Efficient and flexible password authenticated key agreement for Voice over Internet Protocol session initiation protocol using smart card

Providing a suitable key agreement protocol for session initiation protocol is crucial to protecting the communication among the users over the open channel. This paper presents an efficient and flexible password authenticated key agreement protocol for session initiation protocol associated with Voice over Internet Protocol. The proposed protocol has many unique properties, such as session key agreement, mutual authentication, password updating function and the server not needing to maintain a password or verification table, and so on. In addition, our protocol is secure against the replay attack, the impersonation attack, the stolen-verifier attack, the man-in-the-middle attack, the Denning–Sacco attack, and the offline dictionary attack with or without the smart card

Authentic-caller : self-enforcing authentication in a next generation network

The Internet of Things (IoT) or the Cyber-Physical System (CPS) is the network of connected devices, things and people which collect and exchange information using the emerging telecommunication networks (4G, 5G IP-based LTE). These emerging telecommunication networks can also be used to transfer critical information between the source and destination, informing the control system about the outage in the electrical grid, or providing information about the emergency at the national express highway. This sensitive information requires authorization and authentication of source and destination involved in the communication. To protect the network from unauthorized access and to provide authentication, the telecommunication operators have to adopt the mechanism for seamless verification and authorization of parties involved in the communication. Currently, the next-generation telecommunication networks use a digest-based authentication mechanism, where the call-processing engine of the telecommunication operator initiates the challenge to the request-initiating client or caller, which is being solved by the client to prove his credentials. However, the digest-based authentication mechanisms are vulnerable to many forms of known attacks e.g., the Man-In-The-Middle (MITM) attack and the password guessing attack. Furthermore, the digest-based systems require extensive processing overheads. Several Public-Key Infrastructure (PKI) based and identity-based schemes have been proposed for the authentication and key agreements. However, these schemes generally require smart-card to hold long-term private keys and authentication credentials. In this paper, we propose a novel self-enforcing authentication protocol for the SIPbased next-generation network based on a low-entropy shared password without relying on any PKI or trusted third party system. The proposed system shows effective resistance against various attacks e.g., MITM, replay attack, password guessing attack, etc. We a..

An energy efficient authenticated key agreement protocol for SIP-based green VoIP networks

Voice over Internet Protocol (VoIP) is spreading across the market rapidly due to its characteristics such as low cost, flexibility implementation, and versatility of new applications etc. However, the voice packets transmitted over the Internet are not protected in most VoIP environments, and then the user’s information could be easily compromised by various malicious attacks. So an energy-efficient authenticated key agreement protocol for Session Initial Protocol (SIP) should be provided to ensure the confidentiality and integrity of data communications over VoIP networks. To simplify the authentication process, several protocols adopt a verification table to achieve mutual authentication, but the protocols require the SIP server to maintain a large verification table which not only increases energy consumption but also leads to some security issues. Although several attempts have been made to address the intractable problems, designing an energy-efficient authenticated key agreement protocol for SIP-based green VoIP networks is still a challenging task. In this study, we propose an efficient authentication protocol for SIP by using smartcards based on elliptic curve cryptography. With the proposed protocol, the SIP server needs not to store a password or verification table in its database, and so no energy is required for the maintenance of the verification table. Security analysis demonstrates that the proposed protocol can resist various attacks and provides efficient password updating. Furthermore, the experimental results show that the proposed protocol increases efficiency in comparison with other related protocols

Secure Communication Using Electronic Identity Cards for Voice over IP Communication, Home Energy Management, and eMobility

Using communication services is a common part of everyday life in a personal or business context. Communication services include Internet services like voice services, chat service, and web 2.0 technologies (wikis, blogs, etc), but other usage areas like home energy management and eMobility are will be increasingly tackled. Such communication services typically authenticate participants. For this identities of some kind are used to identify the communication peer to the user of a service or to the service itself. Calling line identification used in the Session Initiation Protocol (SIP) used for Voice over IP (VoIP) is just one example. Authentication and identification of eCar users for accounting during charging of the eCar is another example. Also, further mechanisms rely on identities, e.g., whitelists defining allowed communication peers. Trusted identities prevent identity spoofing, hence are a basic building block for the protection of communication. However, providing trusted identities in a practical way is still a difficult problem and too often application specific identities are used, making identity handling a hassle. Nowadays, many countries introduced electronic identity cards, e.g., the German "Elektronischer Personalausweis" (ePA). As many German citizens will possess an ePA soon, it can be used as security token to provide trusted identities. Especially new usage areas (like eMobility) should from the start be based on the ubiquitous availability of trusted identities. This paper describes how identity cards can be integrated within three domains: home energy management, vehicle-2-grid communication, and SIP-based voice over IP telephony. In all three domains, identity cards are used to reliably identify users and authenticate participants. As an example for an electronic identity card, this paper focuses on the German ePA

On Security Analysis of Recent Password Authentication and Key Agreement Schemes Based on Elliptic Curve Cryptography

Secure and efficient mutual authentication and key agreement schemes form the basis for any robust network communication system. Elliptic Curve Cryptography (ECC) has emerged as one of the most successful Public Key Cryptosystem that efficiently meets all the security challenges. Comparison of ECC with other Public Key Cryptosystems (RSA, Rabin, ElGamal) shows that it provides equal level of security for a far smaller bit size, thereby substantially reducing the processing overhead. This makes it suitable for constrained environments like wireless networks and mobile devices as well as for security sensitive applications like electronic banking, financial transactions and smart grids. With the successful implementation of ECC in security applications (e-passports, e-IDs, embedded systems), it is getting widely commercialized. ECC is simple and faster and is therefore emerging as an attractive alternative for providing security in lightweight device, which contributes to its popularity in the present scenario. In this paper, we have analyzed some of the recent password based authentication and key agreement schemes using ECC for various environments. Furthermore, we have carried out security, functionality and performance comparisons of these schemes and found that they are unable to satisfy their claimed security goals

An anonymous authentication and key establish scheme for smart grid: FAuth

The smart meters in electricity grids enable fine-grained consumption monitoring. Thus, suppliers could adjust their tariffs. However, as smart meters are deployed within the smart grid field, authentication and key establishment between smart grid parties (smart meters, aggregators, and servers) become an urgency. Besides, as privacy is becoming a big concern for smart meters, smart grid parties are reluctant to leak their real identities during the authentication phase. In this paper, we analyze the recent authentication schemes in smart grids and other applied fields, and propose an anonymous authentication and key establishment scheme between smart grid parties: FAuth. The proposed scheme is based on bilinear maps and the computational Diffie–Hellman problem. We changed the way the smart meter parties registered at Key Generation Center, making the proposed scheme robust against various potential attacks that could be launched by the Key Generation Center, as the scheme could avoid the private key of the smart meter parties from leaking to the Key Generation Center. Besides, the proposed scheme reduced the computational load, both at the smart meter side and at the aggregator side, which make it perfectly suitable for computation-constrained devices. Security proof results show the proposed scheme is secure under the BAN logic and random oracle model

A proof-of-proximity framework for device pairing in ubiquitous computing environments

Ad hoc interactions between devices over wireless networks in ubiquitous computing environments present a security problem: the generation of shared secrets to initialize secure communication over a medium that is inherently vulnerable to various attacks. However, these ad hoc scenarios also offer the potential for physical security of spaces and the use of protocols in which users must visibly demonstrate their presence and/or involvement to generate an association. As a consequence, recently secure device pairing has had significant attention from a wide community of academic as well as industrial researchers and a plethora of schemes and protocols have been proposed, which use various forms of out-of-band exchange to form an association between two unassociated devices. These protocols and schemes have different strengths and weaknesses – often in hardware requirements, strength against various attacks or usability in particular scenarios. From ordinary user‟s point of view, the problem then becomes which to choose or which is the best possible scheme in a particular scenario. We advocate that in a world of modern heterogeneous devices and requirements, there is a need for mechanisms that allow automated selection of the best protocols without requiring the user to have an in-depth knowledge of the minutiae of the underlying technologies. Towards this, the main argument forming the basis of this dissertation is that the integration of a discovery mechanism and several pairing schemes into a single system is more efficient from a usability point of view as well as security point of view in terms of dynamic choice of pairing schemes. In pursuit of this, we have proposed a generic system for secure device pairing by demonstration of physical proximity. Our main contribution is the design and prototype implementation of Proof-of-Proximity framework along with a novel Co- Location protocol. Other contributions include a detailed analysis of existing device pairing schemes, a simple device discovery mechanism, a protocol selection mechanism that is used to find out the best possible scheme to demonstrate the physical proximity of the devices according to the scenario, and a usability study of eight pairing schemes and the proposed system