Cryptanalysis of two mutual authentication protocols for low-cost RFID

Radio Frequency Identification (RFID) is appearing as a favorite technology for automated identification, which can be widely applied to many applications such as e-passport, supply chain management and ticketing. However, researchers have found many security and privacy problems along RFID technology. In recent years, many researchers are interested in RFID authentication protocols and their security flaws. In this paper, we analyze two of the newest RFID authentication protocols which proposed by Fu et al. and Li et al. from several security viewpoints. We present different attacks such as desynchronization attack and privacy analysis over these protocols.Comment: 17 pages, 2 figures, 1 table, International Journal of Distributed and Parallel system

Session Initiation Protocol Attacks and Challenges

In recent years, Session Initiation Protocol (SIP) has become widely used in current internet protocols. It is a text-based protocol much like Hyper Text Transport Protocol (HTTP) and Simple Mail Transport Protocol (SMTP). SIP is a strong enough signaling protocol on the internet for establishing, maintaining, and terminating session. In this paper the areas of security and attacks in SIP are discussed. We consider attacks from diverse related perspectives. The authentication schemes are compared, the representative existing solutions are highlighted, and several remaining research challenges are identified. Finally, the taxonomy of SIP threat will be presented

Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards

Session Initiation Protocol (SIP) is one of the most commonly used protocols for handling sessions for Voice over Internet Protocol (VoIP)-based communications, and the security of SIP is becoming increasingly important. Recently, Zhang et al. proposed a password authenticated key agreement protocol for SIP by using smart cards to protect the VoIP communications between users. Their protocol provided some unique features, such as mutual authentication, no password table needed, and password updating freely. In this study, we performed cryptanalysis of Zhang et al.'s protocol and found that their protocol was vulnerable to the impersonation attack although the protocol could withstand several other attacks. A malicious attacker could compute other users’ privacy keys and then impersonated the users to cheat the SIP server. Furthermore, we proposed an improved password authentication key agreement protocol for SIP, which overcame the weakness of Zhang et al.’s protocol and was more suitable for VoIP communications

Authentic-caller : self-enforcing authentication in a next generation network

The Internet of Things (IoT) or the Cyber-Physical System (CPS) is the network of connected devices, things and people which collect and exchange information using the emerging telecommunication networks (4G, 5G IP-based LTE). These emerging telecommunication networks can also be used to transfer critical information between the source and destination, informing the control system about the outage in the electrical grid, or providing information about the emergency at the national express highway. This sensitive information requires authorization and authentication of source and destination involved in the communication. To protect the network from unauthorized access and to provide authentication, the telecommunication operators have to adopt the mechanism for seamless verification and authorization of parties involved in the communication. Currently, the next-generation telecommunication networks use a digest-based authentication mechanism, where the call-processing engine of the telecommunication operator initiates the challenge to the request-initiating client or caller, which is being solved by the client to prove his credentials. However, the digest-based authentication mechanisms are vulnerable to many forms of known attacks e.g., the Man-In-The-Middle (MITM) attack and the password guessing attack. Furthermore, the digest-based systems require extensive processing overheads. Several Public-Key Infrastructure (PKI) based and identity-based schemes have been proposed for the authentication and key agreements. However, these schemes generally require smart-card to hold long-term private keys and authentication credentials. In this paper, we propose a novel self-enforcing authentication protocol for the SIPbased next-generation network based on a low-entropy shared password without relying on any PKI or trusted third party system. The proposed system shows effective resistance against various attacks e.g., MITM, replay attack, password guessing attack, etc. We a..

Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications

A suitable key agreement protocol plays an essential role in protecting the communications over open channels among users using Voice over Internet Protocol (VoIP). This paper presents a robust and flexible password authenticated key agreement protocol with user anonymity for Session Initiation Protocol (SIP) used by VoIP communications. Security analysis demonstrates that our protocol enjoys many unique properties, such as user anonymity, no password table, session key agreement, mutual authentication, password updating freely and conveniently revoking lost smartcards etc. Furthermore, our protocol can resist the replay attack, the impersonation attack, the stolen-verifier attack, the man-in-middle attack, the Denning-Sacco attack, and the offline dictionary attack with or without smartcards. Finally, performance analysis shows that our protocol is more suitable for practical application in comparison with other related protocols