An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards
نویسندگان
چکیده
Recently, Zhang et al. proposed a password-based authenticated key agreement for session initiation protocol (Int J Commun Syst 2013, doi:10.1002/dac.2499). They claimed that their protocol is secure against known security attacks. However, in this paper, we indicate that the protocol by Zhang et al. is vulnerable to impersonation attack whereby an active adversary without knowing the user’s password is able to introduce himself/herself as the user. In addition, we show that the protocol by Zhang et al. suffers from password changing attack. To overcome the weaknesses, we propose an improved authentication scheme for session initiation protocol. The rigorous analysis shows that our scheme achieves more security than the scheme by Zhang et al. Copyright © 2014 John Wiley & Sons, Ltd.
منابع مشابه
An Improved Remote User Password Authentication Scheme Using Smart Card with Session Key Agreement
Remote user authentication is a mechanism, in which the remote server verifies the legitimacy of a user over an insecure communication. Password authentication based on smart cards is one of the simplest and most efficient authentication methods and is a commonly deployed to authenticate the legitimacy of remote users. Based on cryptographic techniques, several password authentication schemes h...
متن کاملSecurity Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics
An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server env...
متن کاملBiometrics based authentication scheme for session initiation protocol
Many two-factor challenge-response based session initiation protocol (SIP) has been proposed, but most of them are vulnerable to smart card stolen attacks and password guessing attacks. In this paper, we propose a novel three-factor SIP authentication scheme using biometrics, password and smart card, and utilize the pi calculus-based formal verification tool ProVerif to prove that the proposed ...
متن کاملAn enhanced password authentication scheme for session initiation protocol with perfect forward secrecy
The Session Initiation Protocol (SIP) is an extensive and esteemed communication protocol employed to regulate signaling as well as for controlling multimedia communication sessions. Recently, Kumari et al. proposed an improved smart card based authentication scheme for SIP based on Farash's scheme. Farash claimed that his protocol is resistant against various known attacks. But, we observe som...
متن کاملA Novel Untraceable Authentication Scheme for Mobile Roaming in GLOMONET
In global mobile network, it is required to authenticate mobile users, provide secure communication channel between a user and a foreign agent using session key, and guarantee users’ anonymity and untraceability. In order to improve the security of mobile roaming service, twofactor authentication which employs smart card and password was introduced to global mobile network. In 2014, Kuo et al. ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Int. J. Communication Systems
دوره 29 شماره
صفحات -
تاریخ انتشار 2016