An anonymous and untraceable password‐based authentication scheme for session initiation protocol using smart cards |
| |
| Authors: | Mohammad Sabzinejad Farash Mahmoud Ahmadian Attari |
| |
| Affiliation: | 1. Faculty of Mathematical Sciences and Computer, Kharazmi University, Tehran, Iran;2. Faculty of Electrical and Computer Engineering, K.N. Toosi University of Technology, Tehran, Iran |
| |
| Abstract: | Recently, Zhang et al. proposed a password‐based authenticated key agreement for session initiation protocol (Int J Commun Syst 2013, doi:10.1002/dac.2499). They claimed that their protocol is secure against known security attacks. However, in this paper, we indicate that the protocol by Zhang et al. is vulnerable to impersonation attack whereby an active adversary without knowing the user's password is able to introduce himself/herself as the user. In addition, we show that the protocol by Zhang et al. suffers from password changing attack. To overcome the weaknesses, we propose an improved authentication scheme for session initiation protocol. The rigorous analysis shows that our scheme achieves more security than the scheme by Zhang et al. Copyright © 2014 John Wiley & Sons, Ltd. |
| |
| Keywords: | password‐based protocol voice over internet protocol session initiation protocol smart card |
|
|
