Efficient and flexible password authenticated key agreement for Voice over Internet Protocol session initiation protocol using smart card

Providing a suitable key agreement protocol for session initiation protocol is crucial to protecting the communication among the users over the open channel. This paper presents an efficient and flexible password authenticated key agreement protocol for session initiation protocol associated with Voice over Internet Protocol. The proposed protocol has many unique properties, such as session key agreement, mutual authentication, password updating function and the server not needing to maintain a password or verification table, and so on. In addition, our protocol is secure against the replay attack, the impersonation attack, the stolen-verifier attack, the man-in-the-middle attack, the Denning–Sacco attack, and the offline dictionary attack with or without the smart card

Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications

A suitable key agreement protocol plays an essential role in protecting the communications over open channels among users using Voice over Internet Protocol (VoIP). This paper presents a robust and flexible password authenticated key agreement protocol with user anonymity for Session Initiation Protocol (SIP) used by VoIP communications. Security analysis demonstrates that our protocol enjoys many unique properties, such as user anonymity, no password table, session key agreement, mutual authentication, password updating freely and conveniently revoking lost smartcards etc. Furthermore, our protocol can resist the replay attack, the impersonation attack, the stolen-verifier attack, the man-in-middle attack, the Denning-Sacco attack, and the offline dictionary attack with or without smartcards. Finally, performance analysis shows that our protocol is more suitable for practical application in comparison with other related protocols

An energy efficient authenticated key agreement protocol for SIP-based green VoIP networks

Voice over Internet Protocol (VoIP) is spreading across the market rapidly due to its characteristics such as low cost, flexibility implementation, and versatility of new applications etc. However, the voice packets transmitted over the Internet are not protected in most VoIP environments, and then the user’s information could be easily compromised by various malicious attacks. So an energy-efficient authenticated key agreement protocol for Session Initial Protocol (SIP) should be provided to ensure the confidentiality and integrity of data communications over VoIP networks. To simplify the authentication process, several protocols adopt a verification table to achieve mutual authentication, but the protocols require the SIP server to maintain a large verification table which not only increases energy consumption but also leads to some security issues. Although several attempts have been made to address the intractable problems, designing an energy-efficient authenticated key agreement protocol for SIP-based green VoIP networks is still a challenging task. In this study, we propose an efficient authentication protocol for SIP by using smartcards based on elliptic curve cryptography. With the proposed protocol, the SIP server needs not to store a password or verification table in its database, and so no energy is required for the maintenance of the verification table. Security analysis demonstrates that the proposed protocol can resist various attacks and provides efficient password updating. Furthermore, the experimental results show that the proposed protocol increases efficiency in comparison with other related protocols

Cryptanalysis and improvement of password-authenticated key agreement for session initiation protocol using smart cards

Session Initiation Protocol (SIP) is one of the most commonly used protocols for handling sessions for Voice over Internet Protocol (VoIP)-based communications, and the security of SIP is becoming increasingly important. Recently, Zhang et al. proposed a password authenticated key agreement protocol for SIP by using smart cards to protect the VoIP communications between users. Their protocol provided some unique features, such as mutual authentication, no password table needed, and password updating freely. In this study, we performed cryptanalysis of Zhang et al.'s protocol and found that their protocol was vulnerable to the impersonation attack although the protocol could withstand several other attacks. A malicious attacker could compute other users’ privacy keys and then impersonated the users to cheat the SIP server. Furthermore, we proposed an improved password authentication key agreement protocol for SIP, which overcame the weakness of Zhang et al.’s protocol and was more suitable for VoIP communications

Enterprise network convergence: path to cost optimization

During the past two decades, telecommunications has evolved a great deal. In the eighties, people were using television, radio and telephone as their communication systems. Eventually, the introduction of the Internet and the WWW immensely transformed the telecommunications industry. This internet revolution brought about a huge change in the way businesses communicated and operated. Enterprise networks now had an increasing demand for more bandwidth as they started to embrace newer technologies. The requirements of the enterprise networks grew as the applications and services that were used in the network expanded. This stipulation for fast and high performance communication systems has now led to the emergence of converged network solutions. Enterprises across the globe are investigating new ways to implement voice, video, and data over a single network for various reasons – to optimize network costs, to restructure their communication system, to extend next generation networking abilities, or to bridge the gap between their corporate network and the existing technological progress. To date, organizations had multiple network services to support a range of communication needs. Investing in this type of multiple communication infrastructures limits the networks ability to provide resourceful bandwidth optimization services throughout the system. Thus, as the requirements for the corporate networks to handle dynamic traffic grow day by day, the need for a more effective and efficient network arises. A converged network is the solution for enterprises aspiring to employ advanced applications and innovative services. This thesis will emphasize the importance of converging network infrastructure and prove that it leads to cost savings. It discusses the characteristics, architecture, and relevant protocols of the voice, data and video traffic over both traditional infrastructure and converged architecture. While IP-based networks present excellent quality for non real-time data networking, the network by itself is not capable of providing reliable, quality and secure services for real-time traffic. In order for IP networks to perform reliable and timely transmission of real-time data, additional mechanisms to reduce delay, jitter and packet loss are required. Therefore, this thesis will also discuss the important mechanisms for running real-time traffic like voice and video over an IP network. Lastly, it will also provide an example of an enterprise network specifications (voice, video and data), and present an in depth cost analysis of a typical network vs. a converged network to prove that converged infrastructures provide significant savings

A lightweight privacy preserving authenticated key agreement protocol for SIP-based VoIP

Session Initiation Protocol (SIP) is an essential part of most Voice over Internet Protocol (VoIP) architecture. Although SIP provides attractive features, it is exposed to various security threats, and so an efficient and secure authentication scheme is sought to enhance the security of SIP. Several attempts have been made to address the tradeoff problem between security and efficiency, but designing a successful authenticated key agreement protocol for SIP is still a challenging task from the viewpoint of both performance and security, because performance and security as two critical factors affecting SIP applications always seem contradictory. In this study, we employ biometrics to design a lightweight privacy preserving authentication protocol for SIP based on symmetric encryption, achieving a delicate balance between performance and security. In addition, the proposed authentication protocol can fully protect the privacy of biometric characteristics and data identity, which has not been considered in previous work. The completeness of the proposed protocol is demonstrated by Gong, Needham, and Yahalom (GNY) logic. Performance analysis shows that our proposed protocol increases efficiency significantly in comparison with other related protocols

A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

Using decoys to block SPIT in the IMS

Includes bibliographical references (leaves 106-111)In recent years, studies have shown that 80-85% of e-mails sent were spam. Another form of spam that has just surfaced is VoIP (Voice over Internet Telephony) spam. Currently, VoIP has seen an increasing numbers of users due to the cheap rates. With the introduction of the IMS (IP Multimedia Subsystem), the number of VoIP users are expected to increase dramatically. This calls for a cause of concern, as the tools and methods that have been used for blocking email spam may not be suitable for real-time voice calls. In addition, VoIP phones will have URI type addresses, so the same methods that were used to generate automated e-mail spam messages can be employed for unsolicited voice calls. Spammers will always be present to take advantage of and adapt to trends in communication technology. Therefore, it is important that IMS have structures in place to alleviate the problems of spam. Recent solutions proposed to block SPIT (Spam over Internet Telephony) have the following shortcomings: restricting the users to trusted senders, causing delays in voice call set-up, reducing the efficiency of the system by increasing burden on proxies which have to do some form of bayesian or statistical filtering, and requiring dramatic changes in the protocols being used. The proposed decoying system for the IMS fits well with the existing protocol structure, and customers are oblivious of its operation