Title :
Off-Line Password-Guessing Attack to Yang´s and Huang´s Authentication Schemes for Session Initiation Protocol
Author :
Jo, Heasuk ; Lee, Yunho ; Kim, Mijin ; Kim, Seungjoo ; Won, Dongho
Author_Institution :
Sch. of Inf. & Commun. Eng., Sungkyunkwan Univ., Suwon, South Korea
Abstract :
The session initiation protocol (SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IP-based telephony environment.Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol.Yang´s scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang´s scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang´s and Huang´s scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line password-guessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.
Keywords :
Internet telephony; security of data; signalling protocols; telecommunication security; Deffi-Hellman key agreement; IP telephony; Yang-Huang authentication scheme; application layer control protocol; off-line password guessing attack; session initiation protocol; Access protocols; Authentication; Communication system control; Internet telephony; Network servers; Random number generation; Security; Smart cards; Videoconference; Web server; Authentication; Key agreement; Security; Session initiation protocol;
Conference_Titel :
INC, IMS and IDC, 2009. NCM '09. Fifth International Joint Conference on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-5209-5
Electronic_ISBN :
978-0-7695-3769-6
DOI :
10.1109/NCM.2009.251
