What is it about?
The SIP (Session Initiation Protocol) is an application and presentation layer signaling protocol used for initiating, continuing and terminating multimedia session for the end user. It gains much attention of the researchers because it is exposed to several threats and noticed challenging vulnerabilities from time to time. Consequently, the security of SIP is a crucial task and many efforts have been made by different researchers and tried to divert the attention towards its solution. But still, no one claims with conviction about a foolproof secure mechanism for SIP. As users extensively use SIP services, the mutual authentication and key agreement among the participants is an important issue. So, robust authentication and key agreement scheme are mandatory for enhancing security, legitimacy and better complexities. Therefore, we present an improved three-factor authentication scheme that caters all the weakness and known attacks in Mishra et al. scheme. The proposed scheme not only guarantees for security but performance can also be made lightweight. As performance and security contradict each other, the change in one inversely affects the other. The proposed scheme has been analyzed both formally using BAN logic and ProVerif1.93 software verification toolkit, and informally using assumptions which show a delicate balance of security with performance.
Featured Image
Photo by Sharon McCutcheon on Unsplash
Why is it important?
1. We present a feasible and secure SIP-based-VoIP system. A SIP callee using VoIP key agreements scheme to secure voice packets. 2. Legitimate users can avail our SIP services and associated resources; we propose an efficient and secure authentication mechanism in SIP registration process. 3. A lightweight authentication scheme with provable security analysis is presented in this paper which shows a gentle balance between security and performance. 4. The proposed scheme has the ability to resists all know attacks. This is verified in the informal security analysis section of the paper. 5. SIP background and cryptographic primitives have presented for the very beginners in this work which shows the importance of SIP using VoIP.
Perspectives
As SIP expose to several attacks and catch much attention of the researchers for making it secures, yet no one claim with conviction about a foolproof secure SIP-Based-VoIP authentication protocol. Common threats of SIP are as under: (a) Sybil Attack: A type of attack that controls part of the overlay network. (b) Partition attack: The bootstrap provides false information to the legal peers and prohibited the normal initialization of the session. (c) Eavesdropping: A third party shows as legal peer to the joining peers, or record the session of one peer, later on, show as legal peer to the other peer. (d) Eclipse Attack: The third party control and hijack the overall session of legal peers. (e) Impersonation: The third party change, temper and misroute the session transmission of data of legal peers. (f) DOS (Denial of Service) Attack: An attacker may bombard the server with many false requests that would affect its routine operations or hanged the associated peripherals. (g) Replay Attack: If an attacker sends an older message and struggle by changing the new message for disturbing the communication session of legal peers. (h) Spam (Special Processed American Meat): Here exists a chance of ringing false tone on android where many applications use SIP; like Skype, IMO, Viber, Google voice and WhatsApp etc.
Mr Saeed Ullah Jan
University of Malakand
Read the Original
This page is a summary of: SIP Issues and Challenges – A Scalable Three Factor Authentication Scheme, Mehran University Research Journal of Engineering and Technology, April 2020, Mehran University of Engineering and Technology,
DOI: 10.22581/muet1982.2002.07.
You can read the full text:
Resources
Contributors
The following have contributed to this page
