Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol

Jo Heasuk, Lee Yunho, Kim Mijin, Seung-Joo Kim, Won Dongho

Research output: Chapter in Book/Report/Conference proceedingConference contribution

26 Citations (Scopus)

Abstract

The Session Initiation Protocol(SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IPbased telephony environment. Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol. Yang's scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang's scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang's and Huang's scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line passwordguessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.

Original languageEnglish
Title of host publicationNCM 2009 - 5th International Joint Conference on INC, IMS, and IDC
Pages618-621
Number of pages4
DOIs
Publication statusPublished - 2009 Dec 1
Externally publishedYes
EventNCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications - Seoul, Korea, Republic of
Duration: 2009 Aug 252009 Aug 27

Other

OtherNCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications
CountryKorea, Republic of
CitySeoul
Period09/8/2509/8/27

Fingerprint

Authentication
Hash functions

Keywords

  • Authentication
  • Key agreement
  • Security
  • Session initiation protocol

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design
  • Computer Science Applications
  • Software

Cite this

Heasuk, J., Yunho, L., Mijin, K., Kim, S-J., & Dongho, W. (2009). Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol. In NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC (pp. 618-621). [5331801] https://doi.org/10.1109/NCM.2009.251

Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol. / Heasuk, Jo; Yunho, Lee; Mijin, Kim; Kim, Seung-Joo; Dongho, Won.

NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC. 2009. p. 618-621 5331801.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Heasuk, J, Yunho, L, Mijin, K, Kim, S-J & Dongho, W 2009, Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol. in NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC., 5331801, pp. 618-621, NCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications, Seoul, Korea, Republic of, 09/8/25. https://doi.org/10.1109/NCM.2009.251
Heasuk J, Yunho L, Mijin K, Kim S-J, Dongho W. Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol. In NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC. 2009. p. 618-621. 5331801 https://doi.org/10.1109/NCM.2009.251
Heasuk, Jo ; Yunho, Lee ; Mijin, Kim ; Kim, Seung-Joo ; Dongho, Won. / Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol. NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC. 2009. pp. 618-621
@inproceedings{bfd8ba68d6644a13aca73fd36b454dbe,
title = "Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol",
abstract = "The Session Initiation Protocol(SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IPbased telephony environment. Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol. Yang's scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang's scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang's and Huang's scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line passwordguessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.",
keywords = "Authentication, Key agreement, Security, Session initiation protocol",
author = "Jo Heasuk and Lee Yunho and Kim Mijin and Seung-Joo Kim and Won Dongho",
year = "2009",
month = "12",
day = "1",
doi = "10.1109/NCM.2009.251",
language = "English",
isbn = "9780769537696",
pages = "618--621",
booktitle = "NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC",

}

TY - GEN

T1 - Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol

AU - Heasuk, Jo

AU - Yunho, Lee

AU - Mijin, Kim

AU - Kim, Seung-Joo

AU - Dongho, Won

PY - 2009/12/1

Y1 - 2009/12/1

N2 - The Session Initiation Protocol(SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IPbased telephony environment. Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol. Yang's scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang's scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang's and Huang's scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line passwordguessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.

AB - The Session Initiation Protocol(SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IPbased telephony environment. Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol. Yang's scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang's scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang's and Huang's scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line passwordguessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.

KW - Authentication

KW - Key agreement

KW - Security

KW - Session initiation protocol

UR - http://www.scopus.com/inward/record.url?scp=73549097525&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=73549097525&partnerID=8YFLogxK

U2 - 10.1109/NCM.2009.251

DO - 10.1109/NCM.2009.251

M3 - Conference contribution

SN - 9780769537696

SP - 618

EP - 621

BT - NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

ER -