The authenticated key agreement protocol is an important security protocol for the session initiation protocol, which allows the and the server to authenticate each other and generate a shared session key for privacy, integrity, and non-repudiation in their communications. Recently, Zhang et al. proposed a new authenticated key agreement protocol for the session initiation protocol using smart card and claimed their protocol was secure against various attacks. However, we found that Zhang et al.'s protocol cannot withstand the user impersonation attack, i. e., a malicious user could impersonate any other user to the server. We also propose a new authenticated key agreement protocol using smart card for SIP which is immune to the presented attack. Besides, the proposed protocol also has better performance than Zhang et al.'s protocol.

• 出版日期2013
• 单位北京理工大学