computation cost.

show abstract

“…Although various cryptography based schemes are proposed [8,9,10], key updating in VoIP is still an unsolved issue. In order to achieve frequent key updating for VoIP from both security and performance viewpoint, we propose a novel key updating scheme based on steganography and cryptography.…”

Section: Introductionmentioning

confidence: 99%

Dynamic key updating with voice quality preserving for Voice over Internet Protocol based on steganography

Zhang¹,

Tang²,

Jiang

2017

Proceedings of the 3rd International Conference on Wireless Communication and Sensor Networks (WCSN 2016)

View full text Add to dashboard Cite

Abstract-Voice over Internet Protocol (VoIP) achieves cheap cost and provides flexible features by delivering voice packet over Internet Protocol. Compared with conventional publicswitched telephone network, transmitting voice packets over public channel has to face more challenges due to the security threats and quality loss. To protect the voice packets transmitted over unsecured Internet, a shared key should be updated during a VoIP call. On the other hand, VoIP is more sensitive to transmission latency, so the flooding message traffic from key updating may cause the degradation of speech quality. This paper presents a dynamic key updating scheme without affecting the quality of VoIP calls. Unlike previous works, steganography technology is employed with encryption to provide protection of transmitted information in an unsecure channel. Moreover, in the proposed scheme, the quality of the VoIP call is preserved by adopting steganography technology to avoid the flooding message traffic. The security analysis demonstrates that the proposed scheme achieves the secure dynamic key updating without sacrificing the quality of VoIP calls.

show abstract

An anonymous and untraceable password‐based authentication scheme for session initiation protocol using smart cards

Cited by 30 publications

References 44 publications

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

An improved password‐based authentication scheme for session initiation protocol using smart cards without verification table

Dynamic key updating with voice quality preserving for Voice over Internet Protocol based on steganography

Contact Info

Product

Resources

About