Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol

Jo Heasuk, Lee Yunho, Kim Mijin, Kim Seungjoo, Won Dongho

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Citations (Scopus)

Abstract

The Session Initiation Protocol(SIP) is an application-layer control protocol for creating, modifying, and terminating sessions with one or more participants in the IPbased telephony environment. Yang et al. and Huang et al. proposed a secure authentication scheme for session initiation protocol. Yang's scheme is based on Deffi-Hellman key agreement scheme and a combination of hash functions. In 2006, Huang et al. pointed out that Yang's scheme is insecure, and proposed an improved authentication scheme for SIP. In this paper, the secure of Yang's and Huang's scheme is analyzed. It is demonstrated that both schemes still have some weaknesses: it cannot withstand against the off-line passwordguessing attack. Based on our analysis, we found the security problem with these schemes and, in addition, shows how to fix it.

Original languageEnglish
Title of host publicationNCM 2009 - 5th International Joint Conference on INC, IMS, and IDC
Pages618-621
Number of pages4
DOIs
Publication statusPublished - 2009
Externally publishedYes
EventNCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications - Seoul, Korea, Republic of
Duration: 2009 Aug 252009 Aug 27

Publication series

NameNCM 2009 - 5th International Joint Conference on INC, IMS, and IDC

Other

OtherNCM 2009 - 5th International Joint Conference on Int. Conf. on Networked Computing, Int. Conf. on Advanced Information Management and Service, and Int. Conf. on Digital Content, Multimedia Technology and its Applications
CountryKorea, Republic of
CitySeoul
Period09/8/2509/8/27

Keywords

  • Authentication
  • Key agreement
  • Security
  • Session initiation protocol

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design
  • Computer Science Applications
  • Software

Fingerprint Dive into the research topics of 'Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol'. Together they form a unique fingerprint.

  • Cite this

    Heasuk, J., Yunho, L., Mijin, K., Seungjoo, K., & Dongho, W. (2009). Off-line password-guessing attack to Yang's and Huang's authentication schemes for session initiation protocol. In NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC (pp. 618-621). [5331801] (NCM 2009 - 5th International Joint Conference on INC, IMS, and IDC). https://doi.org/10.1109/NCM.2009.251